@lap v0.3
# Machine-readable API spec. Each @endpoint block is one API call.
@api Cloud Storage JSON API
@base https://storage.googleapis.com/storage/v1
@version v1
@auth OAuth2 | OAuth2
@common_fields {userProject: str # The project to be billed for this request.}
@endpoints 52
@hint download_for_search
@toc b(45), channels(1), projects(6)

@group b
@endpoint GET /b
@desc Retrieves a list of buckets for a given project.
@required {project: str # A valid API project identifier.}
@optional {maxResults: int # Maximum number of buckets to return in a single response. The service will use this parameter or 1,000 items, whichever is smaller., pageToken: str # A previously-returned page token representing part of the larger set of results to view., prefix: str # Filter results to buckets whose names begin with this prefix., projection: str(full/noAcl) # Set of properties to return. Defaults to noAcl.}
@returns(200) {items: [map], kind: str, nextPageToken: str} # Successful response

@endpoint POST /b
@desc Creates a new bucket.
@required {project: str # A valid API project identifier.}
@optional {predefinedAcl: str(authenticatedRead/private/projectPrivate/publicRead/publicReadWrite) # Apply a predefined set of access controls to this bucket., predefinedDefaultObjectAcl: str(authenticatedRead/bucketOwnerFullControl/bucketOwnerRead/private/projectPrivate/publicRead) # Apply a predefined set of default object access controls to this bucket., projection: str(full/noAcl) # Set of properties to return. Defaults to noAcl, unless the bucket resource specifies acl or defaultObjectAcl properties, when it defaults to full., acl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, id: str, kind: str, projectTeam: map, role: str, selfLink: str}] # Access controls on the bucket., autoclass: map{enabled: bool, toggleTime: str(date-time)} # The bucket's Autoclass configuration., billing: map{requesterPays: bool} # The bucket's billing configuration., cors: [map{maxAgeSeconds: int(int32), method: [str], origin: [str], responseHeader: [str]}] # The bucket's Cross-Origin Resource Sharing (CORS) configuration., customPlacementConfig: map{dataLocations: [str]} # The bucket's custom placement configuration for Custom Dual Regions., defaultEventBasedHold: bool # The default value for event-based hold on newly created objects in this bucket. Event-based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false. Objects under event-based hold cannot be deleted, overwritten or archived until the hold is removed., defaultObjectAcl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map, role: str, selfLink: str}] # Default access controls to apply to new objects when no ACL is provided., encryption: map{defaultKmsKeyName: str} # Encryption configuration for a bucket., etag: str # HTTP 1.1 Entity tag for the bucket., iamConfiguration: map{bucketPolicyOnly: map, publicAccessPrevention: str, uniformBucketLevelAccess: map} # The bucket's IAM configuration., id: str # The ID of the bucket. For buckets, the id and name properties are the same., kind: str=storage#bucket # The kind of item this is. For buckets, this is always storage#bucket., labels: map # User-provided labels, in key/value pairs., lifecycle: map{rule: [map]} # The bucket's lifecycle configuration. See lifecycle management for more information., location: str # The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list., locationType: str # The type of the bucket location., logging: map{logBucket: str, logObjectPrefix: str} # The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs., metageneration: str(int64) # The metadata generation of this bucket., name: str # The name of the bucket., owner: map{entity: str, entityId: str} # The owner of the bucket. This is always the project team's owner group., projectNumber: str(uint64) # The project number of the project the bucket belongs to., retentionPolicy: map{effectiveTime: str(date-time), isLocked: bool, retentionPeriod: str(int64)} # The bucket's retention policy. The retention policy enforces a minimum retention time for all objects contained in the bucket, based on their creation time. Any attempt to overwrite or delete objects younger than the retention period will result in a PERMISSION_DENIED error. An unlocked retention policy can be modified or removed from the bucket via a storage.buckets.update operation. A locked retention policy cannot be removed or shortened in duration for the lifetime of the bucket. Attempting to remove or decrease period of a locked retention policy will result in a PERMISSION_DENIED error., rpo: str # The Recovery Point Objective (RPO) of this bucket. Set to ASYNC_TURBO to turn on Turbo Replication on a bucket., satisfiesPZS: bool # Reserved for future use., selfLink: str # The URI of this bucket., storageClass: str # The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes., timeCreated: str(date-time) # The creation time of the bucket in RFC 3339 format., updated: str(date-time) # The modification time of the bucket in RFC 3339 format., versioning: map{enabled: bool} # The bucket's versioning configuration., website: map{mainPageSuffix: str, notFoundPage: str} # The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.}
@returns(200) {acl: [map], autoclass: map{enabled: bool, toggleTime: str(date-time)}, billing: map{requesterPays: bool}, cors: [map], customPlacementConfig: map{dataLocations: [str]}, defaultEventBasedHold: bool, defaultObjectAcl: [map], encryption: map{defaultKmsKeyName: str}, etag: str, iamConfiguration: map{bucketPolicyOnly: map{enabled: bool, lockedTime: str(date-time)}, publicAccessPrevention: str, uniformBucketLevelAccess: map{enabled: bool, lockedTime: str(date-time)}}, id: str, kind: str, labels: map, lifecycle: map{rule: [map]}, location: str, locationType: str, logging: map{logBucket: str, logObjectPrefix: str}, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, projectNumber: str(uint64), retentionPolicy: map{effectiveTime: str(date-time), isLocked: bool, retentionPeriod: str(int64)}, rpo: str, satisfiesPZS: bool, selfLink: str, storageClass: str, timeCreated: str(date-time), updated: str(date-time), versioning: map{enabled: bool}, website: map{mainPageSuffix: str, notFoundPage: str}} # Successful response

@endpoint DELETE /b/{bucket}
@desc Permanently deletes an empty bucket.
@required {bucket: str # Name of a bucket.}
@optional {ifMetagenerationMatch: str # If set, only deletes the bucket if its metageneration matches this value., ifMetagenerationNotMatch: str # If set, only deletes the bucket if its metageneration does not match this value.}
@returns(200) Successful response

@endpoint GET /b/{bucket}
@desc Returns metadata for the specified bucket.
@required {bucket: str # Name of a bucket.}
@optional {ifMetagenerationMatch: str # Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value., projection: str(full/noAcl) # Set of properties to return. Defaults to noAcl.}
@returns(200) {acl: [map], autoclass: map{enabled: bool, toggleTime: str(date-time)}, billing: map{requesterPays: bool}, cors: [map], customPlacementConfig: map{dataLocations: [str]}, defaultEventBasedHold: bool, defaultObjectAcl: [map], encryption: map{defaultKmsKeyName: str}, etag: str, iamConfiguration: map{bucketPolicyOnly: map{enabled: bool, lockedTime: str(date-time)}, publicAccessPrevention: str, uniformBucketLevelAccess: map{enabled: bool, lockedTime: str(date-time)}}, id: str, kind: str, labels: map, lifecycle: map{rule: [map]}, location: str, locationType: str, logging: map{logBucket: str, logObjectPrefix: str}, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, projectNumber: str(uint64), retentionPolicy: map{effectiveTime: str(date-time), isLocked: bool, retentionPeriod: str(int64)}, rpo: str, satisfiesPZS: bool, selfLink: str, storageClass: str, timeCreated: str(date-time), updated: str(date-time), versioning: map{enabled: bool}, website: map{mainPageSuffix: str, notFoundPage: str}} # Successful response

