Version: 1.0.0
PG Storage HTTP API
CloudBase PG cloud storage HTTP API — CRUD for buckets and objects, signed URLs, object metadata, multipart uploads, etc.
Applicable environment: PG environments. For classic environments, use the classic cloud storage HTTP API.
Permission model: based on PostgreSQL RLS (row-level security). Three roles: service_role (BYPASSRLS), authenticated (subject to RLS), anon (subject to RLS). See PG cloud storage — Permission management.
Product docs: PG cloud storage overview · Quick experience · RLS policy patterns.
Authentication
- HTTP: Bearer Auth
JWT Bearer Token,通过 Authorization: Bearer <token> 头传递。
Token 来源决定角色:
- service_role:使用 service_role API Key 作为 token(服务端管理场景)
- authenticated:使用用户登录后获取的 JWT(普通用户场景)
- anon:不携带 Authorization 头或使用 anon key(匿名场景)
接口认证分三种模式:
- 必需认证(requiredAuth):必须携带
Authorization: Bearer <token>头,缺失则返回 400(message: headers must have required property 'authorization') - 可选认证(optionalAuth):可选携带;有 token 则按角色鉴权,无 token 则以 anon 身份执行
- 无需认证(public):不需要 token,后端以 service_role 身份执行(用于公开资源和签名 URL 访问)
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | JWT |