# Appendix: SOAP API **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. This section describes the SOAP API with respect to service, bucket, and object operations. Note that SOAP requests, both authenticated and anonymous, must be sent to Amazon S3 using SSL. Amazon S3 returns an error when you send a SOAP request over HTTP. The latest Amazon S3 WSDL is available at [docs.aws.amazon.com/2006-03-01/AmazonS3.wsdl](https://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl). **Topics** + [Operations on the Service (SOAP API)](SOAPServiceOps.md) + [Operations on Buckets (SOAP API)](SOAPBucketsOps.md) + [Operations on Objects (SOAP API)](SOAPObjectsOps.md) + [Authenticating SOAP requests](SOAPAuthentication.md) + [Setting access policy with SOAP](SOAPAccessPolicy.md) + [Common elements](#SOAPCommon) + [SOAP Error Responses](SOAPErrorResponses.md) # Operations on the Service (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. This section describes operations you can perform on the Amazon S3 service. **Topics** + [ListAllMyBuckets (SOAP API)](SOAPListAllMyBuckets.md) # ListAllMyBuckets (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `ListAllMyBuckets` operation returns a list of all buckets owned by the sender of the request. **Example** `Sample Request` ``` 1. 2. AKIAIOSFODNN7EXAMPLE 3. 2006-03-01T12:00:00.183Z 4. Iuyz3d3P0aTou39dzbqaEXAMPLE= 5. ``` `Sample Response` ``` 1. 2. 3. bcaf1ffd86f41161ca5fb16fd081034f 4. webfile 5. 6. 7. 8. quotes;/Name> 9. 2006-02-03T16:45:09.000Z 10. 11. 12. samples 13. 2006-02-03T16:41:58.000Z 14. 15. 16. ``` ## Response Body + `Owner:` This provides information that Amazon S3 uses to represent your identity for purposes of authentication and access control. ID is a unique and permanent identifier for the developer who made the request. DisplayName is a human-readable name representing the developer who made the request. It is not unique, and might change over time.We recommend that you match your DisplayName to your Forum name. + `Name:` The name of a bucket. Note that if one of your buckets was recently deleted, the name of the deleted bucket might still be present in this list for a period of time. + `CreationDate:` The time that the bucket was created. ## Access Control You must authenticate with a valid AWS Access Key ID. Anonymous requests are never allowed to list buckets, and you can only list buckets for which you are the owner. # Operations on Buckets (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. This section describes operations you can perform on Amazon S3 buckets. **Topics** + [CreateBucket (SOAP API)](SOAPCreateBucket.md) + [DeleteBucket (SOAP API)](SOAPDeleteBucket.md) + [ListBucket (SOAP API)](SOAPListBucket.md) + [GetBucketAccessControlPolicy (SOAP API)](SOAPGetBucketAccessControlPolicy.md) + [SetBucketAccessControlPolicy (SOAP API)](SOAPSetBucketAccessControlPolicy.md) + [GetBucketLoggingStatus (SOAP API)](SOAPGetBucketLoggingStatus.md) + [SetBucketLoggingStatus (SOAP API)](SOAPSetBucketLoggingStatus.md) # CreateBucket (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `CreateBucket` operation creates a bucket. Not every string is an acceptable bucket name. For information on bucket naming restrictions, see [Working with Amazon S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html) . **Note** To determine whether a bucket name exists, use `ListBucket` and set `MaxKeys` to 0. A NoSuchBucket response indicates that the bucket is available, an AccessDenied response indicates that someone else owns the bucket, and a Success response indicates that you own the bucket or have permission to access it. **Example Create a bucket named "quotes"** `Sample Request` ``` 1. 2. quotes 3. AKIAIOSFODNN7EXAMPLE 4. 2006-03-01T12:00:00.183Z 5. Iuyz3d3P0aTou39dzbqaEXAMPLE= 6. ``` `Sample Response` ``` 1. 2. 3. quotes 4. 5. ``` ## Elements + `Bucket:` The name of the bucket you are trying to create. + `AccessControlList:` The access control list for the new bucket. This element is optional. If not provided, the bucket is created with an access policy that give the requester FULL\$1CONTROL access. ## Access Control You must authenticate with a valid AWS Access Key ID. Anonymous requests are never allowed to create buckets. ## Related Resources + [ListBucket (SOAP API)](SOAPListBucket.md) # DeleteBucket (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `DeleteBucket` operation deletes a bucket. All objects in the bucket must be deleted before the bucket itself can be deleted. **Example** This example deletes the "quotes" bucket. `Sample Request` ``` 1. 2. quotes 3. AKIAIOSFODNN7EXAMPLE 4. 2006-03-01T12:00:00.183Z 5. Iuyz3d3P0aTou39dzbqaEXAMPLE= 6. ``` `Sample Response` ``` 1. 2. 3. 204 4. No Content 5. 6. ``` ## Elements + `Bucket:` The name of the bucket you want to delete. ## Access Control Only the owner of a bucket is allowed to delete it, regardless the access control policy on the bucket. # ListBucket (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `ListBucket` operation returns information about some of the items in the bucket. For a general introduction to the list operation, see the [Listing Object Keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html). ## Requests This example lists up to 1000 keys in the "quotes" bucket that have the prefix "notes." ### Syntax ``` 1. 