Connecting to IBM COS via the API requires specifying two fundamental pieces of information: credentials and an endpoint. Many tools that are compatible with the S3 API default to connecting to AWS endpoints, and so it is necessary to explicitly declare the endpoint when using these tools.

Credentials consist of two strings: an access key, and a secret key. The access key is somewhat like a temporary account ID, and the secret key is essentially a password. It is important not to accidentally compromise your application’s security by inadvertently checking your credentials into a code repository! The easiest way to keep track of your keys is to set them as environment variables in your development environment. This allows them to be called within your code but doesn’t require them to be explicitly declared.

At present two sets of credentials can be created per COS instance, allowing credentials to be rotated in applications without interruption.

For more detail on authentication and authorization, see the Managing access section.

For more detail on the different endpoints, see the Selecting Endpoints section.

Using the control portal to view credentials and endpoints

  1. Credentials and available endpoints can be viewed, by clicking the View Credentials link on the left side of an Account Details page (the view that shows a list of buckets in the account).
  2. Click the credentials header to expand and show the credentials.
  3. An account can have a maximum of two credentials at once. This allows for credentials to be rotated in applications without interruption. A new credential can be created, by clicking the Add credential button just below the Credentials header.
  4. A credential can also be deleted, by clicking the - button to the right of the credential. A confirmation dialog will pop-up for confirmation before the credential is deleted.
  5. The page also shows the various authentication endpoints that can be used to access the account.

Using libraries and SDKs

IBM Cloud does not provide native libraries or SDKs for interacting with COS offerings at this time, instead stored data is accessed using an implementation of the S3 API. Compatibility with an established object storage API allows developers to make use of a large ecosystem of third-party tools and SDKs.

A full list of supported S3 API operations can be found in the API Overview.

This documentation provides basic introductions to using popular third-party S3 API client applications and a command line interface, as well as a library for the Python programming language.


The code examples throughout assume a basic comfortability with a Linux-like shell interface (such as bash, the OSX Terminal, or the Windows 10 WSL. For more information on getting started with shell environments, visit this primer on shell programming fundamentals. Any example code is intended merely as an educational demonstration and is in no way intended to serve as a template or boilerplate for production code.