@endpoint PATCH /b/{bucket}
@desc Patches a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.
@required {bucket: str # Name of a bucket.}
@optional {ifMetagenerationMatch: str # Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value., predefinedAcl: str(authenticatedRead/private/projectPrivate/publicRead/publicReadWrite) # Apply a predefined set of access controls to this bucket., predefinedDefaultObjectAcl: str(authenticatedRead/bucketOwnerFullControl/bucketOwnerRead/private/projectPrivate/publicRead) # Apply a predefined set of default object access controls to this bucket., projection: str(full/noAcl) # Set of properties to return. Defaults to full., acl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, id: str, kind: str, projectTeam: map, role: str, selfLink: str}] # Access controls on the bucket., autoclass: map{enabled: bool, toggleTime: str(date-time)} # The bucket's Autoclass configuration., billing: map{requesterPays: bool} # The bucket's billing configuration., cors: [map{maxAgeSeconds: int(int32), method: [str], origin: [str], responseHeader: [str]}] # The bucket's Cross-Origin Resource Sharing (CORS) configuration., customPlacementConfig: map{dataLocations: [str]} # The bucket's custom placement configuration for Custom Dual Regions., defaultEventBasedHold: bool # The default value for event-based hold on newly created objects in this bucket. Event-based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false. Objects under event-based hold cannot be deleted, overwritten or archived until the hold is removed., defaultObjectAcl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map, role: str, selfLink: str}] # Default access controls to apply to new objects when no ACL is provided., encryption: map{defaultKmsKeyName: str} # Encryption configuration for a bucket., etag: str # HTTP 1.1 Entity tag for the bucket., iamConfiguration: map{bucketPolicyOnly: map, publicAccessPrevention: str, uniformBucketLevelAccess: map} # The bucket's IAM configuration., id: str # The ID of the bucket. For buckets, the id and name properties are the same., kind: str=storage#bucket # The kind of item this is. For buckets, this is always storage#bucket., labels: map # User-provided labels, in key/value pairs., lifecycle: map{rule: [map]} # The bucket's lifecycle configuration. See lifecycle management for more information., location: str # The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list., locationType: str # The type of the bucket location., logging: map{logBucket: str, logObjectPrefix: str} # The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs., metageneration: str(int64) # The metadata generation of this bucket., name: str # The name of the bucket., owner: map{entity: str, entityId: str} # The owner of the bucket. This is always the project team's owner group., projectNumber: str(uint64) # The project number of the project the bucket belongs to., retentionPolicy: map{effectiveTime: str(date-time), isLocked: bool, retentionPeriod: str(int64)} # The bucket's retention policy. The retention policy enforces a minimum retention time for all objects contained in the bucket, based on their creation time. Any attempt to overwrite or delete objects younger than the retention period will result in a PERMISSION_DENIED error. An unlocked retention policy can be modified or removed from the bucket via a storage.buckets.update operation. A locked retention policy cannot be removed or shortened in duration for the lifetime of the bucket. Attempting to remove or decrease period of a locked retention policy will result in a PERMISSION_DENIED error., rpo: str # The Recovery Point Objective (RPO) of this bucket. Set to ASYNC_TURBO to turn on Turbo Replication on a bucket., satisfiesPZS: bool # Reserved for future use., selfLink: str # The URI of this bucket., storageClass: str # The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes., timeCreated: str(date-time) # The creation time of the bucket in RFC 3339 format., updated: str(date-time) # The modification time of the bucket in RFC 3339 format., versioning: map{enabled: bool} # The bucket's versioning configuration., website: map{mainPageSuffix: str, notFoundPage: str} # The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.}
@returns(200) {acl: [map], autoclass: map{enabled: bool, toggleTime: str(date-time)}, billing: map{requesterPays: bool}, cors: [map], customPlacementConfig: map{dataLocations: [str]}, defaultEventBasedHold: bool, defaultObjectAcl: [map], encryption: map{defaultKmsKeyName: str}, etag: str, iamConfiguration: map{bucketPolicyOnly: map{enabled: bool, lockedTime: str(date-time)}, publicAccessPrevention: str, uniformBucketLevelAccess: map{enabled: bool, lockedTime: str(date-time)}}, id: str, kind: str, labels: map, lifecycle: map{rule: [map]}, location: str, locationType: str, logging: map{logBucket: str, logObjectPrefix: str}, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, projectNumber: str(uint64), retentionPolicy: map{effectiveTime: str(date-time), isLocked: bool, retentionPeriod: str(int64)}, rpo: str, satisfiesPZS: bool, selfLink: str, storageClass: str, timeCreated: str(date-time), updated: str(date-time), versioning: map{enabled: bool}, website: map{mainPageSuffix: str, notFoundPage: str}} # Successful response

@endpoint PUT /b/{bucket}
@desc Updates a bucket. Changes to the bucket will be readable immediately after writing, but configuration changes may take time to propagate.
@required {bucket: str # Name of a bucket.}
@optional {ifMetagenerationMatch: str # Makes the return of the bucket metadata conditional on whether the bucket's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the return of the bucket metadata conditional on whether the bucket's current metageneration does not match the given value., predefinedAcl: str(authenticatedRead/private/projectPrivate/publicRead/publicReadWrite) # Apply a predefined set of access controls to this bucket., predefinedDefaultObjectAcl: str(authenticatedRead/bucketOwnerFullControl/bucketOwnerRead/private/projectPrivate/publicRead) # Apply a predefined set of default object access controls to this bucket., projection: str(full/noAcl) # Set of properties to return. Defaults to full., acl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, id: str, kind: str, projectTeam: map, role: str, selfLink: str}] # Access controls on the bucket., autoclass: map{enabled: bool, toggleTime: str(date-time)} # The bucket's Autoclass configuration., billing: map{requesterPays: bool} # The bucket's billing configuration., cors: [map{maxAgeSeconds: int(int32), method: [str], origin: [str], responseHeader: [str]}] # The bucket's Cross-Origin Resource Sharing (CORS) configuration., customPlacementConfig: map{dataLocations: [str]} # The bucket's custom placement configuration for Custom Dual Regions., defaultEventBasedHold: bool # The default value for event-based hold on newly created objects in this bucket. Event-based hold is a way to retain objects indefinitely until an event occurs, signified by the hold's release. After being released, such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false. Objects under event-based hold cannot be deleted, overwritten or archived until the hold is removed., defaultObjectAcl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map, role: str, selfLink: str}] # Default access controls to apply to new objects when no ACL is provided., encryption: map{defaultKmsKeyName: str} # Encryption configuration for a bucket., etag: str # HTTP 1.1 Entity tag for the bucket., iamConfiguration: map{bucketPolicyOnly: map, publicAccessPrevention: str, uniformBucketLevelAccess: map} # The bucket's IAM configuration., id: str # The ID of the bucket. For buckets, the id and name properties are the same., kind: str=storage#bucket # The kind of item this is. For buckets, this is always storage#bucket., labels: map # User-provided labels, in key/value pairs., lifecycle: map{rule: [map]} # The bucket's lifecycle configuration. See lifecycle management for more information., location: str # The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list., locationType: str # The type of the bucket location., logging: map{logBucket: str, logObjectPrefix: str} # The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs., metageneration: str(int64) # The metadata generation of this bucket., name: str # The name of the bucket., owner: map{entity: str, entityId: str} # The owner of the bucket. This is always the project team's owner group., projectNumber: str(uint64) # The project number of the project the bucket belongs to., retentionPolicy: map{effectiveTime: str(date-time), isLocked: bool, retentionPeriod: str(int64)} # The bucket's retention policy. The retention policy enforces a minimum retention time for all objects contained in the bucket, based on their creation time. Any attempt to overwrite or delete objects younger than the retention period will result in a PERMISSION_DENIED error. An unlocked retention policy can be modified or removed from the bucket via a storage.buckets.update operation. A locked retention policy cannot be removed or shortened in duration for the lifetime of the bucket. Attempting to remove or decrease period of a locked retention policy will result in a PERMISSION_DENIED error., rpo: str # The Recovery Point Objective (RPO) of this bucket. Set to ASYNC_TURBO to turn on Turbo Replication on a bucket., satisfiesPZS: bool # Reserved for future use., selfLink: str # The URI of this bucket., storageClass: str # The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes., timeCreated: str(date-time) # The creation time of the bucket in RFC 3339 format., updated: str(date-time) # The modification time of the bucket in RFC 3339 format., versioning: map{enabled: bool} # The bucket's versioning configuration., website: map{mainPageSuffix: str, notFoundPage: str} # The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.}
@returns(200) {acl: [map], autoclass: map{enabled: bool, toggleTime: str(date-time)}, billing: map{requesterPays: bool}, cors: [map], customPlacementConfig: map{dataLocations: [str]}, defaultEventBasedHold: bool, defaultObjectAcl: [map], encryption: map{defaultKmsKeyName: str}, etag: str, iamConfiguration: map{bucketPolicyOnly: map{enabled: bool, lockedTime: str(date-time)}, publicAccessPrevention: str, uniformBucketLevelAccess: map{enabled: bool, lockedTime: str(date-time)}}, id: str, kind: str, labels: map, lifecycle: map{rule: [map]}, location: str, locationType: str, logging: map{logBucket: str, logObjectPrefix: str}, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, projectNumber: str(uint64), retentionPolicy: map{effectiveTime: str(date-time), isLocked: bool, retentionPeriod: str(int64)}, rpo: str, satisfiesPZS: bool, selfLink: str, storageClass: str, timeCreated: str(date-time), updated: str(date-time), versioning: map{enabled: bool}, website: map{mainPageSuffix: str, notFoundPage: str}} # Successful response