2. quotes 3. notes/ 4. / 5. 1000 6. AKIAIOSFODNN7EXAMPLE 7. 2006-03-01T12:00:00.183Z 8. Iuyz3d3P0aTou39dzbqaEXAMPLE= 9. ``` ### Parameters | Name | Description | Required | | --- | --- | --- | | prefix | Limits the response to keys which begin with the indicated prefix. You can use prefixes to separate a bucket into different sets of keys in a way similar to how a file system uses folders. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [ XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). Type: String Default: None | No | | marker | Indicates where in the bucket to begin listing. The list will only include keys that occur lexicographically after marker. This is convenient for pagination: To get the next page of results use the last key of the current page as the marker. Type: String Default: None | No | | max-keys | The maximum number of keys you'd like to see in the response body. The server might return fewer than this many keys, but will not return more. Type: String Default: None | No | | delimiter | Causes keys that contain the same string between the prefix and the first occurrence of the delimiter to be rolled up into a single result element in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere in the response. Type: String Default: None | No | ## Success Response This response assumes the bucket contains the following keys: ``` 1. notes/todos.txt 2. notes/2005-05-23/customer_mtg_notes.txt 3. notes/2005-05-23/phone_notes.txt 4. notes/2005-05-28/sales_notes.txt ``` ### Syntax ``` 1. 2. 3. backups 4. notes/ 5. 1000 6. / 7. false 8. 9. notes/todos.txt 10. 2006-01-01T12:00:00.000Z 11. "828ef3fdfa96f00ad9f27c383fc9ac7f" 12. 5126 13. STANDARD 14. 15. 75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a 16. webfile 17. 18. STANDARD 19. 20. 21. notes/2005-05-23/ 22. 23. 24. notes/2005-05-28/ 25. 26. ``` As you can see, many of the fields in the response echo the request parameters. `IsTruncated`, `Contents`, and `CommonPrefixes` are the only response elements that can contain new information. ### Response Elements | Name | Description | | --- | --- | | Contents | Metadata about each object returned. Type: XML metadata Ancestor: ListBucketResult | | CommonPrefixes | A response can contain `CommonPrefixes` only if you specify a `delimiter`. When you do, `CommonPrefixes` contains all (if there are any) keys between `Prefix` and the next occurrence of the string specified by `delimiter`. In effect, `CommonPrefixes` lists keys that act like subdirectories in the directory specified by `Prefix`. For example, if `prefix` is `notes/` and `delimiter` is a slash (/), in `notes/summer/july`, the common prefix is `notes/summer/`. Type: String Ancestor: ListBucketResult | | Delimiter | Causes keys that contain the same string between the prefix and the first occurrence of the delimiter to be rolled up into a single result element in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere in the response. Type: String Ancestor: ListBucketResult | | IsTruncated | Specifies whether (true) or not (false) all of the results were returned. All of the results may not be returned if the number of results exceeds that specified by `MaxKeys`. Type: String Ancestor: boolean | | Marker | Indicates where in the bucket to begin listing. Type: String Ancestor: ListBucketResult | | MaxKeys | The maximum number of keys returned in the response body. Type: String Ancestor: ListBucketResult | | Name | Name of the bucket. Type: String Ancestor: ListBucketResult | | Prefix | Keys that begin with the indicated prefix. Type: String Ancestor: ListBucketResult | ## Response Body For information about the list response, see [Listing Keys Response](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html). ## Access Control To list the keys of a bucket you need to have been granted `READ` access on the bucket. # GetBucketAccessControlPolicy (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `GetBucketAccessControlPolicy` operation fetches the access control policy for a bucket. **Example** This example retrieves the access control policy for the "quotes" bucket. `Sample Request` ``` 1. 2. quotes 3. AKIAIOSFODNN7EXAMPLE 4. 2006-03-01T12:00:00.183Z 5. Iuyz3d3P0aTou39dzbqaEXAMPLE= 6. ``` `Sample Response` ``` 1. 2. 3. a9a7b886d6fd2441bf9b1c61be666e9 4. chriscustomer 5. 6. 7. 8. 9. a9a7b886d6f41bf9b1c61be666e9 10. chriscustomer 11. 12. FULL_CONTROL 13. 14. 15. 16. http://acs.amazonaws.com/groups/global/AllUsers 17. 18. READ 19. 20. 21. ``` ## Response Body The response contains the access control policy for the bucket. For an explanation of this response, see [SOAP Access Policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/SOAPAccessPolicy.html) . ## Access Control You must have `READ_ACP` rights to the bucket in order to retrieve the access control policy for a bucket. # SetBucketAccessControlPolicy (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `SetBucketAccessControlPolicy` operation sets the Access Control Policy for an existing bucket. If successful, the previous Access Control Policy for the bucket is entirely replaced with the specified Access Control Policy. **Example** Give the specified user (usually the owner) `FULL_CONTROL` access to the "quotes" bucket. `Sample Request` ``` 1. 