Document Center

All Products

Document Center

Object Storage Service:OSS Python SDK V1

Last Updated:May 27, 2026

We recommend the OSS Python SDK V2, which redesigns authentication, retries, and error handling, and adds paginators, transfer managers, and file-like interfaces.

Quick start

Get started with OSS Python SDK V1 in the following steps.

Prepare the environment

Install Python

The OSS Python SDK V1 is compatible with Python 2.6, 2.7, 3.3, 3.4, 3.5, 3.6, 3.7, 3.8, or later.

When installing the Python SDK in a Windows environment, ensure the Visual C++ version is 15.0 or later.

Install python-devel

OSS Python SDK V1 uses the crcmod library for CRC checksums. Its C extension requires the Python.h header from python-devel. Without it, the SDK falls back to pure Python CRC validation, which is significantly slower for uploads and downloads.

Windows

On Windows, the required header files are included in the default Python installation. You do not need to install python-devel separately.

macOS

On macOS, the required header files are included in the default Python installation. You do not need to install python-devel separately.

CentOS

To install python-devel, run the following command.

yum install python-devel

RHEL

To install python-devel, run the following command.

yum install python-devel

Fedora

To install python-devel, run the following command.

yum install python-devel

Debian

To install python-devel, run the following command.

apt-get install python-dev

Ubuntu

To install python-devel, run the following command.

apt-get install python-dev

Install the SDK

Install the SDK using one of the following methods. Use the latest version to ensure compatibility with the code examples.

Install with pip

Install pip. pip is installed by default with Python 2.7.9 or later, or Python 3.4 or later.
To install the latest SDK version, run the following command.
```
pip install oss2                   
```

Install from source

Download the latest version of the SDK from GitHub, decompress the package, and then navigate to the directory. Ensure the directory contains the setup.py file.

To download a previous version of the OSS Python SDK V1, see Release History.

To install the SDK, run the following command.

python setup.py install

Configure access credentials

Configure access credentials using the AccessKey pair of a RAM user.

In the RAM console, create a RAM user with a Permanent AccessKey Pair. Save the AccessKey pair and grant the AliyunOSSFullAccess permission to the user.

Use the AccessKey pair of the RAM user to configure environment variables.

Linux

Run the following commands in the command-line interface to append the environment variable settings to the ~/.bashrc file.

echo "export OSS_ACCESS_KEY_ID='YOUR_ACCESS_KEY_ID'" >> ~/.bashrc
echo "export OSS_ACCESS_KEY_SECRET='YOUR_ACCESS_KEY_SECRET'" >> ~/.bashrc

Run the following command to apply the changes.
```
source ~/.bashrc
```
Run the following commands to verify that the environment variables are configured.
```
echo $OSS_ACCESS_KEY_ID
echo $OSS_ACCESS_KEY_SECRET
```

macOS

Run the following command in the terminal to view the default shell type.
```
echo $SHELL
```
Perform the following operations based on the default shell type.
Zsh
1. Run the following commands to append the environment variable settings to the ~/.zshrc file.
```
echo "export OSS_ACCESS_KEY_ID='YOUR_ACCESS_KEY_ID'" >> ~/.zshrc
echo "export OSS_ACCESS_KEY_SECRET='YOUR_ACCESS_KEY_SECRET'" >> ~/.zshrc
```
2. Run the following command to apply the changes.
```
source ~/.zshrc
```
3. Run the following commands to verify that the environment variables are configured.
```
echo $OSS_ACCESS_KEY_ID
echo $OSS_ACCESS_KEY_SECRET
```
Bash
1. Run the following commands to append the environment variable settings to the ~/.bash_profile file.
```
echo "export OSS_ACCESS_KEY_ID='YOUR_ACCESS_KEY_ID'" >> ~/.bash_profile
echo "export OSS_ACCESS_KEY_SECRET='YOUR_ACCESS_KEY_SECRET'" >> ~/.bash_profile
```
2. Run the following command to apply the changes.
```
source ~/.bash_profile
```
3. Run the following commands to verify that the environment variables are configured.
```
echo $OSS_ACCESS_KEY_ID
echo $OSS_ACCESS_KEY_SECRET
```

Windows

CMD

Run the following commands in CMD.

setx OSS_ACCESS_KEY_ID "YOUR_ACCESS_KEY_ID"
setx OSS_ACCESS_KEY_SECRET "YOUR_ACCESS_KEY_SECRET"

Run the following commands to verify that the environment variables are configured.
```
echo %OSS_ACCESS_KEY_ID%
echo %OSS_ACCESS_KEY_SECRET%
```

PowerShell

Run the following commands in PowerShell.

[Environment]::SetEnvironmentVariable("OSS_ACCESS_KEY_ID", "YOUR_ACCESS_KEY_ID", [EnvironmentVariableTarget]::User)
[Environment]::SetEnvironmentVariable("OSS_ACCESS_KEY_SECRET", "YOUR_ACCESS_KEY_SECRET", [EnvironmentVariableTarget]::User)

Run the following commands to verify that the environment variables are configured.

[Environment]::GetEnvironmentVariable("OSS_ACCESS_KEY_ID", [EnvironmentVariableTarget]::User)
[Environment]::GetEnvironmentVariable("OSS_ACCESS_KEY_SECRET", [EnvironmentVariableTarget]::User)

Initialize the client

Most operations with the OSS Python SDK V1 use the oss2.Service and oss2.Bucket classes.

The oss2.Service class lists buckets. It does not support access through custom domain names.
The oss2.Bucket class uploads, downloads, and deletes files, and configures various bucket settings.