@endpoint GET /b/{bucket}/acl
@desc Retrieves ACL entries on the specified bucket.
@required {bucket: str # Name of a bucket.}
@returns(200) {items: [map], kind: str} # Successful response

@endpoint POST /b/{bucket}/acl
@desc Creates a new ACL entry on the specified bucket.
@required {bucket: str # Name of a bucket.}
@optional {bucket: str # The name of the bucket., domain: str # The domain associated with the entity, if any., email: str # The email address associated with the entity, if any., entity: str # The entity holding the permission, in one of the following forms:  - user-userId  - user-email  - group-groupId  - group-email  - domain-domain  - project-team-projectId  - allUsers  - allAuthenticatedUsers Examples:  - The user liz@example.com would be user-liz@example.com.  - The group example@googlegroups.com would be group-example@googlegroups.com.  - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com., entityId: str # The ID for the entity, if any., etag: str # HTTP 1.1 Entity tag for the access-control entry., id: str # The ID of the access-control entry., kind: str=storage#bucketAccessControl # The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl., projectTeam: map{projectNumber: str, team: str} # The project team associated with the entity, if any., role: str # The access permission for the entity., selfLink: str # The link to this access-control entry.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, id: str, kind: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint DELETE /b/{bucket}/acl/{entity}
@desc Permanently deletes the ACL entry for the specified entity on the specified bucket.
@required {bucket: str # Name of a bucket., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@returns(200) Successful response

@endpoint GET /b/{bucket}/acl/{entity}
@desc Returns the ACL entry for the specified entity on the specified bucket.
@required {bucket: str # Name of a bucket., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, id: str, kind: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint PATCH /b/{bucket}/acl/{entity}
@desc Patches an ACL entry on the specified bucket.
@required {bucket: str # Name of a bucket., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@optional {bucket: str # The name of the bucket., domain: str # The domain associated with the entity, if any., email: str # The email address associated with the entity, if any., entity: str # The entity holding the permission, in one of the following forms:  - user-userId  - user-email  - group-groupId  - group-email  - domain-domain  - project-team-projectId  - allUsers  - allAuthenticatedUsers Examples:  - The user liz@example.com would be user-liz@example.com.  - The group example@googlegroups.com would be group-example@googlegroups.com.  - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com., entityId: str # The ID for the entity, if any., etag: str # HTTP 1.1 Entity tag for the access-control entry., id: str # The ID of the access-control entry., kind: str=storage#bucketAccessControl # The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl., projectTeam: map{projectNumber: str, team: str} # The project team associated with the entity, if any., role: str # The access permission for the entity., selfLink: str # The link to this access-control entry.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, id: str, kind: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint PUT /b/{bucket}/acl/{entity}
@desc Updates an ACL entry on the specified bucket.
@required {bucket: str # Name of a bucket., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@optional {bucket: str # The name of the bucket., domain: str # The domain associated with the entity, if any., email: str # The email address associated with the entity, if any., entity: str # The entity holding the permission, in one of the following forms:  - user-userId  - user-email  - group-groupId  - group-email  - domain-domain  - project-team-projectId  - allUsers  - allAuthenticatedUsers Examples:  - The user liz@example.com would be user-liz@example.com.  - The group example@googlegroups.com would be group-example@googlegroups.com.  - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com., entityId: str # The ID for the entity, if any., etag: str # HTTP 1.1 Entity tag for the access-control entry., id: str # The ID of the access-control entry., kind: str=storage#bucketAccessControl # The kind of item this is. For bucket access control entries, this is always storage#bucketAccessControl., projectTeam: map{projectNumber: str, team: str} # The project team associated with the entity, if any., role: str # The access permission for the entity., selfLink: str # The link to this access-control entry.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, id: str, kind: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint GET /b/{bucket}/defaultObjectAcl
@desc Retrieves default object ACL entries on the specified bucket.
@required {bucket: str # Name of a bucket.}
@optional {ifMetagenerationMatch: str # If present, only return default ACL listing if the bucket's current metageneration matches this value., ifMetagenerationNotMatch: str # If present, only return default ACL listing if the bucket's current metageneration does not match the given value.}
@returns(200) {items: [map], kind: str} # Successful response

@endpoint POST /b/{bucket}/defaultObjectAcl
@desc Creates a new default object ACL entry on the specified bucket.
@required {bucket: str # Name of a bucket.}
@optional {bucket: str # The name of the bucket., domain: str # The domain associated with the entity, if any., email: str # The email address associated with the entity, if any., entity: str # The entity holding the permission, in one of the following forms:  - user-userId  - user-email  - group-groupId  - group-email  - domain-domain  - project-team-projectId  - allUsers  - allAuthenticatedUsers Examples:  - The user liz@example.com would be user-liz@example.com.  - The group example@googlegroups.com would be group-example@googlegroups.com.  - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com., entityId: str # The ID for the entity, if any., etag: str # HTTP 1.1 Entity tag for the access-control entry., generation: str(int64) # The content generation of the object, if applied to an object., id: str # The ID of the access-control entry., kind: str=storage#objectAccessControl # The kind of item this is. For object access control entries, this is always storage#objectAccessControl., object: str # The name of the object, if applied to an object., projectTeam: map{projectNumber: str, team: str} # The project team associated with the entity, if any., role: str # The access permission for the entity., selfLink: str # The link to this access-control entry.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint DELETE /b/{bucket}/defaultObjectAcl/{entity}
@desc Permanently deletes the default object ACL entry for the specified entity on the specified bucket.
@required {bucket: str # Name of a bucket., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@returns(200) Successful response