2. quotes 3. 4. 5. 6. a9a7b8863000e241bf9b1c61be666e9 7. chriscustomer 8. 9. FULL_CONTROL 10. 11. 12. AKIAIOSFODNN7EXAMPLE 13. 2006-03-01T12:00:00.183Z 14. Iuyz3d3P0aTou39dzbqaEXAMPLE= 15. ``` `Sample Response` ``` 1. 2. 3. 200 4. OK 5. 6. ``` ## Access Control You must have `WRITE_ACP` rights to the bucket in order to set the access control policy for a bucket. # GetBucketLoggingStatus (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `GetBucketLoggingStatus` retrieves the logging status for an existing bucket. For a general introduction to this feature, see [Server Logs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html). **Example** `Sample Request` ``` 1. 2. 3. 4. 5. mybucket 6. YOUR_AWS_ACCESS_KEY_ID 7. 2006-03-01T12:00:00.183Z 8. YOUR_SIGNATURE_HERE 9. 10. 11. ``` `Sample Response` ``` 1. 2. 3. 4. 5. 6. 7. 8. 9. mylogs 10. mybucket-access_log- 11. 12. 13. 14. 15. ``` ## Access Control Only the owner of a bucket is permitted to invoke this operation. # SetBucketLoggingStatus (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `SetBucketLoggingStatus` operation updates the logging status for an existing bucket. For a general introduction to this feature, see [Server Logs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html). **Example** This sample request enables server access logging for the 'mybucket' bucket, and configures the logs to be delivered to 'mylogs' under prefix 'access\$1log-' `Sample Request` ``` 1. 2. 3. 4. 5. myBucket 6. YOUR_AWS_ACCESS_KEY_ID 7. 2006-03-01T12:00:00.183Z 8. YOUR_SIGNATURE_HERE 9. 10. 11. mylogs 12. mybucket-access_log- 13. 14. 15. 16. 17. : ``` `Sample Response` ``` 1. 2. 3. 4. 5. 6. 7. 8. ``` ## Access Control Only the owner of a bucket is permitted to invoke this operation. # Operations on Objects (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. This section describes operations you can perform on Amazon S3 objects. **Topics** + [PutObjectInline (SOAP API)](SOAPPutObjectInline.md) + [PutObject (SOAP API)](SOAPPutObject.md) + [CopyObject (SOAP API)](SOAPCopyObject.md) + [GetObject (SOAP API)](SOAPGetObject.md) + [GetObjectExtended (SOAP API)](SOAPGetObjectExtended.md) + [DeleteObject (SOAP API)](SOAPDeleteObject.md) + [GetObjectAccessControlPolicy (SOAP API)](SOAPGetObjectAccessControlPolicy.md) + [SetObjectAccessControlPolicy (SOAP API)](SOAPSetObjectAccessControlPolicy.md) # PutObjectInline (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `PutObjectInline` operation adds an object to a bucket. The data for the object is provided in the body of the SOAP message. If an object already exists in a bucket, the new object will overwrite it because Amazon S3 stores the last write request. However, Amazon S3 is a distributed system. If Amazon S3 receives multiple write requests for the same object nearly simultaneously, all of the objects might be stored, even though only one wins in the end. Amazon S3 does not provide object locking; if you need this, make sure to build it into your application layer. To ensure an object is not corrupted over the network, you can calculate the MD5 of an object, PUT it to Amazon S3, and compare the returned Etag to the calculated MD5 value. PutObjectInline is not suitable for use with large objects. The system limits this operation to working with objects 1MB or smaller. PutObjectInline will fail with the `InlineDataTooLargeError` status code if the Data parameter encodes an object larger than 1MB. To upload large objects, consider using the non-inline PutObject API, or the REST API instead. **Example** This example writes some text and metadata into the "Nelson" object in the "quotes" bucket, give a user (usually the owner) `FULL_CONTROL` access to the object, and make the object readable by anonymous parties. `Sample Request` ``` 1. 2. quotes 3. Nelson 4. 5. Content-Type 6. text/plain 7. 8. 9. family 10. Muntz 11. 12. aGEtaGE= 13. 5 14. 15. 16. 17. a9a7b886d6fde241bf9b1c61be666e9 18. chriscustomer 19. 20. FULL_CONTROL 21. 22. 23. 24. http://acs.amazonaws.com/groups/global/AllUsers 25. 26. READ 27. 28. 29. AKIAIOSFODNN7EXAMPLE 30. 2006-03-01T12:00:00.183Z 31. Iuyz3d3P0aTou39dzbqaEXAMPLE= 32. ``` `Sample Response` ``` 1. 2. 3. "828ef3fdfa96f00ad9f27c383fc9ac7f" 4. 2006-01-01T12:00:00.000Z 5. 6. ``` ## Elements + `Bucket:` The bucket in which to add the object. + `Key:` The key to assign to the object. **Important** Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [ XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + `Metadata:` You can provide name-value metadata pairs in the metadata element. These will be stored with the object. + `Data:` The base 64 encoded form of the data. + `ContentLength:` The length of the data in bytes. + `AccessControlList:` An Access Control List for the resource. This element is optional. If omitted, the requester is given `FULL_CONTROL` access to the object. If the object already exists, the preexisting access control policy is replaced. ## Responses + `ETag:` The entity tag is an MD5 hash of the object that you can use to do conditional fetches of the object using `GetObjectExtended`. The ETag only reflects changes to the contents of an object, not its metadata. + `LastModified:` The Amazon