HTTP headers and query string parameters for XML API

The Cloud Storage XML API uses several standard HTTP headers as well as several extension (custom) HTTP headers. Several of the HTTP methods also support query string parameters. The headers and parameters are described below.

HTTP headers and query string parameters summary

The XML API uses the following standard HTTP headers:

Request Response Both
Authorization
Content-MD5
Host
If-Match
If-Modified-Since
If-None-Match
If-Unmodified-Since 		ETag
Last-Modified
Location 		Cache-Control
Content-Disposition
Content-Encoding
Content-Language
Content-Length
Content-Range
Content-Type
Date
Range
Transfer-Encoding

The XML API uses the following extension (custom) HTTP headers:

Request Response Both
x-amz-decoded-content-length
x-goog-acl
x-goog-allowed-resources
x-goog-api-version
x-goog-bucket-object-lock-enabled
x-goog-bucket-retention-period
x-goog-bypass-governance-retention
x-goog-content-length-range
x-goog-content-sha256
x-goog-copy-source
x-goog-copy-source-generation
x-goog-copy-source-if-generation-match
x-goog-copy-source-if-match
x-goog-copy-source-if-metageneration-match
x-goog-copy-source-if-modified-since
x-goog-copy-source-if-none-match
x-goog-copy-source-if-unmodified-since
x-goog-custom-audit-KEY
x-goog-date
x-goog-encryption-key
x-goog-encryption-kms-key-name
x-goog-if-generation-match
x-goog-if-metageneration-match
x-goog-interop-list-objects-format
x-goog-metadata-directive
x-goog-project-id
x-goog-resumable
x-goog-user-project 		x-goog-component-count
x-goog-expiration
x-goog-generation
x-goog-metageneration
x-goog-stored-content-encoding
x-goog-stored-content-length
x-guploader-uploadid 		x-goog-custom-time
x-goog-encryption-algorithm
x-goog-encryption-key-sha256
x-goog-hash
x-goog-meta-KEY
x-goog-object-lock-mode
x-goog-object-lock-retain-until-date
x-goog-storage-class

The XML API uses the following query string parameters:

AccessKeyId
acl
Action
billing
compose
continuation-token
cors
customPlacementConfig
defaultObjectAcl
delimiter
encoding-type
encryption
encryptionConfig
fetch-owner
generation
generation-marker
key-marker
lifecycle 		list-type
location
logging
marker
Marker
max-keys
max-parts
max-uploads
MaxItems
object-lock
part-number-marker
partNumber
prefix
response-content-disposition
response-content-type
retention
start-after
Status
storageClass 		tagging
upload_id
upload-id-marker
uploadId
uploads
UserName
userProject
version-id-marker
versioning
versions
websiteConfig
X-Goog-Algorithm
X-Goog-Credential
X-Goog-Custom-Audit-KEY
X-Goog-Date
X-Goog-Expires
X-Goog-SignedHeaders
X-Goog-Signature

Standard HTTP headers

Authorization

A request header that contains a string used to authenticate requests.

Valid Values One of the following:
  • The authentication identifier Bearer followed by a valid OAuth 2.0 token.
  • A valid signature header, as defined in the Simple migration documentation.
  • The authentication identifier GOOG1 or AWS followed by KEY_ACCESS_ID:V2_SIGNATURE.
Example Authorization: Bearer ya29.AHES6ZRVmB7fkLtd1XTmq6mo0S1wqZZi3-Lh_s- ...
Details

To create a sample OAuth 2.0 access token for testing, you can use the OAuth 2.0 playground.

Note: If your requests are being routed through a proxy, you may need to check with your network administrator to ensure that the Authorization header containing your credentials is not stripped out by the proxy. Without the Authorization header, you receive a MissingSecurityHeader error and your request is rejected. For more information about accessing Cloud Storage through a proxy server, see the Troubleshooting topic.

Cache-Control

A request and response header that specifies the cache-control setting.

Valid Values Any valid cache-control value (see the specification).
Example Cache-Control: public, max-age=6000
Details You should specify cache-control only for objects that are accessible to all anonymous users. To be anonymously accessible, an object's ACL must grant READ or FULL_CONTROL permission to AllUsers. If an object is accessible to all anonymous users and you do not specify a cache-control setting, Cloud Storage applies a cache-control setting of 3600 seconds. When serving via XML, Cloud Storage respects the cache-control of the object as set by its metadata.

Content-Disposition

A request and response header that specifies presentational information about the data being transmitted.

Valid Values Any valid content disposition value (see the specification).
Example Content-Disposition: attachment; filename=FILENAME
Details If you set the Content-Disposition header when uploading an object, it will be served at download time (and subsequently interpreted by web browsers and other HTTP clients). A common use for Content-Disposition is setting it to attachment;filename=FILENAMEt, typically causing the web browser to open a "Save As..." dialog box.

Content-Encoding

A request and response header that specifies the compression algorithm for an object. This header is also used for requests that use a V4 signature in the Authorization header and upload data in chunks.

Valid Values Any valid compression algorithm (see the specification) or aws-chunked
Example Content-Encoding: gzip
Details Cloud Storage does not compress objects and only decompresses objects in certain scenarios. If you use this header to specify a compression type algorithm (for example, deflate), Cloud Storage preserves the header as object metadata, but does not compress or decompress the object.

If an upload request uses Content-Encoding: aws-chunked, the request should authenticate using a V4 Signature, and its body should include chunked object data that meets the