@endpoint GET /b/{bucket}/defaultObjectAcl/{entity}
@desc Returns the default object ACL entry for the specified entity on the specified bucket.
@required {bucket: str # Name of a bucket., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint PATCH /b/{bucket}/defaultObjectAcl/{entity}
@desc Patches a default object ACL entry on the specified bucket.
@required {bucket: str # Name of a bucket., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@optional {bucket: str # The name of the bucket., domain: str # The domain associated with the entity, if any., email: str # The email address associated with the entity, if any., entity: str # The entity holding the permission, in one of the following forms:  - user-userId  - user-email  - group-groupId  - group-email  - domain-domain  - project-team-projectId  - allUsers  - allAuthenticatedUsers Examples:  - The user liz@example.com would be user-liz@example.com.  - The group example@googlegroups.com would be group-example@googlegroups.com.  - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com., entityId: str # The ID for the entity, if any., etag: str # HTTP 1.1 Entity tag for the access-control entry., generation: str(int64) # The content generation of the object, if applied to an object., id: str # The ID of the access-control entry., kind: str=storage#objectAccessControl # The kind of item this is. For object access control entries, this is always storage#objectAccessControl., object: str # The name of the object, if applied to an object., projectTeam: map{projectNumber: str, team: str} # The project team associated with the entity, if any., role: str # The access permission for the entity., selfLink: str # The link to this access-control entry.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint PUT /b/{bucket}/defaultObjectAcl/{entity}
@desc Updates a default object ACL entry on the specified bucket.
@required {bucket: str # Name of a bucket., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@optional {bucket: str # The name of the bucket., domain: str # The domain associated with the entity, if any., email: str # The email address associated with the entity, if any., entity: str # The entity holding the permission, in one of the following forms:  - user-userId  - user-email  - group-groupId  - group-email  - domain-domain  - project-team-projectId  - allUsers  - allAuthenticatedUsers Examples:  - The user liz@example.com would be user-liz@example.com.  - The group example@googlegroups.com would be group-example@googlegroups.com.  - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com., entityId: str # The ID for the entity, if any., etag: str # HTTP 1.1 Entity tag for the access-control entry., generation: str(int64) # The content generation of the object, if applied to an object., id: str # The ID of the access-control entry., kind: str=storage#objectAccessControl # The kind of item this is. For object access control entries, this is always storage#objectAccessControl., object: str # The name of the object, if applied to an object., projectTeam: map{projectNumber: str, team: str} # The project team associated with the entity, if any., role: str # The access permission for the entity., selfLink: str # The link to this access-control entry.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint GET /b/{bucket}/iam
@desc Returns an IAM policy for the specified bucket.
@required {bucket: str # Name of a bucket.}
@optional {optionsRequestedPolicyVersion: int # The IAM policy format version to be returned. If the optionsRequestedPolicyVersion is for an older version that doesn't support part of the requested IAM policy, the request fails.}
@returns(200) {bindings: [map], etag: str(byte), kind: str, resourceId: str, version: int(int32)} # Successful response

@endpoint PUT /b/{bucket}/iam
@desc Updates an IAM policy for the specified bucket.
@required {bucket: str # Name of a bucket.}
@optional {bindings: [map{condition: map, members: [str], role: str}] # An association between a role, which comes with a set of permissions, and members who may assume that role., etag: str(byte) # HTTP 1.1  Entity tag for the policy., kind: str=storage#policy # The kind of item this is. For policies, this is always storage#policy. This field is ignored on input., resourceId: str # The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, and projects/_/buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input., version: int(int32) # The IAM policy format version.}
@returns(200) {bindings: [map], etag: str(byte), kind: str, resourceId: str, version: int(int32)} # Successful response

@endpoint GET /b/{bucket}/iam/testPermissions
@desc Tests a set of permissions on the given bucket to see which, if any, are held by the caller.
@required {bucket: str # Name of a bucket., permissions: [str] # Permissions to test.}
@returns(200) {kind: str, permissions: [str]} # Successful response

@endpoint POST /b/{bucket}/lockRetentionPolicy
@desc Locks retention policy on a bucket.
@required {bucket: str # Name of a bucket., ifMetagenerationMatch: str # Makes the operation conditional on whether bucket's current metageneration matches the given value.}
@returns(200) {acl: [map], autoclass: map{enabled: bool, toggleTime: str(date-time)}, billing: map{requesterPays: bool}, cors: [map], customPlacementConfig: map{dataLocations: [str]}, defaultEventBasedHold: bool, defaultObjectAcl: [map], encryption: map{defaultKmsKeyName: str}, etag: str, iamConfiguration: map{bucketPolicyOnly: map{enabled: bool, lockedTime: str(date-time)}, publicAccessPrevention: str, uniformBucketLevelAccess: map{enabled: bool, lockedTime: str(date-time)}}, id: str, kind: str, labels: map, lifecycle: map{rule: [map]}, location: str, locationType: str, logging: map{logBucket: str, logObjectPrefix: str}, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, projectNumber: str(uint64), retentionPolicy: map{effectiveTime: str(date-time), isLocked: bool, retentionPeriod: str(int64)}, rpo: str, satisfiesPZS: bool, selfLink: str, storageClass: str, timeCreated: str(date-time), updated: str(date-time), versioning: map{enabled: bool}, website: map{mainPageSuffix: str, notFoundPage: str}} # Successful response

@endpoint GET /b/{bucket}/notificationConfigs
@desc Retrieves a list of notification subscriptions for a given bucket.
@required {bucket: str # Name of a Google Cloud Storage bucket.}
@returns(200) {items: [map], kind: str} # Successful response

@endpoint POST /b/{bucket}/notificationConfigs
@desc Creates a notification subscription for a given bucket.
@required {bucket: str # The parent bucket of the notification.}
@optional {custom_attributes: map # An optional list of additional attributes to attach to each Cloud PubSub message published for this notification subscription., etag: str # HTTP 1.1 Entity tag for this subscription notification., event_types: [str] # If present, only send notifications about listed event types. If empty, sent notifications for all event types., id: str # The ID of the notification., kind: str=storage#notification # The kind of item this is. For notifications, this is always storage#notification., object_name_prefix: str # If present, only apply this notification configuration to object names that begin with this prefix., payload_format: str=JSON_API_V1 # The desired content of the Payload., selfLink: str # The canonical URL of this notification., topic: str # The Cloud PubSub topic to which this subscription publishes. Formatted as: '//pubsub.googleapis.com/projects/{project-identifier}/topics/{my-topic}'}
@returns(200) {custom_attributes: map, etag: str, event_types: [str], id: str, kind: str, object_name_prefix: str, payload_format: str, selfLink: str, topic: str} # Successful response

@endpoint DELETE /b/{bucket}/notificationConfigs/{notification}
@desc Permanently deletes a notification subscription.
@required {bucket: str # The parent bucket of the notification., notification: str # ID of the notification to delete.}
@returns(200) Successful response

@endpoint GET /b/{bucket}/notificationConfigs/{notification}
@desc View a notification configuration.
@required {bucket: str # The parent bucket of the notification., notification: str # Notification ID}
@returns(200) {custom_attributes: map, etag: str, event_types: [str], id: str, kind: str, object_name_prefix: str, payload_format: str, selfLink: str, topic: str} # Successful response

@endpoint GET /b/{bucket}/o
@desc Retrieves a list of objects matching the criteria.
@required {bucket: str # Name of the bucket in which to look for objects.}
@optional {delimiter: str # Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted., endOffset: str # Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive)., includeTrailingDelimiter: bool # If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes., matchGlob: str # Filter results to objects and prefixes that match this glob pattern., maxResults: int # Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller., pageToken: str # A previously-returned page token representing part of the larger set of results to view., prefix: str # Filter results to objects whose names begin with this prefix., projection: str(full/noAcl) # Set of properties to return. Defaults to noAcl., startOffset: str # Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive)., versions: bool # If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.}
@returns(200) {items: [map], kind: str, nextPageToken: str, prefixes: [str]} # Successful response