S3 timestamp for the saved object. ## Access Control You must have `WRITE` access to the bucket in order to put objects into the bucket. ## Related Resources + [PutObject (SOAP API)](SOAPPutObject.md) + [CopyObject (SOAP API)](SOAPCopyObject.md) # PutObject (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `PutObject` operation adds an object to a bucket. The data for the object is attached as a DIME attachment. To ensure an object is not corrupted over the network, you can calculate the MD5 of an object, PUT it to Amazon S3, and compare the returned Etag to the calculated MD5 value. If an object already exists in a bucket, the new object will overwrite it because Amazon S3 stores the last write request. However, Amazon S3 is a distributed system. If Amazon S3 receives multiple write requests for the same object nearly simultaneously, all of the objects might be stored, even though only one wins in the end. Amazon S3 does not provide object locking; if you need this, make sure to build it into your application layer. **Example** This example puts some data and metadata in the "Nelson" object of the "quotes" bucket, give a user (usually the owner) `FULL_CONTROL` access to the object, and make the object readable by anonymous parties. In this sample, the actual attachment is not shown. `Sample Request` ``` 1. 2. quotes 3. Nelson 4. 5. Content-Type 6. text/plain 7. 8. 9. family 10. Muntz 11. 12. 5 13. 14. 15. 16. a9a7b886d6241bf9b1c61be666e9 17. chriscustomer 18. 19. FULL_CONTROL 20. 21. 22. 23. http://acs.amazonaws.com/groups/global/AllUsers 24. 25. READ 26. 27. 28. AKIAIOSFODNN7EXAMPLE 29. 2007-05-11T12:00:00.183Z 30. Iuyz3d3P0aTou39dzbqaEXAMPLE= 31. ``` `Sample Response` ``` 1. 2. 3. "828ef3fdfa96f00ad9f27c383fc9ac7f" 4. 2006-03-01T12:00:00.183Z 5. 6. ``` ## Elements + `Bucket:` The bucket in which to add the object. + `Key:` The key to assign to the object. **Important** Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [ XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + `Metadata:` You can provide name-value metadata pairs in the metadata element. These will be stored with the object. + `ContentLength:` The length of the data in bytes. + `AccessControlList:` An Access Control List for the resource. This element is optional. If omitted, the requester is given `FULL_CONTROL` access to the object. If the object already exists, the preexisting Access Control Policy is replaced. ## Responses + `ETag:` The entity tag is an MD5 hash of the object that you can use to do conditional fetches of the object using `GetObjectExtended`. The ETag only reflects changes to the contents of an object, not its metadata. + `LastModified:` The Amazon S3 timestamp for the saved object. ## Access Control To put objects into a bucket, you must have `WRITE` access to the bucket. ## Related Resources + [CopyObject (SOAP API)](SOAPCopyObject.md) # CopyObject (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. ## Description The `CopyObject` operation creates a copy of an object when you specify the key and bucket of a source object and the key and bucket of a target destination. When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to `private` for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see [Using ACLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3_ACLs_UsingACLs.html). All copy requests must be authenticated. Additionally, you must have *read* access to the source object and *write* access to the destination bucket. For more information, see [Using Auth Access](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). To only copy an object under certain conditions, such as whether the Etag matches or whether the object was modified before or after a specified date, use the request parameters `CopySourceIfUnmodifiedSince`, `CopyIfUnmodifiedSince`, `CopySourceIfMatch`, or `CopySourceIfNoneMatch`. **Note** You might need to configure the SOAP stack socket timeout for copying large objects. ## Request Syntax ``` 1. 2. source_bucket 3. source_object 4. destination_bucket 5. destination_object 6. {REPLACE | COPY} 7. 8. metadata_name 9. metadata_value 10. 11. ... 12. 13. 14. 15. user_id 16. display_name 17. 18. permission 19. 20. ... 21. 22. etag 23. etag 24. date_time 25. date_time 26. AWSAccessKeyId 27. TimeStamp 28. Signature 29. ``` ## Request Parameters | Name | Description | Required | | --- | --- | --- | | SourceBucket | The name of the source bucket. Type: String Default: None Constraints: A valid source bucket. | Yes | | SourceKey | The key name of the source object. Type: String Default: None Constraints: The key for a valid source object to which you have READ access. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [ XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). | Yes | | DestinationBucket | The name of the destination bucket. Type: String Default: None Constraints: You must have WRITE access to the destination bucket. | Yes | | DestinationKey | The key of the destination object. Type: String Default: None Constraints: You must have WRITE access to the destination bucket. | Yes | | MetadataDirective | Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Type: String Default: COPY Valid values: COPY \$1 REPLACE Constraints: Values other than `COPY` or `REPLACE` will result in an immediate error. You cannot copy an object to itself unless the MetadataDirective header is specified and its value set to `REPLACE`. | No | | Metadata | Specifies metadata name-value pairs to set for the object.If MetadataDirective is set to `COPY`, all metadata is ignored. Type: String Default: None Constraints: None. | No | | AccessControlList | Grants access to users by e-mail addresses or canonical user ID. Type: String Default: None Constraints: None | No | | CopySourceIfMatch | Copies the object if its entity tag (ETag) matches the specified tag; otherwise return a PreconditionFailed. Type: String Default: None Constraints: None. If the Etag does not match, the object is not copied. | No | | CopySourceIfNoneMatch | Copies the object if its entity tag (ETag) is different than the specified Etag; otherwise returns an error. Type: String Default: None Constraints: None. | No | | CopySourceIfUnmodifiedSince | Copies the object if it hasn't been modified since the specified time; otherwise returns a PreconditionFailed. Type: dateTime Default: None | No | | CopySourceIfModifiedSince | Copies the object if it has been modified since the specified time; otherwise returns an error. Type: dateTime Default: None | No | ## Response Syntax ``` 1. 2. 3. "etag" 4. timestamp 5. 6. ``` ## Response Elements Following is a list of response elements. **Note** The SOAP API does not return extra whitespace. Extra whitespace is only returned by the REST API. | Name | Description | | --- | --- | | Etag | Returns the etag of the new object. The ETag only reflects changes to the contents of an object, not its metadata. Type: String Ancestor: CopyObjectResult | | LastModified | Returns the date the object was last modified. Type: String Ancestor: CopyObjectResult | For information about general response elements, see [Using REST Error Response Headers](https://docs.aws.amazon.com/AmazonS3/latest/userguide/HandlingErrors.html#UsingRESTErrorResponseHeaders). ## Special Errors There are no special errors for this operation. For information about general Amazon S3 errors, see [List of error codes](ErrorResponses.md#ErrorCodeList). ## Examples This example copies the `flotsam` object from the `pacific` bucket to the `jetsam` object of the `atlantic` bucket, preserving its metadata. ### Sample Request ``` 1. 2. pacific 3. flotsam 4. atlantic 5. jetsam 6. AKIAIOSFODNN7EXAMPLE 7. 2008-02-18T13:54:10.183Z 8. Iuyz3d3P0aTou39dzbq7RrtSFmw= 9. ``` ### Sample Response ``` 1. 2. 3. "828ef3fdfa96f00ad9f27c383fc9ac7f" 4. 2008-02-18T13:54:10.183Z 5. 6. ``` This example copies the "tweedledee" object from the wonderland bucket to the "tweedledum" object of the wonderland bucket, replacing its metadata. ### Sample Request ``` 1. 2. wonderland 3. tweedledee 4. wonderland 5. tweedledum 6. REPLACE 7. 8. Content-Type 9. text/plain 10. 11. 12. relationship 13. twins 14. 15. AKIAIOSFODNN7EXAMPLE 16. 2008-02-18T13:54:10.183Z 17. Iuyz3d3P0aTou39dzbq7RrtSFmw= 18. ``` ### Sample Response ``` 1. 2. 3. "828ef3fdfa96f00ad9f27c383fc9ac7f" 4. 2008-02-18T13:54:10.183Z 5. 6. ``` ## Related Resources + [PutObject (SOAP API)](SOAPPutObject.md) + [PutObjectInline (SOAP API)](SOAPPutObjectInline.md) # GetObject (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `GetObject` operation returns the current version of an object. If you try to `GetObject` an object that has a delete marker as its current version, S3 returns a 404 error. You cannot use the SOAP API to retrieve a specified version of an object. To do that, use the REST API. For more information, see [Versioning](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html). For more options, use the [GetObjectExtended (SOAP API)](SOAPGetObjectExtended.md) operation. **Note** Object key names with the value "soap" aren't supported for [virtual-hosted-style requests](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#virtual-hosted-style-access). For object key name values where "soap" is used, a [path-style URL](https://docs.aws.amazon.com//AmazonS3/latest/userguide/VirtualHosting.html#path-style-access) must be used instead. **Example** This example gets the "Nelson" object from the "quotes" bucket. `Sample Request` ``` 1. 2. quotes 3. Nelson 4. true 5. true 6. true 7. AKIAIOSFODNN7EXAMPLE 8. 2006-03-01T12:00:00.183Z 9. Iuyz3d3P0aTou39dzbqaEXAMPLE= 10. ``` `Sample Response` ``` 1. 2. 3. 4. 200 5. OK 6. 7. 8. Content-Type 9. text/plain 10. 11. 12. family 13. Muntz 14. 15. aGEtaGE= 16. 2006-01-01T12:00:00.000Z 17. "828ef3fdfa96f00ad9f27c383fc9ac7f" 18. 