All Products
Search
Document Center

Object Storage Service:CreateAccessPoint

Last Updated:Jun 08, 2026

Creates an access point for a bucket.

Usage notes

  • An Alibaba Cloud account has this permission by default. To use a RAM user or STS, you must have the oss:CreateAccessPoint permission.

  • Up to 1,000 access points per Alibaba Cloud account.

  • Up to 100 access points per bucket.

Request syntax

PUT /?accessPoint HTTP/1.1
Date: GMT Date
Content-Length: ContentLength
Content-Type: application/xml
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Authorization: SignatureValue
<?xml version="1.0" encoding="UTF-8"?>
<CreateAccessPointConfiguration>
  	<AccessPointName>ap-01</AccessPointName>
    <NetworkOrigin>vpc</NetworkOrigin>
    <VpcConfiguration>
      <VpcId>vpc-t4nlw426y44rd3iq4xxxx</VpcId>
    </VpcConfiguration>
</CreateAccessPointConfiguration>

Request headers

This operation uses only common request headers.

Request elements

Element

Type

Required

Example

Description

CreateAccessPointConfiguration

Container

Yes

N/A

The container for access point configuration.

Parent nodes: none

Child nodes: AccessPointName, NetworkOrigin, and VpcConfiguration

AccessPointName

String

Yes

ap-01

The access point name. Naming requirements:

  • Must be unique within a region of your Alibaba Cloud account.

  • Cannot end with -ossalias.

  • Can contain only lowercase letters, digits, and hyphens (-). Cannot start or end with a hyphen.

  • Must be 3 to 19 characters in length.

Parent nodes: CreateAccessPointConfiguration

Child nodes: none

NetworkOrigin

String

Yes

vpc

The network origin. Valid values:

  • vpc: Access the access point through a specific virtual private cloud (VPC).

  • internet: Access the access point through public or internal endpoints.

Parent nodes: CreateAccessPointConfiguration

Child nodes: none

VpcConfiguration

Container

No

N/A

The container for VPC configuration.

Parent nodes: CreateAccessPointConfiguration

Child nodes: VpcId

VpcId

String

No

vpc-t4nlw426y44rd3iq4xxxx

The VPC ID. Required only when NetworkOrigin is set to vpc.

Important

When restricting VPC access with an access point, ensure the VPC region matches the OSS gateway endpoint region. Mismatched regions cause authentication failures. For more information, see Regions of gateway endpoints supported by OSS.

Parent nodes: VpcId

Child nodes: none

Response headers

This operation returns only common response headers.

Response elements

Element

Type

Example

Description

CreateAccessPointResult

Container

N/A

The container for the access point creation result.

Child nodes: AccessPointArn and Alias

AccessPointArn

String

acs:oss:cn-hangzhou:128364106451xxxx:accesspoint/ap-01

The Alibaba Cloud Resource Name (ARN) of the access point.

Alias

String

ap-01-45ee7945007a2f0bcb595f63e2215cxxxx-ossalias

The alias of the access point.

Examples

  • Sample requests

    PUT /?accessPoint HTTP/1.1
    Date: Mon, 19 Jun 2023 03:15:40 GMT
    Content-Length: 0
    Content-Type: application/xml
    Host: oss-example.oss-cn-hangzhou.aliyuncs.com
    Authorization: OSS4-HMAC-SHA256 Credential=LTAI********************/20250417/cn-hangzhou/oss/aliyun_v4_request,AdditionalHeaders=content-length,Signature=a7c3554c729d71929e0b84489addee6b2e8d5cb48595adfc51868c299c0c218e    
    <?xml version="1.0" encoding="UTF-8"?>
    <CreateAccessPointConfiguration>
      	<AccessPointName>ap-01</AccessPointName>
        <NetworkOrigin>vpc</NetworkOrigin>
        <VpcConfiguration>
          <VpcId>vpc-t4nlw426y44rd3iq4xxxx</VpcId>
        </VpcConfiguration>
    </CreateAccessPointConfiguration>
  • Sample response

    HTTP/1.1 200 OK
    x-oss-request-id: 5C1B138A109F4E405B2Dxxxx
    Date: Mon, 19 Jun 2023 03:15:40 GMT
    Content-Length: 0
    Connection: keep-alive
    Server: AliyunOSS
    <?xml version="1.0" encoding="UTF-8"?>
    <CreateAccessPointResult>
      <AccessPointArn>acs:oss:cn-hangzhou:128364106451xxxx:accesspoint/ap-01</AccessPointArn>
      <Alias>ap-01-45ee7945007a2f0bcb595f63e2215cxxxx-ossalias</Alias>
    </CreateAccessPointResult>

ossutil

For information about the ossutil command that corresponds to the CreateAccessPoint operation, see create-access-point.