@endpoint POST /b/{bucket}/o
@desc Stores a new object and metadata.
@required {bucket: str # Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.}
@optional {contentEncoding: str # If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded., ifGenerationMatch: str # Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object., ifGenerationNotMatch: str # Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object., ifMetagenerationMatch: str # Makes the operation conditional on whether the object's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the operation conditional on whether the object's current metageneration does not match the given value., kmsKeyName: str # Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any., name: str # Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts., predefinedAcl: str(authenticatedRead/bucketOwnerFullControl/bucketOwnerRead/private/projectPrivate/publicRead) # Apply a predefined set of access controls to this object., projection: str(full/noAcl) # Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.}
@returns(200) {acl: [map], bucket: str, cacheControl: str, componentCount: int(int32), contentDisposition: str, contentEncoding: str, contentLanguage: str, contentType: str, crc32c: str, customTime: str(date-time), customerEncryption: map{encryptionAlgorithm: str, keySha256: str}, etag: str, eventBasedHold: bool, generation: str(int64), id: str, kind: str, kmsKeyName: str, md5Hash: str, mediaLink: str, metadata: map, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, retentionExpirationTime: str(date-time), selfLink: str, size: str(uint64), storageClass: str, temporaryHold: bool, timeCreated: str(date-time), timeDeleted: str(date-time), timeStorageClassUpdated: str(date-time), updated: str(date-time)} # Successful response

@endpoint POST /b/{bucket}/o/watch
@desc Watch for changes on all objects in a bucket.
@required {bucket: str # Name of the bucket in which to look for objects.}
@optional {delimiter: str # Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted., endOffset: str # Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive)., includeTrailingDelimiter: bool # If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes., maxResults: int # Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller., pageToken: str # A previously-returned page token representing part of the larger set of results to view., prefix: str # Filter results to objects whose names begin with this prefix., projection: str(full/noAcl) # Set of properties to return. Defaults to noAcl., startOffset: str # Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive)., versions: bool # If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning., address: str # The address where notifications are delivered for this channel., expiration: str(int64) # Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional., id: str # A UUID or similar unique string that identifies this channel., kind: str=api#channel # Identifies this as a notification channel used to watch for changes to a resource, which is "api#channel"., params: map # Additional parameters controlling delivery channel behavior. Optional., payload: bool # A Boolean value to indicate whether payload is wanted. Optional., resourceId: str # An opaque ID that identifies the resource being watched on this channel. Stable across different API versions., resourceUri: str # A version-specific identifier for the watched resource., token: str # An arbitrary string delivered to the target address with each notification delivered over this channel. Optional., type: str # The type of delivery mechanism used for this channel.}
@returns(200) {address: str, expiration: str(int64), id: str, kind: str, params: map, payload: bool, resourceId: str, resourceUri: str, token: str, type: str} # Successful response

@endpoint DELETE /b/{bucket}/o/{object}
@desc Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.
@required {bucket: str # Name of the bucket in which the object resides., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {generation: str # If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default)., ifGenerationMatch: str # Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object., ifGenerationNotMatch: str # Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object., ifMetagenerationMatch: str # Makes the operation conditional on whether the object's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the operation conditional on whether the object's current metageneration does not match the given value.}
@returns(200) Successful response

@endpoint GET /b/{bucket}/o/{object}
@desc Retrieves an object or its metadata.
@required {bucket: str # Name of the bucket in which the object resides., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default)., ifGenerationMatch: str # Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object., ifGenerationNotMatch: str # Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object., ifMetagenerationMatch: str # Makes the operation conditional on whether the object's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the operation conditional on whether the object's current metageneration does not match the given value., projection: str(full/noAcl) # Set of properties to return. Defaults to noAcl.}
@returns(200) {acl: [map], bucket: str, cacheControl: str, componentCount: int(int32), contentDisposition: str, contentEncoding: str, contentLanguage: str, contentType: str, crc32c: str, customTime: str(date-time), customerEncryption: map{encryptionAlgorithm: str, keySha256: str}, etag: str, eventBasedHold: bool, generation: str(int64), id: str, kind: str, kmsKeyName: str, md5Hash: str, mediaLink: str, metadata: map, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, retentionExpirationTime: str(date-time), selfLink: str, size: str(uint64), storageClass: str, temporaryHold: bool, timeCreated: str(date-time), timeDeleted: str(date-time), timeStorageClassUpdated: str(date-time), updated: str(date-time)} # Successful response

@endpoint PATCH /b/{bucket}/o/{object}
@desc Patches an object's metadata.
@required {bucket: str # Name of the bucket in which the object resides., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default)., ifGenerationMatch: str # Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object., ifGenerationNotMatch: str # Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object., ifMetagenerationMatch: str # Makes the operation conditional on whether the object's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the operation conditional on whether the object's current metageneration does not match the given value., predefinedAcl: str(authenticatedRead/bucketOwnerFullControl/bucketOwnerRead/private/projectPrivate/publicRead) # Apply a predefined set of access controls to this object., projection: str(full/noAcl) # Set of properties to return. Defaults to full., acl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map, role: str, selfLink: str}] # Access controls on the object., bucket: str # The name of the bucket containing this object., cacheControl: str # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600., componentCount: int(int32) # Number of underlying components that make up this object. Components are accumulated by compose operations., contentDisposition: str # Content-Disposition of the object data., contentEncoding: str # Content-Encoding of the object data., contentLanguage: str # Content-Language of the object data., contentType: str # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream., crc32c: str # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices., customTime: str(date-time) # A timestamp in RFC 3339 format specified by the user for an object., customerEncryption: map{encryptionAlgorithm: str, keySha256: str} # Metadata of customer-supplied encryption key, if the object is encrypted by such a key., etag: str # HTTP 1.1 Entity tag for the object., eventBasedHold: bool # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false., generation: str(int64) # The content generation of this object. Used for object versioning., id: str # The ID of the object, including the bucket name, object name, and generation number., kind: str=storage#object # The kind of item this is. For objects, this is always storage#object., kmsKeyName: str # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request., md5Hash: str # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices., mediaLink: str # Media download link., metadata: map # User-provided metadata, in key/value pairs., metageneration: str(int64) # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object., name: str # The name of the object. Required if not specified by URL parameter., owner: map{entity: str, entityId: str} # The owner of the object. This will always be the uploader of the object., retentionExpirationTime: str(date-time) # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold)., selfLink: str # The link to this object., size: str(uint64) # Content-Length of the data in bytes., storageClass: str # Storage class of the object., temporaryHold: bool # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object., timeCreated: str(date-time) # The creation time of the object in RFC 3339 format., timeDeleted: str(date-time) # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted., timeStorageClassUpdated: str(date-time) # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated., updated: str(date-time) # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.}
@returns(200) {acl: [map], bucket: str, cacheControl: str, componentCount: int(int32), contentDisposition: str, contentEncoding: str, contentLanguage: str, contentType: str, crc32c: str, customTime: str(date-time), customerEncryption: map{encryptionAlgorithm: str, keySha256: str}, etag: str, eventBasedHold: bool, generation: str(int64), id: str, kind: str, kmsKeyName: str, md5Hash: str, mediaLink: str, metadata: map, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, retentionExpirationTime: str(date-time), selfLink: str, size: str(uint64), storageClass: str, temporaryHold: bool, timeCreated: str(date-time), timeDeleted: str(date-time), timeStorageClassUpdated: str(date-time), updated: str(date-time)} # Successful response