Important

Due to a policy change to improve compliance and security, starting March 20, 2025, new OSS users must use a custom domain name (CNAME) to perform data API operations on OSS buckets located in Chinese mainland regions. Default public endpoints are restricted for these operations. Refer to the official announcement for a complete list of the affected operations. If you access your data via HTTPS, you must bind a valid SSL Certificate to your custom domain. This is mandatory for OSS Console access, as the console enforces HTTPS.

Initialize a bucket instance

Before running the sample code, replace placeholders like <region-id> with your actual region and endpoint, such as ap-southeast-1.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# Sample code for initializing a client with OSS Python SDK V1

import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider

def main():

    # Load access credentials from environment variables. You must set the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables.
    auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
    # Set the OSS service region.
    region = "<region-id>"
    # Set the endpoint.
    endpoint = "<endpoint>"
    # Set the bucket name.
    bucket_name = "example-bucket"

    # Initialize an OSS Bucket instance.
    bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)
    
    # List files in the bucket.
    print("=== List files in the bucket ===")
    try:
        # Use the list_objects method to list files.
        result = bucket.list_objects()
        
        # Iterate through the file list and print only the file names.
        for obj in result.object_list:
            print(obj.key)
        
        # Print statistics.
        print(f"\nTotal files listed: {len(result.object_list)}")
        if result.is_truncated:
            print("Note: The result is truncated. More files are available.")
            
    except oss2.exceptions.OssError as e:
        print(f"OSS error: {e}")
        raise
    except Exception as e:
        print(f"An error occurred: {e}")
        raise

if __name__ == "__main__":
    # Entry point of the program.
    try:
        main()
    except Exception as e:
        print(f"An error occurred during execution: {e}")
        raise

Initialize a service instance

Before running the sample code, replace placeholders like <region-id> with your actual region and endpoint, such as ap-southeast-1.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# Sample code for initializing a Service instance with OSS Python SDK V1

import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider

def main():

    # Load access credentials from environment variables. You must set the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables.
    auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
    # Set the OSS service region.
    region = "<region-id>"
    # Set the endpoint.
    endpoint = "<endpoint>"

    # Initialize an OSS Service instance.
    service = oss2.Service(auth, endpoint, region=region)
    
    # List all buckets.
    print("=== List all buckets ===")
    try:
        # Use BucketIterator to list buckets.
        buckets = [b.name for b in oss2.BucketIterator(service)]
        
        # Iterate through the bucket list and print only the bucket names.
        for bucket in buckets:
            print(bucket)
        
        # Print statistics.
        print(f"\nTotal buckets listed: {len(buckets)}")
            
    except oss2.exceptions.OssError as e:
        print(f"OSS error: {e}")
        raise
    except Exception as e:
        print(f"An error occurred: {e}")
        raise

if __name__ == "__main__":
    # Entry point of the program.
    try:
        main()
    except Exception as e:
        print(f"An error occurred during execution: {e}")
        raise

Client configuration

Customize parameters such as endpoint, timeout, and connection pool size when initializing the OSS client.

Use an internal domain name

To access OSS over an internal network, use the internal domain name as the endpoint.

Replace the <region-id> placeholder in the code with an actual region, such as ap-southeast-1.

endpoint = "oss-<region-id>-internal.aliyuncs.com"

# Initialize an OSS bucket instance.
bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

Use a custom domain name

To use a custom domain name, set the endpoint to your domain and enable is_cname=True.

Map your custom domain name to your bucket before using it. Access OSS by Using Custom Domain Names.

# Set the custom domain name.
endpoint = "http://example.com"

# Initialize an OSS bucket instance.
bucket = oss2.Bucket(auth, endpoint, bucket_name, is_cname=True, region=region)

Timeout control

Set the connect_timeout parameter (in seconds) when initializing the client. Default: 60 seconds.

# Initialize an OSS bucket instance.
bucket = oss2.Bucket(auth, endpoint, bucket_name, connect_timeout=30, region=region)

Connection pool size

Adjust the connection pool size with the pool_size parameter of the session object.

# Set the connection pool size. The default value is 10.
session = oss2.Session(pool_size=20)

# Initialize an OSS bucket instance.
bucket = oss2.Bucket(auth, endpoint, bucket_name, session=session, region=region)

TLS version

To specify a TLS version, create a session by using a custom SSLAdapter.

Python SDK 2.18.1 and later versions allow you to specify the TLS version.

import ssl
from requests.adapters import HTTPAdapter

# Define a custom adapter to specify the TLS version.
class SSLAdapter(HTTPAdapter):
    def init_poolmanager(self, *args, **http_client_config):
        # Specify TLS 1.2.
        http_client_config["ssl_version"] = ssl.PROTOCOL_TLSv1_2
        return super(SSLAdapter, self).init_poolmanager(*args, **http_client_config)
        
# Create a session by using SSLAdapter.
session = oss2.Session(adapter=SSLAdapter())

# Initialize an OSS bucket instance.
bucket = oss2.Bucket(auth, endpoint, bucket_name, session=session, region=region)

Disable CRC check

To disable the CRC data integrity check, set the enable_crc=False parameter.

Important

Keep CRC enabled. Disabling it means OSS cannot guarantee data integrity during uploads and downloads.

# Initialize an OSS bucket instance.
bucket = oss2.Bucket(auth, endpoint, bucket_name, enable_crc=False, region=region)

Signature version

Important

Alibaba Cloud Object Storage V1 signatures will be discontinued according to the following schedule. We recommend that you upgrade to V4 signature as soon as possible to ensure that your services are not affected.

As of March 1, 2025, new users cannot use the V1 signature.
As of September 1, 2025, we will phase out support and maintenance for the V1 signature, and you cannot create new buckets that use it.

The following example initializes a client with the V1 signature. For V4 signature initialization, see Initialize a Client.