19. ``` ## Elements + `Bucket:` The bucket from which to retrieve the object. + `Key:` The key that identifies the object. **Important** Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [ XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + `GetMetadata:` The metadata is returned with the object if this is true. + `GetData:` The object data is returned if this is true. + `InlineData:` If this is true, then the data is returned, base 64-encoded, as part of the SOAP body of the response. If false, then the data is returned as a SOAP attachment. The InlineData option is not suitable for use with large objects. The system limits this operation to working with 1MB of data or less. A GetObject request with the InlineData flag set will fail with the `InlineDataTooLargeError` status code if the resulting Data parameter would have encoded more than 1MB. To download large objects, consider calling GetObject without setting the InlineData flag, or use the REST API instead. ## Returned Elements + `Metadata:` The name-value paired metadata stored with the object. + `Data:` If InlineData was true in the request, this contains the base 64 encoded object data. + `LastModified:` The time that the object was stored in Amazon S3. + `ETag:` The object's entity tag. This is a hash of the object that can be used to do conditional gets. The ETag only reflects changes to the contents of an object, not its metadata. ## Access Control You can read an object only if you have been granted `READ` access to the object. ## SOAP Chunked and Resumable Downloads To provide `GET` flexibility, Amazon S3 supports chunked and resumable downloads. Select from the following: + For large object downloads, you might want to break them into smaller chunks. For more information, see [Range GETs](#SOAPRangeGETs) + For `GET` operations that fail, you can design your application to download the remainder instead of the entire file. For more information, see [REST GET Error Recovery](#SOAPGETErrorRecovery) ### Range GETs For some clients, you might want to break large downloads into smaller downloads. To break a GET into smaller units, use Range. Before you can break a GET into smaller units, you must determine its size. For example, the following request gets the size of the bigfile object. ``` 1. 2. bigbucket 3. bigfile 4. 1 5. AKIAIOSFODNN7EXAMPLE 6. 2006-03-01T12:00:00.183Z 7. Iuyz3d3P0aTou39dzbqaEXAMPLE= 8. ``` Amazon S3 returns the following response. ``` 1. 2. quotes 3. N 4. 1 5. false 6. 7. bigfile 8. 2006-01-01T12:00:00.000Z 9. "828ef3fdfa96f00ad9f27c383fc9ac7f" 10. 2023276 11. STANDARD 12. 13. bcaf1ffd86f41161ca5fb16fd081034f 14. bigfile 15. 16. 17. ``` Following is a request that downloads the first megabyte from the bigfile object. ``` 1. 2. bigbucket 3. bigfile 4. true 5. true 6. true 7. 0 8. 1048576 9. AKIAIOSFODNN7EXAMPLE 10. 2006-03-01T12:00:00.183Z 11. Iuyz3d3P0aTou39dzbqaEXAMPLE= 12. ``` Amazon S3 returns the first megabyte of the file and the Etag of the file. ``` 1. 2. 3. 4. 200 5. OK 6. 7. 8. Content-Type 9. text/plain 10. 11. 12. family 13. Muntz 14. 15. --first megabyte of bigfile-- 16. 2006-01-01T12:00:00.000Z 17. "828ef3fdfa96f00ad9f27c383fc9ac7f" 18. 19. ``` To ensure the file did not change since the previous portion was downloaded, specify the IfMatch element. Although the IfMatch element is not required, it is recommended for content that is likely to change. The following is a request that gets the remainder of the file, using the IfMatch request header. ``` 1. 2. bigbucket 3. bigfile 4. true 5. true 6. true 7. 10485761 8. 2023276 9. "828ef3fdfa96f00ad9f27c383fc9ac7f" 10. AKIAIOSFODNN7EXAMPLE 11. 2006-03-01T12:00:00.183Z 12. Iuyz3d3P0aTou39dzbqaEXAMPLE= 13. ``` Amazon S3 returns the following response and the remainder of the file. ``` 1. 2. 3. 4. 200 5. OK 6. 7. 8. Content-Type 9. text/plain 10. 11. 12. family 13. >Muntz 14. 15. --remainder of bigfile-- 16. 2006-01-01T12:00:00.000Z 17. "828ef3fdfa96f00ad9f27c383fc9ac7f" 18. 19. ``` ### Versioned GetObject The following request returns the specified version of the object in the bucket. ``` 1. 2. quotes 3. Nelson 4. true 5. true 6. true 7. AKIAIOSFODNN7EXAMPLE 8. 2006-03-01T12:00:00.183Z 9. Iuyz3d3P0aTou39dzbqaEXAMPLE= 10. ``` Sample Response ``` 1. 2. 3. 4. 200 5. OK 6. 7. 8. Content-Type 9. text/plain 10. 11. 12. family 13. Muntz 14. 15. aGEtaGE= 16. 2006-01-01T12:00:00.000Z 17. "828ef3fdfa96f00ad9f27c383fc9ac7f" 18. 19. ``` ### REST GET Error Recovery If an object GET fails, you can get the rest of the file by specifying the range to download. To do so, you must get the size of the object using `ListBucket` and perform a range `GET` on the remainder of the file. For more information, see [GetObjectExtended (SOAP API)](SOAPGetObjectExtended.md). ### Related Resources [Operations on Objects (SOAP API)](SOAPObjectsOps.md) # GetObjectExtended (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. `GetObjectExtended` is exactly like [GetObject (SOAP API)](SOAPGetObject.md), except that it supports the following additional elements that can be used to accomplish much of the same functionality provided by HTTP GET headers (go to [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html)). GetObjectExtended supports the following elements in addition to those supported by GetObject: + `ByteRangeStart, ByteRangeEnd:` These elements specify that only a portion of the object data should be retrieved. They follow the behavior of the HTTP byte ranges (go to [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html\$1sec14.35](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35)). + `IfModifiedSince:` Return the object only if the object's timestamp is later than the specified timestamp. ([http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html\$1sec14.25](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.25)) + `IfUnmodifiedSince:` Return the object only if the object's timestamp is earlier than or equal to the specified timestamp. (go to [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html\$1sec14.28](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.28)) + `IfMatch:` Return the object only if its ETag matches the supplied tag(s). (go to [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html\$1sec14.24](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.24)) + `IfNoneMatch:` Return the object only if its ETag does not match the supplied tag(s). (go to [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html\$1sec14.26](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26)) + `ReturnCompleteObjectOnConditionFailure:`ReturnCompleteObjectOnConditionFailure: If true, then if the request includes a range element and one or both of IfUnmodifiedSince/IfMatch elements, and the condition fails, return the entire object rather than a fault. This enables the If-Range functionality (go to [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html\$1sec14.27](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.27)). # DeleteObject (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `DeleteObject` operation removes the specified object from Amazon S3. Once deleted, there is no method to restore or undelete an object. **Note** If you delete an object that does not exist, Amazon S3 will return a success (not an error message). **Example** This example deletes the "Nelson" object from the "quotes" bucket. `Sample Request` ``` 1. 2. quotes 3. Nelson 4. AKIAIOSFODNN7EXAMPLE 5. 2006-03-01T12:00:00.183Z 6. Iuyz3d3P0aTou39dzbqaEXAMPLE= 7. ``` `Sample Response` ``` 1. 2. 3. 200 4. OK 5. 6. ``` ## Elements + `Bucket:` The bucket that holds the object. + `Key:` The key that identifies the object. **Important** Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [ XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). ## Access Control You can delete an object only if you have `WRITE` access to the bucket, regardless of who owns the object or what rights are granted to it. # GetObjectAccessControlPolicy (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `GetObjectAccessControlPolicy` operation fetches the access control policy for an object. **Important** Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [ XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). **Example** This example retrieves the access control policy for the "Nelson" object from the "quotes" bucket. `Sample Request` ``` 1. 2. quotes 3. Nelson 4. AKIAIOSFODNN7EXAMPLE 5. 2006-03-01T12:00:00.183Z 6. Iuyz3d3P0aTou39dzbqaEXAMPLE= 7. ``` `Sample Response` ``` 1. 2. 3. a9a7b886d6fd24a541bf9b1c61be666e9 4. chriscustomer 5. 6. 7. 8. 9. a9a7b841bf9b1c61be666e9 10. chriscustomer 11. 12. FULL_CONTROL 13. 14. 15. 16. http://acs.amazonaws.com/groups/global/AllUsers 17. 18. READ 19. 20. 21. ``` ## Response Body The response contains the access control policy for the bucket. For an explanation of this response, [SOAP Access Policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/SOAPAccessPolicy.html) . ## Access Control You must have `READ_ACP` rights to the object in order to retrieve the access control policy for an object. # SetObjectAccessControlPolicy (SOAP API) **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. The `SetObjectAccessControlPolicy` operation sets the access control policy for an existing object. If successful, the previous access control policy for the object is entirely replaced with the specified access control policy. **Example** This example gives the specified user (usually the owner) `FULL_CONTROL` access to the "Nelson" object from the "quotes" bucket. `Sample Request` ``` 1. 2. quotes 3. Nelson 4. 5. 6. 7. a9a7b886d6fd24a52fe8ca5bef65f89a64e0193f23000e241bf9b1c61be666e9 8. chriscustomer 9. 10. FULL_CONTROL 11. 12. 13. AKIAIOSFODNN7EXAMPLE 14. 2006-03-01T12:00:00.183Z 15. Iuyz3d3P0aTou39dzbqaEXAMPLE= 16. ``` `Sample Response` ``` 1. 2. 3. 200 4. OK 5. 6. ``` ## Key **Important** Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see [ XML related object key constraints](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). ## Access Control You must have `WRITE_ACP` rights to the object in order to set the access control policy for a bucket. # Authenticating SOAP requests **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. Every non-anonymous request must contain authentication information to establish the identity of the principal making the request. In SOAP, the authentication information is put into the following elements of the SOAP request: + Your AWS Access Key ID **Note** When making authenticated SOAP requests, temporary security credentials are not supported. For more information about types of credentials, see [Making requests](MakingRequests.md). + `Timestamp:` This must be a dateTime (go to [http://www.w3.org/TR/xmlschema-2/\$1dateTime](http://www.w3.org/TR/xmlschema-2/#dateTime)) in the Coordinated Universal Time (Greenwich Mean Time) time zone, such as `2009-01-01T12:00:00.000Z`. Authorization will fail if this timestamp is more than 15 minutes away from the clock on Amazon S3 servers. + `Signature:` The RFC 2104 HMAC-SHA1 digest (go to [http://www.ietf.org/rfc/rfc2104.txt](http://www.ietf.org/rfc/rfc2104.txt)) of the concatenation of "AmazonS3" \$1 OPERATION \$1 Timestamp, using your AWS Secret Access Key as the key. For example, in the following CreateBucket sample request, the signature element would contain the HMAC-SHA1 digest of the value "AmazonS3CreateBucket2009-01-01T12:00:00.000Z": For example, in the following CreateBucket sample request, the signature element would contain the HMAC-SHA1 digest of the value "AmazonS3CreateBucket2009-01-01T12:00:00.000Z": **Example** ``` 1. 