@endpoint PUT /b/{bucket}/o/{object}
@desc Updates an object's metadata.
@required {bucket: str # Name of the bucket in which the object resides., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default)., ifGenerationMatch: str # Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object., ifGenerationNotMatch: str # Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object., ifMetagenerationMatch: str # Makes the operation conditional on whether the object's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the operation conditional on whether the object's current metageneration does not match the given value., predefinedAcl: str(authenticatedRead/bucketOwnerFullControl/bucketOwnerRead/private/projectPrivate/publicRead) # Apply a predefined set of access controls to this object., projection: str(full/noAcl) # Set of properties to return. Defaults to full., acl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map, role: str, selfLink: str}] # Access controls on the object., bucket: str # The name of the bucket containing this object., cacheControl: str # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600., componentCount: int(int32) # Number of underlying components that make up this object. Components are accumulated by compose operations., contentDisposition: str # Content-Disposition of the object data., contentEncoding: str # Content-Encoding of the object data., contentLanguage: str # Content-Language of the object data., contentType: str # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream., crc32c: str # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices., customTime: str(date-time) # A timestamp in RFC 3339 format specified by the user for an object., customerEncryption: map{encryptionAlgorithm: str, keySha256: str} # Metadata of customer-supplied encryption key, if the object is encrypted by such a key., etag: str # HTTP 1.1 Entity tag for the object., eventBasedHold: bool # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false., generation: str(int64) # The content generation of this object. Used for object versioning., id: str # The ID of the object, including the bucket name, object name, and generation number., kind: str=storage#object # The kind of item this is. For objects, this is always storage#object., kmsKeyName: str # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request., md5Hash: str # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices., mediaLink: str # Media download link., metadata: map # User-provided metadata, in key/value pairs., metageneration: str(int64) # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object., name: str # The name of the object. Required if not specified by URL parameter., owner: map{entity: str, entityId: str} # The owner of the object. This will always be the uploader of the object., retentionExpirationTime: str(date-time) # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold)., selfLink: str # The link to this object., size: str(uint64) # Content-Length of the data in bytes., storageClass: str # Storage class of the object., temporaryHold: bool # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object., timeCreated: str(date-time) # The creation time of the object in RFC 3339 format., timeDeleted: str(date-time) # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted., timeStorageClassUpdated: str(date-time) # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated., updated: str(date-time) # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.}
@returns(200) {acl: [map], bucket: str, cacheControl: str, componentCount: int(int32), contentDisposition: str, contentEncoding: str, contentLanguage: str, contentType: str, crc32c: str, customTime: str(date-time), customerEncryption: map{encryptionAlgorithm: str, keySha256: str}, etag: str, eventBasedHold: bool, generation: str(int64), id: str, kind: str, kmsKeyName: str, md5Hash: str, mediaLink: str, metadata: map, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, retentionExpirationTime: str(date-time), selfLink: str, size: str(uint64), storageClass: str, temporaryHold: bool, timeCreated: str(date-time), timeDeleted: str(date-time), timeStorageClassUpdated: str(date-time), updated: str(date-time)} # Successful response

@endpoint GET /b/{bucket}/o/{object}/acl
@desc Retrieves ACL entries on the specified object.
@required {bucket: str # Name of a bucket., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default).}
@returns(200) {items: [map], kind: str} # Successful response

@endpoint POST /b/{bucket}/o/{object}/acl
@desc Creates a new ACL entry on the specified object.
@required {bucket: str # Name of a bucket., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default)., bucket: str # The name of the bucket., domain: str # The domain associated with the entity, if any., email: str # The email address associated with the entity, if any., entity: str # The entity holding the permission, in one of the following forms:  - user-userId  - user-email  - group-groupId  - group-email  - domain-domain  - project-team-projectId  - allUsers  - allAuthenticatedUsers Examples:  - The user liz@example.com would be user-liz@example.com.  - The group example@googlegroups.com would be group-example@googlegroups.com.  - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com., entityId: str # The ID for the entity, if any., etag: str # HTTP 1.1 Entity tag for the access-control entry., generation: str(int64) # The content generation of the object, if applied to an object., id: str # The ID of the access-control entry., kind: str=storage#objectAccessControl # The kind of item this is. For object access control entries, this is always storage#objectAccessControl., object: str # The name of the object, if applied to an object., projectTeam: map{projectNumber: str, team: str} # The project team associated with the entity, if any., role: str # The access permission for the entity., selfLink: str # The link to this access-control entry.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint DELETE /b/{bucket}/o/{object}/acl/{entity}
@desc Permanently deletes the ACL entry for the specified entity on the specified object.
@required {bucket: str # Name of a bucket., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default).}
@returns(200) Successful response

@endpoint GET /b/{bucket}/o/{object}/acl/{entity}
@desc Returns the ACL entry for the specified entity on the specified object.
@required {bucket: str # Name of a bucket., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default).}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint PATCH /b/{bucket}/o/{object}/acl/{entity}
@desc Patches an ACL entry on the specified object.
@required {bucket: str # Name of a bucket., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default)., bucket: str # The name of the bucket., domain: str # The domain associated with the entity, if any., email: str # The email address associated with the entity, if any., entity: str # The entity holding the permission, in one of the following forms:  - user-userId  - user-email  - group-groupId  - group-email  - domain-domain  - project-team-projectId  - allUsers  - allAuthenticatedUsers Examples:  - The user liz@example.com would be user-liz@example.com.  - The group example@googlegroups.com would be group-example@googlegroups.com.  - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com., entityId: str # The ID for the entity, if any., etag: str # HTTP 1.1 Entity tag for the access-control entry., generation: str(int64) # The content generation of the object, if applied to an object., id: str # The ID of the access-control entry., kind: str=storage#objectAccessControl # The kind of item this is. For object access control entries, this is always storage#objectAccessControl., object: str # The name of the object, if applied to an object., projectTeam: map{projectNumber: str, team: str} # The project team associated with the entity, if any., role: str # The access permission for the entity., selfLink: str # The link to this access-control entry.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint PUT /b/{bucket}/o/{object}/acl/{entity}
@desc Updates an ACL entry on the specified object.
@required {bucket: str # Name of a bucket., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts., entity: str # The entity holding the permission. Can be user-userId, user-emailAddress, group-groupId, group-emailAddress, allUsers, or allAuthenticatedUsers.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default)., bucket: str # The name of the bucket., domain: str # The domain associated with the entity, if any., email: str # The email address associated with the entity, if any., entity: str # The entity holding the permission, in one of the following forms:  - user-userId  - user-email  - group-groupId  - group-email  - domain-domain  - project-team-projectId  - allUsers  - allAuthenticatedUsers Examples:  - The user liz@example.com would be user-liz@example.com.  - The group example@googlegroups.com would be group-example@googlegroups.com.  - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com., entityId: str # The ID for the entity, if any., etag: str # HTTP 1.1 Entity tag for the access-control entry., generation: str(int64) # The content generation of the object, if applied to an object., id: str # The ID of the access-control entry., kind: str=storage#objectAccessControl # The kind of item this is. For object access control entries, this is always storage#objectAccessControl., object: str # The name of the object, if applied to an object., projectTeam: map{projectNumber: str, team: str} # The project team associated with the entity, if any., role: str # The access permission for the entity., selfLink: str # The link to this access-control entry.}
@returns(200) {bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map{projectNumber: str, team: str}, role: str, selfLink: str} # Successful response

@endpoint GET /b/{bucket}/o/{object}/iam
@desc Returns an IAM policy for the specified object.
@required {bucket: str # Name of the bucket in which the object resides., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default).}
@returns(200) {bindings: [map], etag: str(byte), kind: str, resourceId: str, version: int(int32)} # Successful response

@endpoint PUT /b/{bucket}/o/{object}/iam
@desc Updates an IAM policy for the specified object.
@required {bucket: str # Name of the bucket in which the object resides., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default)., bindings: [map{condition: map, members: [str], role: str}] # An association between a role, which comes with a set of permissions, and members who may assume that role., etag: str(byte) # HTTP 1.1  Entity tag for the policy., kind: str=storage#policy # The kind of item this is. For policies, this is always storage#policy. This field is ignored on input., resourceId: str # The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, and projects/_/buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input., version: int(int32) # The IAM policy format version.}
@returns(200) {bindings: [map], etag: str(byte), kind: str, resourceId: str, version: int(int32)} # Successful response