Before you run the sample code, replace placeholders such as <endpoint> with your actual region and endpoint, such as https://oss-ap-southeast-1.aliyuncs.com.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# OSS Python SDK V1 client initialization sample code
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider

def main():

    # Load access credentials from environment variables. You must set the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables.
    auth = oss2.ProviderAuth(EnvironmentVariableCredentialsProvider())

    # Set the endpoint.
    endpoint = "<endpoint>"
    # Set the bucket name.
    bucket_name = "example-bucket"

    # Initialize an OSS bucket instance.
    bucket = oss2.Bucket(auth, endpoint, bucket_name)
    
    # List files in the bucket.
    print("=== List files in the bucket ===")
    try:
        # List files by using the list_objects() method.
        result = bucket.list_objects()
        
        # Iterate through the object list and print each object's key.
        for obj in result.object_list:
            print(obj.key)
        
        # Print statistics.
        print(f"\nTotal files listed: {len(result.object_list)}")
        if result.is_truncated:
            print("Note: The result is truncated. More files are available.")
            
    except oss2.exceptions.OssError as e:
        print(f"OSS error: {e}")
        raise
    except Exception as e:
        print(f"An error occurred: {e}")
        raise

if __name__ == "__main__":
    # Program entry point.
    try:
        main()
    except Exception as e:
        print(f"An error occurred while running the program: {e}")
        raise

Custom application name

Set the app_name parameter to add a custom identifier to the User-Agent header. Default: empty string.

The application name is transmitted as an HTTP header value and must comply with HTTP standards.

# Initialize an OSS bucket instance.
bucket = oss2.Bucket(auth, endpoint, bucket_name, app_name="client_test", region=region)

Sample code

OSS Python SDK V1 provides code samples for bucket management, object operations, access control, and encrypted transfer. Use them as reference or integrate them into your application.

GitHub sample code	Documentation sample code
bucket.py	Create a bucket (Python SDK V1) List buckets (Python SDK V1) Get the region of a bucket (Python SDK V1) Get bucket information (Python SDK V1) Check if a bucket exists (Python SDK V1) Lifecycle (Python SDK V1) Manage bucket permissions (Python SDK V1)
bucket_cname.py	Map a custom domain name (Python SDK V1)
bucket_cors.py	Cross-origin resource sharing (CORS) (Python SDK V1)
bucket_inventory.py	Inventory (Python SDK V1)
bucket_logging.py	Logging (Python SDK V1)
bucket_meta_query.py	Query bucket metadata (Python SDK V1)
bucket_policy.py	Policy
bucket_referer.py	Hotlink protection (Python SDK V1)
bucket_replication.py	Replication (Python SDK V1)
bucket_symlink.py	Manage symbolic links (Python SDK V1)
bucket_tagging.py	Bucket tagging (Python SDK V1)
bucket_transfer_acceleration.py	Transfer acceleration (Python SDK V1)
bucket_versioning.py	Manage versioning (Python SDK V1)
bucket_website.py	Static website hosting
bucket_worm.py	Retention policy
download.py	Download to a local file (Python SDK V1) Download as a stream (Python SDK V1) Download a range of an object (Python SDK V1) Resumable download (Python SDK V1)
image.py	Image processing (Python SDK V1)
object_basic.py	Simple upload (Python SDK V1) Copy an object (Python SDK V1) List objects (Python SDK V1) Delete objects (Python SDK V1)
object_callback.py	Upload callback (Python SDK V1)
object_check.py	Data integrity check (Python SDK V1)
object_crypto.py	Client-side encryption (Python SDK V1)
object_extra.py	Set user-defined metadata
object_forbid_overwrite.py	Prevent object overwrites (Python SDK V1)
object_operation.py	Check if an object exists (Python SDK V1) Manage object permissions (Python SDK V1)
object_post.py	Post upload
object_progress.py	Upload progress bar (Python SDK V1) Download progress bar (Python SDK V1)
object_request_payment.py	Requester pays (Python SDK V1)
object_restore.py	Restore an object (Python SDK V1)
server_side_encryption.py	Server-side encryption (Python SDK V1)
object_storage_type.py	Change an object's storage class (Python SDK V1)
sts.py	Access with an STS token (Python SDK V1)
object_tagging.py	Set object tags (Python SDK V1) Get object tags (Python SDK V1) Delete object tags (Python SDK V1) Object tagging and lifecycle management (Python SDK V1)
select_csv.py	Query an object (Python SDK V1)
traffic_limit.py	Limit the transfer rate of a connection (Python SDK V1)
upload.py	Resumable upload (Python SDK V1) Multipart upload (Python SDK V1)

Query endpoint information

Query endpoint information for all available regions or a specific region, including public (IPv4), internal, and transfer acceleration endpoints.

Note

Python SDK 2.18.0 and later supports querying endpoint information.