2. quotes 3. private 4. AKIAIOSFODNN7EXAMPLE 5. 2009-01-01T12:00:00.000Z 6. Iuyz3d3P0aTou39dzbqaEXAMPLE= 7. ``` **Note** SOAP requests, both authenticated and anonymous, must be sent to Amazon S3 using SSL. Amazon S3 returns an error when you send a SOAP request over HTTP. **Important** Due to different interpretations regarding how extra time precision should be dropped, .NET users should take care not to send Amazon S3 overly specific time stamps. This can be accomplished by manually constructing `DateTime` objects with only millisecond precision. # Setting access policy with SOAP **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. Access control can be set at the time a bucket or object is written by including the "AccessControlList" element with the request to `CreateBucket`, `PutObjectInline`, or `PutObject`. The AccessControlList element is described in [Identity and Access Management for Amazon S3 ](https://docs.aws.amazon.com//AmazonS3/latest/userguide/security-iam.html). If no access control list is specified with these operations, the resource is created with a default access policy that gives the requester FULL\$1CONTROL access (this is the case even if the request is a PutObjectInline or PutObject request for an object that already exists). Following is a request that writes data to an object, makes the object readable by anonymous principals, and gives the specified user FULL\$1CONTROL rights to the bucket (Most developers will want to give themselves FULL\$1CONTROL access to their own bucket). **Example** Following is a request that writes data to an object and makes the object readable by anonymous principals. `Sample Request` ``` 1. 2. quotes 3. Nelson 4. 5. Content-Type 6. text/plain 7. 8. aGEtaGE= 9. 5 10. 11. 12. 13. 75cc57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a 14. chriscustomer 15. 16. FULL_CONTROL 17. 18. 19. 20. http://acs.amazonaws.com/groups/global/AllUsers 21. 22. READ 23. 24. 25. AKIAIOSFODNN7EXAMPLE 26. 2009-03-01T12:00:00.183Z 27. Iuyz3d3P0aTou39dzbqaEXAMPLE= 28. ``` `Sample Response` ``` 1. 2. 3. "828ef3fdfa96f00ad9f27c383fc9ac7f" 4. 2009-01-01T12:00:00.000Z 5. 6. ``` The access control policy can be read or set for an existing bucket or object using the `GetBucketAccessControlPolicy`, `GetObjectAccessControlPolicy`, `SetBucketAccessControlPolicy`, and `SetObjectAccessControlPolicy` methods. For more information, see the detailed explanation of these methods. ## Common elements You can include the following authorization-related elements with any SOAP request: + `AWSAccessKeyId:` The AWS Access Key ID of the requester + `Timestamp:` The current time on your system + `Signature:` The signature for the request # SOAP Error Responses **Note** SOAP APIs for Amazon S3 are not available for new customers, and are approaching End of Life (EOL) on October 31, 2025. We recommend that you use either the REST API or the AWS SDKs. In SOAP, an error result is returned to the client as a SOAP fault, with the HTTP response code 500. If you do not receive a SOAP fault, then your request was successful. The Amazon S3 SOAP fault code is comprised of a standard SOAP 1.1 fault code (either "Server" or "Client") concatenated with the Amazon S3-specific error code. For example: "Server.InternalError" or "Client.NoSuchBucket". The SOAP fault string element contains a generic, human readable error message in English. Finally, the SOAP fault detail element contains miscellaneous information relevant to the error. For example, if you attempt to delete the object "Fred", which does not exist, the body of the SOAP response contains a "NoSuchKey" SOAP fault. The following example shows a sample SOAP error response. ``` 1. 2. 3. soapenv:Client.NoSuchKey 4. The specified key does not exist. 5. 6. Fred 7. 8. 9. ``` The following table explains the SOAP error response elements | Name | Description | | --- | --- | | Detail | Container for the key involved in the error Type: Container Ancestor: Body.Fault | | Fault | Container for error information. Type: Container Ancestor: Body | | Faultcode | The fault code is a string that uniquely identifies an error condition. It is meant to be read and understood by programs that detect and handle errors by type. For more information, see [List of Error Codes](ErrorResponses.md#ErrorCodeList). Type: String Ancestor: Body.Fault | | Faultstring | The fault string contains a generic description of the error condition in English. It is intended for a human audience. Simple programs display the message directly to the end user if they encounter an error condition they don't know how or don't care to handle. Sophisticated programs with more exhaustive error handling and proper internationalization are more likely to ignore the fault string. Type: String Ancestor: Body.Fault | | Key | Identifies the key involved in the error Type: String Ancestor: Body.Fault |