@endpoint GET /b/{bucket}/o/{object}/iam/testPermissions
@desc Tests a set of permissions on the given object to see which, if any, are held by the caller.
@required {bucket: str # Name of the bucket in which the object resides., object: str # Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts., permissions: [str] # Permissions to test.}
@optional {generation: str # If present, selects a specific revision of this object (as opposed to the latest version, the default).}
@returns(200) {kind: str, permissions: [str]} # Successful response

@endpoint POST /b/{destinationBucket}/o/{destinationObject}/compose
@desc Concatenates a list of existing objects into a new object in the same bucket.
@required {destinationBucket: str # Name of the bucket containing the source objects. The destination object is stored in this bucket., destinationObject: str # Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {destinationPredefinedAcl: str(authenticatedRead/bucketOwnerFullControl/bucketOwnerRead/private/projectPrivate/publicRead) # Apply a predefined set of access controls to the destination object., ifGenerationMatch: str # Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object., ifMetagenerationMatch: str # Makes the operation conditional on whether the object's current metageneration matches the given value., kmsKeyName: str # Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any., destination: map{acl: [map], bucket: str, cacheControl: str, componentCount: int(int32), contentDisposition: str, contentEncoding: str, contentLanguage: str, contentType: str, crc32c: str, customTime: str(date-time), customerEncryption: map, etag: str, eventBasedHold: bool, generation: str(int64), id: str, kind: str, kmsKeyName: str, md5Hash: str, mediaLink: str, metadata: map, metageneration: str(int64), name: str, owner: map, retentionExpirationTime: str(date-time), selfLink: str, size: str(uint64), storageClass: str, temporaryHold: bool, timeCreated: str(date-time), timeDeleted: str(date-time), timeStorageClassUpdated: str(date-time), updated: str(date-time)} # An object., kind: str=storage#composeRequest # The kind of item this is., sourceObjects: [map{generation: str(int64), name: str, objectPreconditions: map}] # The list of source objects that will be concatenated into a single object.}
@returns(200) {acl: [map], bucket: str, cacheControl: str, componentCount: int(int32), contentDisposition: str, contentEncoding: str, contentLanguage: str, contentType: str, crc32c: str, customTime: str(date-time), customerEncryption: map{encryptionAlgorithm: str, keySha256: str}, etag: str, eventBasedHold: bool, generation: str(int64), id: str, kind: str, kmsKeyName: str, md5Hash: str, mediaLink: str, metadata: map, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, retentionExpirationTime: str(date-time), selfLink: str, size: str(uint64), storageClass: str, temporaryHold: bool, timeCreated: str(date-time), timeDeleted: str(date-time), timeStorageClassUpdated: str(date-time), updated: str(date-time)} # Successful response

@endpoint POST /b/{sourceBucket}/o/{sourceObject}/copyTo/b/{destinationBucket}/o/{destinationObject}
@desc Copies a source object to a destination object. Optionally overrides metadata.
@required {sourceBucket: str # Name of the bucket in which to find the source object., sourceObject: str # Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts., destinationBucket: str # Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts., destinationObject: str # Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any.}
@optional {destinationKmsKeyName: str # Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any., destinationPredefinedAcl: str(authenticatedRead/bucketOwnerFullControl/bucketOwnerRead/private/projectPrivate/publicRead) # Apply a predefined set of access controls to the destination object., ifGenerationMatch: str # Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object., ifGenerationNotMatch: str # Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object., ifMetagenerationMatch: str # Makes the operation conditional on whether the destination object's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the operation conditional on whether the destination object's current metageneration does not match the given value., ifSourceGenerationMatch: str # Makes the operation conditional on whether the source object's current generation matches the given value., ifSourceGenerationNotMatch: str # Makes the operation conditional on whether the source object's current generation does not match the given value., ifSourceMetagenerationMatch: str # Makes the operation conditional on whether the source object's current metageneration matches the given value., ifSourceMetagenerationNotMatch: str # Makes the operation conditional on whether the source object's current metageneration does not match the given value., projection: str(full/noAcl) # Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full., sourceGeneration: str # If present, selects a specific revision of the source object (as opposed to the latest version, the default)., acl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map, role: str, selfLink: str}] # Access controls on the object., bucket: str # The name of the bucket containing this object., cacheControl: str # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600., componentCount: int(int32) # Number of underlying components that make up this object. Components are accumulated by compose operations., contentDisposition: str # Content-Disposition of the object data., contentEncoding: str # Content-Encoding of the object data., contentLanguage: str # Content-Language of the object data., contentType: str # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream., crc32c: str # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices., customTime: str(date-time) # A timestamp in RFC 3339 format specified by the user for an object., customerEncryption: map{encryptionAlgorithm: str, keySha256: str} # Metadata of customer-supplied encryption key, if the object is encrypted by such a key., etag: str # HTTP 1.1 Entity tag for the object., eventBasedHold: bool # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false., generation: str(int64) # The content generation of this object. Used for object versioning., id: str # The ID of the object, including the bucket name, object name, and generation number., kind: str=storage#object # The kind of item this is. For objects, this is always storage#object., kmsKeyName: str # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request., md5Hash: str # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices., mediaLink: str # Media download link., metadata: map # User-provided metadata, in key/value pairs., metageneration: str(int64) # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object., name: str # The name of the object. Required if not specified by URL parameter., owner: map{entity: str, entityId: str} # The owner of the object. This will always be the uploader of the object., retentionExpirationTime: str(date-time) # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold)., selfLink: str # The link to this object., size: str(uint64) # Content-Length of the data in bytes., storageClass: str # Storage class of the object., temporaryHold: bool # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object., timeCreated: str(date-time) # The creation time of the object in RFC 3339 format., timeDeleted: str(date-time) # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted., timeStorageClassUpdated: str(date-time) # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated., updated: str(date-time) # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.}
@returns(200) {acl: [map], bucket: str, cacheControl: str, componentCount: int(int32), contentDisposition: str, contentEncoding: str, contentLanguage: str, contentType: str, crc32c: str, customTime: str(date-time), customerEncryption: map{encryptionAlgorithm: str, keySha256: str}, etag: str, eventBasedHold: bool, generation: str(int64), id: str, kind: str, kmsKeyName: str, md5Hash: str, mediaLink: str, metadata: map, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, retentionExpirationTime: str(date-time), selfLink: str, size: str(uint64), storageClass: str, temporaryHold: bool, timeCreated: str(date-time), timeDeleted: str(date-time), timeStorageClassUpdated: str(date-time), updated: str(date-time)} # Successful response