Before running the sample code, replace placeholders such as <region-id> with your actual region and endpoint, such as ap-southeast-1.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# Sample code for querying endpoint information using the OSS Python SDK

import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider

def main():

    print("=== Querying endpoint information for all supported regions ===\n")
    
    # Obtain access credentials from environment variables. You must set the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables.
    auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
    
    # Specify the endpoint for the region where your bucket is located.
    endpoint = "<endpoint>"
    
    # Specify the region that corresponds to the endpoint. This parameter is required when you use Signature V4.
    region = "<region-id>"
    
    # Initialize an OSS Service instance.
    service = oss2.Service(auth, endpoint, region=region)
    
    try:
        # Query endpoint information for all supported regions.
        result = service.describe_regions()
        
        # Iterate through the region information.
        for r in result.regions:
            print(f"Region: {r.region}")
            print(f"  Public (IPv4) Endpoint: {r.internet_endpoint}")
            print(f"  Internal (Classic Network or VPC) Endpoint: {r.internal_endpoint}")
            print(f"  Transfer Acceleration Endpoint: {r.accelerate_endpoint}")
            print("-" * 80)
        
        # Print statistics.
        print(f"\nFound endpoint information for {len(result.regions)} regions.")
            
    except oss2.exceptions.OssError as e:
        print(f"OSS error: {e}")
        raise
    except Exception as e:
        print(f"An error occurred: {e}")
        raise

if __name__ == "__main__":
    # Entry point of the program.
    try:
        main()
    except Exception as e:
        print(f"An error occurred during execution: {e}")
        raise

To query endpoint information for a specific region, specify the OSS-specific region ID in the describe_regions method.

result = service.describe_regions("oss-<region-id>")

Credential configuration

OSS supports multiple credential initialization methods. Choose one based on your authentication requirements.

You must use version 0.3.5 or later of alibabacloud-credentials. Using an earlier version will result in an error.

Select a credential type

Initialization method	Scenarios	Pre-configuration	Credential type	Validity	Rotation or refresh
Use the Access Key (AK) of a RAM user	For applications in secure environments that need long-term access to cloud services without frequent credential rotation.	Yes	Access Key (AK)	Long-term	Manual rotation
Use temporary access credentials from Security Token Service (STS)	For applications in untrusted environments that need credentials with a limited lifetime and specific permissions.	Yes	STS token	Temporary	Manual refresh
Use a RAM role ARN	For applications requiring authorized access to cloud services, such as cross-account access.	Yes	STS token	Temporary	Auto-refresh
Use an ECS instance RAM role	For applications running on Alibaba Cloud Elastic Compute Service (ECS) instances, Elastic Container Instance (ECI) instances, or worker nodes of Container Service for Kubernetes (ACK).	No	STS token	Temporary	Auto-refresh
Use an OIDC role ARN	For untrusted applications running on worker nodes of Alibaba Cloud Container Service for Kubernetes (ACK).	No	STS token	Temporary	Auto-refresh
Use credentials from the Function Compute (FC) context	For functions running in Alibaba Cloud Function Compute (FC).	No	STS token	Temporary	No refresh required
Use a credentials URI	For applications that need to obtain credentials from an external system.	No	STS token	Temporary	Auto-refresh
Use an auto-rotated Access Key (AK)	For applications that are deployed in an environment with a risk of Access Key (AK) leakage and require frequent credential rotation for long-term access to cloud services.	No	Access Key (AK)	Long-term	Auto-rotation
Use a custom credential provider	If the preceding methods do not meet your requirements, you can define a custom method to obtain credentials.	Custom	Custom	Custom	Custom

RAM user AK

Suitable for secure, stable environments that need long-term OSS access without frequent credential rotation. Initialize the credential provider with the AccessKey (AK) of a RAM user. This requires manual AK maintenance, which introduces security risks.

Important

An Alibaba Cloud account has full permissions on all resources. If its AK is leaked, your system is at risk. Use the AK of a RAM user with minimum required permissions instead.
To create an AK for a RAM user, see Create an AccessKey. The AccessKey ID and AccessKey Secret are shown only at creation time. If you forget them, create a new one.

Environment variables

Configure environment variables using the Access Key (AK) of a RAM user.

Linux

Run the following commands in the command-line interface to append the environment variable settings to the ~/.bashrc file.

echo "export OSS_ACCESS_KEY_ID='YOUR_ACCESS_KEY_ID'" >> ~/.bashrc
echo "export OSS_ACCESS_KEY_SECRET='YOUR_ACCESS_KEY_SECRET'" >> ~/.bashrc

Run the following command to apply the changes.
```
source ~/.bashrc
```
Run the following commands to verify that the environment variables are configured.
```
echo $OSS_ACCESS_KEY_ID
echo $OSS_ACCESS_KEY_SECRET
```

macOS

Run the following command in the terminal to view the default shell type.
```
echo $SHELL
```
Perform the following operations based on the default shell type.
Zsh
1. Run the following commands to append the environment variable settings to the ~/.zshrc file.
```
echo "export OSS_ACCESS_KEY_ID='YOUR_ACCESS_KEY_ID'" >> ~/.zshrc
echo "export OSS_ACCESS_KEY_SECRET='YOUR_ACCESS_KEY_SECRET'" >> ~/.zshrc
```
2. Run the following command to apply the changes.
```
source ~/.zshrc
```
3. Run the following commands to verify that the environment variables are configured.
```
echo $OSS_ACCESS_KEY_ID
echo $OSS_ACCESS_KEY_SECRET
```
Bash
1. Run the following commands to append the environment variable settings to the ~/.bash_profile file.
```
echo "export OSS_ACCESS_KEY_ID='YOUR_ACCESS_KEY_ID'" >> ~/.bash_profile
echo "export OSS_ACCESS_KEY_SECRET='YOUR_ACCESS_KEY_SECRET'" >> ~/.bash_profile
```
2. Run the following command to apply the changes.
```
source ~/.bash_profile
```
3. Run the following commands to verify that the environment variables are configured.
```
echo $OSS_ACCESS_KEY_ID
echo $OSS_ACCESS_KEY_SECRET
```

Windows

CMD

Run the following commands in CMD.

setx OSS_ACCESS_KEY_ID "YOUR_ACCESS_KEY_ID"
setx OSS_ACCESS_KEY_SECRET "YOUR_ACCESS_KEY_SECRET"

Run the following commands to verify that the environment variables are configured.
```
echo %OSS_ACCESS_KEY_ID%
echo %OSS_ACCESS_KEY_SECRET%
```

PowerShell

Run the following commands in PowerShell.