@endpoint POST /b/{sourceBucket}/o/{sourceObject}/rewriteTo/b/{destinationBucket}/o/{destinationObject}
@desc Rewrites a source object to a destination object. Optionally overrides metadata.
@required {sourceBucket: str # Name of the bucket in which to find the source object., sourceObject: str # Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts., destinationBucket: str # Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any., destinationObject: str # Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.}
@optional {destinationKmsKeyName: str # Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any., destinationPredefinedAcl: str(authenticatedRead/bucketOwnerFullControl/bucketOwnerRead/private/projectPrivate/publicRead) # Apply a predefined set of access controls to the destination object., ifGenerationMatch: str # Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object., ifGenerationNotMatch: str # Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object., ifMetagenerationMatch: str # Makes the operation conditional on whether the destination object's current metageneration matches the given value., ifMetagenerationNotMatch: str # Makes the operation conditional on whether the destination object's current metageneration does not match the given value., ifSourceGenerationMatch: str # Makes the operation conditional on whether the source object's current generation matches the given value., ifSourceGenerationNotMatch: str # Makes the operation conditional on whether the source object's current generation does not match the given value., ifSourceMetagenerationMatch: str # Makes the operation conditional on whether the source object's current metageneration matches the given value., ifSourceMetagenerationNotMatch: str # Makes the operation conditional on whether the source object's current metageneration does not match the given value., maxBytesRewrittenPerCall: str # The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid., projection: str(full/noAcl) # Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full., rewriteToken: str # Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request., sourceGeneration: str # If present, selects a specific revision of the source object (as opposed to the latest version, the default)., acl: [map{bucket: str, domain: str, email: str, entity: str, entityId: str, etag: str, generation: str(int64), id: str, kind: str, object: str, projectTeam: map, role: str, selfLink: str}] # Access controls on the object., bucket: str # The name of the bucket containing this object., cacheControl: str # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600., componentCount: int(int32) # Number of underlying components that make up this object. Components are accumulated by compose operations., contentDisposition: str # Content-Disposition of the object data., contentEncoding: str # Content-Encoding of the object data., contentLanguage: str # Content-Language of the object data., contentType: str # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream., crc32c: str # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices., customTime: str(date-time) # A timestamp in RFC 3339 format specified by the user for an object., customerEncryption: map{encryptionAlgorithm: str, keySha256: str} # Metadata of customer-supplied encryption key, if the object is encrypted by such a key., etag: str # HTTP 1.1 Entity tag for the object., eventBasedHold: bool # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false., generation: str(int64) # The content generation of this object. Used for object versioning., id: str # The ID of the object, including the bucket name, object name, and generation number., kind: str=storage#object # The kind of item this is. For objects, this is always storage#object., kmsKeyName: str # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request., md5Hash: str # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices., mediaLink: str # Media download link., metadata: map # User-provided metadata, in key/value pairs., metageneration: str(int64) # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object., name: str # The name of the object. Required if not specified by URL parameter., owner: map{entity: str, entityId: str} # The owner of the object. This will always be the uploader of the object., retentionExpirationTime: str(date-time) # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold)., selfLink: str # The link to this object., size: str(uint64) # Content-Length of the data in bytes., storageClass: str # Storage class of the object., temporaryHold: bool # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object., timeCreated: str(date-time) # The creation time of the object in RFC 3339 format., timeDeleted: str(date-time) # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted., timeStorageClassUpdated: str(date-time) # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated., updated: str(date-time) # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.}
@returns(200) {done: bool, kind: str, objectSize: str(int64), resource: map{acl: [map], bucket: str, cacheControl: str, componentCount: int(int32), contentDisposition: str, contentEncoding: str, contentLanguage: str, contentType: str, crc32c: str, customTime: str(date-time), customerEncryption: map{encryptionAlgorithm: str, keySha256: str}, etag: str, eventBasedHold: bool, generation: str(int64), id: str, kind: str, kmsKeyName: str, md5Hash: str, mediaLink: str, metadata: map, metageneration: str(int64), name: str, owner: map{entity: str, entityId: str}, retentionExpirationTime: str(date-time), selfLink: str, size: str(uint64), storageClass: str, temporaryHold: bool, timeCreated: str(date-time), timeDeleted: str(date-time), timeStorageClassUpdated: str(date-time), updated: str(date-time)}, rewriteToken: str, totalBytesRewritten: str(int64)} # Successful response

@endgroup

@group channels
@endpoint POST /channels/stop
@desc Stop watching resources through this channel
@optional {address: str # The address where notifications are delivered for this channel., expiration: str(int64) # Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional., id: str # A UUID or similar unique string that identifies this channel., kind: str=api#channel # Identifies this as a notification channel used to watch for changes to a resource, which is "api#channel"., params: map # Additional parameters controlling delivery channel behavior. Optional., payload: bool # A Boolean value to indicate whether payload is wanted. Optional., resourceId: str # An opaque ID that identifies the resource being watched on this channel. Stable across different API versions., resourceUri: str # A version-specific identifier for the watched resource., token: str # An arbitrary string delivered to the target address with each notification delivered over this channel. Optional., type: str # The type of delivery mechanism used for this channel.}
@returns(200) Successful response

@endgroup

@group projects
@endpoint GET /projects/{projectId}/hmacKeys
@desc Retrieves a list of HMAC keys matching the criteria.
@required {projectId: str # Name of the project in which to look for HMAC keys.}
@optional {maxResults: int # Maximum number of items to return in a single page of responses. The service uses this parameter or 250 items, whichever is smaller. The max number of items per page will also be limited by the number of distinct service accounts in the response. If the number of service accounts in a single response is too high, the page will truncated and a next page token will be returned., pageToken: str # A previously-returned page token representing part of the larger set of results to view., serviceAccountEmail: str # If present, only keys for the given service account are returned., showDeletedKeys: bool # Whether or not to show keys in the DELETED state.}
@returns(200) {items: [map], kind: str, nextPageToken: str} # Successful response

@endpoint POST /projects/{projectId}/hmacKeys
@desc Creates a new HMAC key for the specified service account.
@required {projectId: str # Project ID owning the service account., serviceAccountEmail: str # Email address of the service account.}
@returns(200) {kind: str, metadata: map{accessId: str, etag: str, id: str, kind: str, projectId: str, selfLink: str, serviceAccountEmail: str, state: str, timeCreated: str(date-time), updated: str(date-time)}, secret: str} # Successful response

@endpoint DELETE /projects/{projectId}/hmacKeys/{accessId}
@desc Deletes an HMAC key.
@required {projectId: str # Project ID owning the requested key, accessId: str # Name of the HMAC key to be deleted.}
@returns(200) Successful response

@endpoint GET /projects/{projectId}/hmacKeys/{accessId}
@desc Retrieves an HMAC key's metadata
@required {projectId: str # Project ID owning the service account of the requested key., accessId: str # Name of the HMAC key.}
@returns(200) {accessId: str, etag: str, id: str, kind: str, projectId: str, selfLink: str, serviceAccountEmail: str, state: str, timeCreated: str(date-time), updated: str(date-time)} # Successful response

@endpoint PUT /projects/{projectId}/hmacKeys/{accessId}
@desc Updates the state of an HMAC key. See the HMAC Key resource descriptor for valid states.
@required {projectId: str # Project ID owning the service account of the updated key., accessId: str # Name of the HMAC key being updated.}
@optional {accessId: str # The ID of the HMAC Key., etag: str # HTTP 1.1 Entity tag for the HMAC key., id: str # The ID of the HMAC key, including the Project ID and the Access ID., kind: str=storage#hmacKeyMetadata # The kind of item this is. For HMAC Key metadata, this is always storage#hmacKeyMetadata., projectId: str # Project ID owning the service account to which the key authenticates., selfLink: str # The link to this resource., serviceAccountEmail: str # The email address of the key's associated service account., state: str # The state of the key. Can be one of ACTIVE, INACTIVE, or DELETED., timeCreated: str(date-time) # The creation time of the HMAC key in RFC 3339 format., updated: str(date-time) # The last modification time of the HMAC key metadata in RFC 3339 format.}
@returns(200) {accessId: str, etag: str, id: str, kind: str, projectId: str, selfLink: str, serviceAccountEmail: str, state: str, timeCreated: str(date-time), updated: str(date-time)} # Successful response

@endpoint GET /projects/{projectId}/serviceAccount
@desc Get the email address of this project's Google Cloud Storage service account.
@required {projectId: str # Project ID}
@returns(200) {email_address: str, kind: str} # Successful response

@endgroup

@end