[Environment]::SetEnvironmentVariable("OSS_ACCESS_KEY_ID", "YOUR_ACCESS_KEY_ID", [EnvironmentVariableTarget]::User)
[Environment]::SetEnvironmentVariable("OSS_ACCESS_KEY_SECRET", "YOUR_ACCESS_KEY_SECRET", [EnvironmentVariableTarget]::User)

Run the following commands to verify that the environment variables are configured.

[Environment]::GetEnvironmentVariable("OSS_ACCESS_KEY_ID", [EnvironmentVariableTarget]::User)
[Environment]::GetEnvironmentVariable("OSS_ACCESS_KEY_SECRET", [EnvironmentVariableTarget]::User)

Restart or refresh your IDE, CLI, and other runtime environments after modifying environment variables to load the new values.

Use environment variables to provide credentials.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# OSS Python SDK V1: Sample code for client initialization

import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider

def main():

    # Load access credentials from environment variables. You must set OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET.
    auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
    # Set the OSS service region.
    region = "<region-id>"
    # Set the endpoint.
    endpoint = "<endpoint>"
    # Set the bucket name.
    bucket_name = "example-bucket-hz"

    # Initialize an OSS Bucket instance.
    bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)
    
    # List objects in the bucket.
    print("=== List objects in the bucket ===")
    try:
        # Use the list_objects method to list objects.
        result = bucket.list_objects()
        
        # Iterate through the object list and print only the object keys.
        for obj in result.object_list:
            print(obj.key)
        
        # Print statistics.
        print(f"\nTotal objects listed: {len(result.object_list)}")
        if result.is_truncated:
            print("Note: The result is truncated. More objects are not listed.")
            
    except oss2.exceptions.OssError as e:
        print(f"OSS error: {e}")
        raise
    except Exception as e:
        print(f"An error occurred: {e}")
        raise

if __name__ == "__main__":
    # Entry point of the program.
    try:
        main()
    except Exception as e:
        print(f"An error occurred during execution: {e}")
        raise

Static credentials

The following sample code shows how to hard-code credentials in your application.

Important

Do not embed credentials in applications in a production environment. This method is for testing purposes only.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# OSS Python SDK V1: Sample code for client initialization

import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider

def main():

    # Specify the AccessKey ID and AccessKey Secret of a RAM user.
    access_key_id = 'yourAccessKeyID'
    access_key_secret = 'yourAccessKeySecret'
    # Configure access credentials using the Access Key (AK) of the RAM user.
    auth = oss2.AuthV4(access_key_id, access_key_secret)
    # Set the OSS service region.
    region = "<region-id>"
    # Set the endpoint.
    endpoint = "<endpoint>"
    # Set the bucket name.
    bucket_name = "example-bucket-hz"

    # Initialize an OSS Bucket instance.
    bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)
    
    # List objects in the bucket.
    print("=== List objects in the bucket ===")
    try:
        # Use the list_objects method to list objects.
        result = bucket.list_objects()
        
        # Iterate through the object list and print only the object keys.
        for obj in result.object_list:
            print(obj.key)
        
        # Print statistics.
        print(f"\nTotal objects listed: {len(result.object_list)}")
        if result.is_truncated:
            print("Note: The result is truncated. More objects are not listed.")
            
    except oss2.exceptions.OssError as e:
        print(f"OSS error: {e}")
        raise
    except Exception as e:
        print(f"An error occurred: {e}")
        raise

if __name__ == "__main__":
    # Entry point of the program.
    try:
        main()
    except Exception as e:
        print(f"An error occurred during execution: {e}")
        raise

STS temporary credentials

Suitable for applications that need temporary OSS access. Initialize the credential provider with temporary credentials (AccessKey ID, AccessKey Secret, and security token) from STS. You must refresh the STS token manually before it expires.

Important

To obtain temporary access credentials by calling an API operation, see AssumeRole - Obtain temporary security credentials for a RAM role.
To obtain temporary access credentials using an SDK, see Use temporary credentials provided by STS to access OSS.
When you generate an STS token, you must set an expiration time. Once a token expires, it can no longer be used.
For a list of STS endpoints, see Service endpoints.

Environment variables

Set environment variables using temporary access credentials.
macOS, Linux, and Unix
Important

Use the temporary access credentials (Access Key ID, Access Key Secret, and security token) obtained from STS, not the Access Key (AK) of a RAM user.

The Access Key ID obtained from STS starts with "STS.", for example, "STS.**************".
```
export OSS_ACCESS_KEY_ID=<STS_ACCESS_KEY_ID>
export OSS_ACCESS_KEY_SECRET=<STS_ACCESS_KEY_SECRET>
export OSS_SESSION_TOKEN=<STS_SECURITY_TOKEN>
```
Windows
Important

Use the temporary access credentials (Access Key ID, Access Key Secret, and security token) obtained from STS, not the Access Key (AK) of a RAM user.

The Access Key ID obtained from STS starts with "STS.", for example, "STS.**************".
```
set OSS_ACCESS_KEY_ID=<STS_ACCESS_KEY_ID>
set OSS_ACCESS_KEY_SECRET=<STS_ACCESS_KEY_SECRET>
set OSS_SESSION_TOKEN=<STS_SECURITY_TOKEN>
```

Provide credentials using environment variables.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider

# yourEndpoint specifies the endpoint for the region where the bucket is located.
endpoint = '<endpoint>'

# yourBucketName specifies the bucket name.
bucket_name = 'yourBucketName'

# Specify the region where the bucket is located.
region = '<region-id>'

# Configure access credentials by using the STS AK, SK, and Security Token from environment variables.
# Note that ProviderAuthV4 indicates the use of V4 signatures.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())

# Initialize the bucket by using the Auth instance. Note that the region parameter is required when using V4 signatures;
# otherwise, an error occurs.
bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

# Use the bucket object for subsequent operations...

Static credentials

You can hard-code credentials in your application and explicitly set the temporary access keys.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

# -*- coding: utf-8 -*-
import oss2

# Specify the temporary AccessKey ID and AccessKey Secret obtained from STS, not the AccessKey ID and AccessKey Secret of your Alibaba Cloud account.
# Note that the Access Key ID obtained from STS starts with "STS."
sts_access_key_id = 'STS.****************'
sts_access_key_secret = 'yourAccessKeySecret'
# Specify the security token obtained from STS.
security_token = 'yourSecurityToken'

# yourEndpoint specifies the endpoint for the region where the bucket is located.
endpoint = '<endpoint>'

# yourBucketName specifies the bucket name.
bucket_name = 'yourBucketName'

# Specify the region where the bucket is located.
region = '<region-id>'

# Initialize the StsAuth instance. Note that setting auth_version to "v4" enables OSS V4 signatures.
auth = oss2.StsAuth(sts_access_key_id,
                    sts_access_key_secret,
                    security_token,
                    auth_version="v4")

# Initialize the bucket using the StsAuth instance. Note that the region parameter is required when using V4 signatures;
# otherwise, an error occurs.
bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

# Use the bucket object for subsequent operations...

RAM role ARN

Suitable for cross-account access. Initialize the credential provider with a RAM role ARN. The credentials tool automatically refreshes the STS token by calling AssumeRole before it expires. You can set the policy parameter to further restrict permissions.

Important

An Alibaba Cloud account has full permissions on all resources. If its AK is leaked, your system is at risk. Use the AK of a RAM user with minimum required permissions instead.
To create an AK for a RAM user, see Create an AccessKey. The AccessKey ID and AccessKey Secret are shown only at creation time. If you forget them, create a new one.
To obtain a RAM role ARN, see Create a RAM role.

Add the credentials dependency.
```
pip install alibabacloud_credentials
```

Configure the Access Key (AK) and RAM role ARN as access credentials.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

# -*- coding: utf-8 -*-
import oss2
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config
from oss2 import CredentialsProvider
from oss2.credentials import Credentials
import os

class CredentialProviderWrapper(CredentialsProvider):
    def __init__(self, client):
        self.client = client

    def get_credentials(self):
        credential = self.client.get_credential()
        access_key_id = credential.access_key_id
        access_key_secret = credential.access_key_secret
        security_token = credential.security_token
        return Credentials(access_key_id, access_key_secret, security_token)

config = Config(
    # Obtain the Access Key (AccessKey ID and AccessKey Secret) of the RAM user from environment variables.
    access_key_id=os.getenv('ALIBABA_CLOUD_ACCESS_KEY_ID'),
    access_key_secret=os.getenv('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),
    type='ram_role_arn',
    # The ARN of the RAM role to assume. Example: acs:ram::123456789012****:role/adminrole. You can set the RoleArn using the ALIBABA_CLOUD_ROLE_ARN environment variable.
    role_arn='<RoleArn>',
    # The role session name. You can set the RoleSessionName using the ALIBABA_CLOUD_ROLE_SESSION_NAME environment variable.
    role_session_name='<RoleSessionName>',
    # Optional. A more restrictive permission policy. Example: {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}
    policy='<Policy>',
    # Optional. The validity period of the role session.
    role_session_expiration=3600
)

cred = Client(config)

credentials_provider = CredentialProviderWrapper(cred)

# Note that ProviderAuthV4 indicates the use of V4 signatures.
auth = oss2.ProviderAuthV4(credentials_provider)

# yourEndpoint specifies the endpoint for the region where the bucket is located.
endpoint = '<endpoint>'

# yourBucketName specifies the bucket name.
bucket_name = 'yourBucketName'

# Specify the region where the bucket is located.
region = '<region-id>'

# Initialize the bucket by using the Auth instance. Note that the region parameter is required when using V4 signatures;
# otherwise, an error occurs.
bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

# Use the bucket object for subsequent operations...

ECS instance RAM role

Suitable for applications on ECS instances, ECI instances, or Container Service for Kubernetes (ACK) worker nodes. An ECS instance RAM role enables automatic STS token refresh on ECS instances, ECI instances, or Container Service for Kubernetes (ACK) worker nodes without providing an AK or STS token. To obtain a role, see Create a RAM role. To attach it to an instance, see Instance RAM role.

Add the credentials dependency.
```
pip install alibabacloud_credentials
```

Configure the ECS instance RAM role as the access credential.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

# -*- coding: utf-8 -*-
import oss2
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config
from oss2 import CredentialsProvider
from oss2.credentials import Credentials

class CredentialProviderWrapper(CredentialsProvider):
    def __init__(self, client):
        self.client = client

    def get_credentials(self):
        credential = self.client.get_credential()
        access_key_id = credential.access_key_id
        access_key_secret = credential.access_key_secret
        security_token = credential.security_token
        return Credentials(access_key_id, access_key_secret, security_token)

config = Config(
    type='ecs_ram_role',      # Credential type. Fixed value: ecs_ram_role.
    role_name='<RoleName>'    # The name of the RAM role attached to the ECS instance. Optional. If not set, it is retrieved automatically. We strongly recommend setting this parameter to reduce requests.
)

cred = Client(config)

credentials_provider = CredentialProviderWrapper(cred)

# Note that ProviderAuthV4 indicates the use of V4 signatures.
auth = oss2.ProviderAuthV4(credentials_provider)

# yourEndpoint specifies the endpoint for the region where the bucket is located.
endpoint = '<endpoint>'

# yourBucketName specifies the bucket name.
bucket_name = 'yourBucketName'

# Specify the region where the bucket is located.
region = '<region-id>'

# Initialize the bucket by using the Auth instance. Note that the region parameter is required when using V4 signatures;
# otherwise, an error occurs.
bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

# Use the bucket object for subsequent operations...

OIDC role ARN

When untrusted applications run on ACK worker nodes, use RRSA to prevent them from obtaining the node's instance RAM role STS token. The cluster mounts a service account OIDC token file per pod and injects the configuration into environment variables. The credentials tool exchanges the OIDC token for an STS token via AssumeRoleWithOIDC, without requiring an AK or STS token. Configure RAM permissions for a ServiceAccount to implement pod permission isolation by using RRSA.

Add the credentials dependency.
```
pip install alibabacloud_credentials
```

Configure the OIDC role as the access credential.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

# -*- coding: utf-8 -*-
import oss2
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config
from oss2 import CredentialsProvider
from oss2.credentials import Credentials
import os

class CredentialProviderWrapper(CredentialsProvider):
    def __init__(self, client):
        self.client = client

    def get_credentials(self):
        credential = self.client.get_credential()
        access_key_id = credential.access_key_id
        access_key_secret = credential.access_key_secret
        security_token = credential.security_token
        return Credentials(access_key_id, access_key_secret, security_token)

config = Config(
    # Credential type. Fixed value: oidc_role_arn.
    type='oidc_role_arn',
    # The ARN of the RAM role. You can set the RoleArn using the ALIBABA_CLOUD_ROLE_ARN environment variable.
    role_arn=os.environ.get('<RoleArn>'),
    # The ARN of the OIDC provider. You can set the OidcProviderArn using the ALIBABA_CLOUD_OIDC_PROVIDER_ARN environment variable.
    oidc_provider_arn=os.environ.get('<OidcProviderArn>'),
    # The OIDC token file path. You can set the OidcTokenFilePath using the ALIBABA_CLOUD_OIDC_TOKEN_FILE environment variable.
    oidc_token_file_path=os.environ.get('<OidcTokenFilePath>'),
    # The role session name. You can set the RoleSessionName using the ALIBABA_CLOUD_ROLE_SESSION_NAME environment variable.
    role_session_name='<RoleSessionName>',
    # Optional. A more restrictive permission policy. Example: {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}
    policy='<Policy>',
    # The validity period of the session.
    role_session_expiration=3600
)

cred = Client(config)

credentials_provider = CredentialProviderWrapper(cred)

# Note that ProviderAuthV4 indicates the use of V4 signatures.
auth = oss2.ProviderAuthV4(credentials_provider)

# yourEndpoint specifies the endpoint for the region where the bucket is located.
endpoint = '<endpoint>'

# yourBucketName specifies the bucket name.
bucket_name = 'yourBucketName'

# Specify the region where the bucket is located.
region = '<region-id>'

# Initialize the bucket by using the Auth instance. Note that the region parameter is required when using V4 signatures;
# otherwise, an error occurs.
bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

# Use the bucket object for subsequent operations...

Function Compute context

Suitable for functions running in FC. FC assumes a service role to obtain an STS token (valid for 36 hours) and passes it through the context Credentials parameter. Since the maximum function execution time is 24 hours, the token does not expire during execution, so no refresh is needed. To grant FC permissions to access OSS, see Use a function role to grant Function Compute permissions to access other cloud services.

Initialize the credential provider with credentials from the FC context.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

# -*- coding: utf-8 -*-
import oss2
from oss2 import CredentialsProvider
from oss2.credentials import Credentials

def handler(event, context):

    class CredentialProviderWrapper(CredentialsProvider):
        def get_credentials(self):
            creds = context.credentials
            return Credentials(creds.access_key_id, creds.access_key_secret, creds.security_token)

    credentials_provider = CredentialProviderWrapper()
    # Note that ProviderAuthV4 indicates the use of V4 signatures.
    auth = oss2.ProviderAuthV4(credentials_provider)

    # yourEndpoint specifies the endpoint for the region where the bucket is located.
    endpoint = '<endpoint>'

    # yourBucketName specifies the bucket name.
    bucket_name = 'yourBucketName'

    # Specify the region where the bucket is located.
    region = '<region-id>'

    # Initialize the bucket by using the Auth instance. Note that the region parameter is required when using V4 signatures;
    # otherwise, an error occurs.
    bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

    # Use the bucket object for subsequent operations...

    return 'success'

Credentials URI

Suitable for applications that obtain credentials from an external system. The credentials tool retrieves an STS token from the provided URI and handles automatic refresh.

Important

A credentials URI is the server address from which to obtain the STS token.
The backend service that provides the credentials URI response must implement automatic STS token refresh logic to ensure the application always obtains valid credentials.

To ensure the credentials tool can correctly parse and use the STS token, the URI response must adhere to the following protocol:

Response status code: 200

Response body structure:

{
    "Code": "Success",
    "AccessKeySecret": "AccessKeySecret",
    "AccessKeyId": "AccessKeyId",
    "Expiration": "2021-09-26T03:46:38Z",
    "SecurityToken": "SecurityToken"
}

Add the credentials dependency.
```
pip install alibabacloud_credentials
```

Configure the credentials URI as the access credential.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

# -*- coding: utf-8 -*-
import oss2
from alibabacloud_credentials.client import Client
from alibabacloud_credentials.models import Config
from oss2 import CredentialsProvider
from oss2.credentials import Credentials

class CredentialProviderWrapper(CredentialsProvider):
    def __init__(self, client):
        self.client = client

    def get_credentials(self):
        credential = self.client.get_credential()
        access_key_id = credential.access_key_id
        access_key_secret = credential.access_key_secret
        security_token = credential.security_token
        return Credentials(access_key_id, access_key_secret, security_token)

config = Config(
    type='credentials_uri',
    # The URI for the credentials, in the format http://local_or_remote_uri/. You can set the CredentialsUri using the ALIBABA_CLOUD_CREDENTIALS_URI environment variable.
    credentials_uri='<CredentialsUri>',
)

cred = Client(config)

credentials_provider = CredentialProviderWrapper(cred)

# Note that ProviderAuthV4 indicates the use of V4 signatures.
auth = oss2.ProviderAuthV4(credentials_provider)

# yourEndpoint specifies the endpoint for the region where the bucket is located.
endpoint = '<endpoint>'

# yourBucketName specifies the bucket name.
bucket_name = 'yourBucketName'

# Specify the region where the bucket is located.
region = '<region-id>'

# Initialize the bucket by using the Auth instance. Note that the region parameter is required when using V4 signatures;
# otherwise, an error occurs.
bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

# Use the bucket object for subsequent operations...

Auto-rotated AK

Suitable for environments where the AK is at risk of compromise. Initialize the credential provider with a ClientKey from KMS, which automatically rotates the managed RAM user AK. KMS also supports immediate rotation if an AK is compromised. To obtain a ClientKey, see Create an Application Access Point.

Add the Secrets Manager client dependency.
```
pip install aliyun-secret-manager-client
```

Create a configuration file named secretsmanager.properties.

# The type of access credential. Fixed value: client_key
credentials_type=client_key

# The decryption password for the ClientKey. You can read it from an environment variable or a file. Set only one.
client_key_password_from_env_variable=<your client key private key password environment variable name>
client_key_password_from_file_path=<your client key private key password file path>

# The path to the private key file of the ClientKey.
client_key_private_key_path=<your client key private key file path>

# The region of the associated KMS.
cache_client_region_id=[{"regionId":"<regionId>"}]

Use the configuration file to provide credential information.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

# -*- coding: utf-8 -*-
import json
import oss2
from oss2 import CredentialsProvider
from oss2.credentials import Credentials
from alibaba_cloud_secretsmanager_client.secret_manager_cache_client_builder import SecretManagerCacheClientBuilder

class CredentialProviderWrapper(CredentialsProvider):
    def get_credentials(self):
        secret_cache_client = SecretManagerCacheClientBuilder.new_client()
        secret_info = secret_cache_client.get_secret_info("<secretName>")
        secret_value_json = json.loads(secret_info.secret_value)
        return Credentials(secret_value_json["AccessKeyId"], secret_value_json["AccessKeySecret"])

credentials_provider = CredentialProviderWrapper()

# Note that ProviderAuthV4 indicates the use of V4 signatures.
auth = oss2.ProviderAuthV4(credentials_provider)

# yourEndpoint specifies the endpoint for the region where the bucket is located.
endpoint = '<endpoint>'

# yourBucketName specifies the bucket name.
bucket_name = 'yourBucketName'

# Specify the region where the bucket is located.
region = '<region-id>'

# Initialize the bucket by using the Auth instance. Note that the region parameter is required when using V4 signatures;
# otherwise, an error occurs.
bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

# Use the bucket object for subsequent operations...

Custom credential provider

If none of the above credential configuration methods meet your requirements, you can define a custom credential provider by implementing the CredentialProvider interface. If your implementation uses an STS token, you must also handle credential refresh.

Before you run the sample code, replace placeholders such as <region-id> with the actual region and endpoint. For example, replace <region-id> with ap-southeast-1.

# -*- coding: utf-8 -*-
import oss2
from oss2 import CredentialsProvider
from oss2.credentials import Credentials

class CredentialProviderWrapper(CredentialsProvider):
    def get_credentials(self):
        # TODO
        # Implement your custom method for obtaining access credentials.

        # Return long-term credentials: access_key_id, access_key_secret
        return Credentials('<access_key_id>', '<access_key_secrect>')

        # Return temporary credentials: access_key_id, access_key_secret, token
        # For temporary credentials, you need to refresh them based on their expiration time.
        # return Credentials('<access_key_id>', '<access_key_secrect>', '<token>');

credentials_provider = CredentialProviderWrapper()

# Note that ProviderAuthV4 indicates the use of V4 signatures.
auth = oss2.ProviderAuthV4(credentials_provider)

# yourEndpoint specifies the endpoint for the region where the bucket is located.
endpoint = '<endpoint>'

# yourBucketName specifies the bucket name.
bucket_name = 'yourBucketName'

# Specify the region where the bucket is located.
region = '<region-id>'

# Initialize the bucket by using the Auth instance. Note that the region parameter is required when using V4 signatures;
# otherwise, an error occurs.
bucket = oss2.Bucket(auth, endpoint, bucket_name, region=region)

# Use the bucket object for subsequent operations...

FAQ

Error: No module named _crcfunext?

Uploads and downloads using the OSS Python SDK V1 are slower than with other tools, such as ossutil or other SDKs.

Cause:

The _crcfunext.so library fails to generate during crcmod compilation because the system is missing the required Python.h file. Learn more about crcmod in the crcmod introduction.
Solution:

Verify that the C extension mode for crcmod is installed correctly.
1. Run the following command to enter the Python environment.
```
python
```
2. Run the following command to import the _crcfunext C extension module from the crcmod module.
```
import crcmod._crcfunext
```
  The following error indicates that the C extension mode for the crcmod library failed to install.
```
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ImportError: No module named _crcfunext                                 
```
3. Choose a solution based on your operating system.
  Windows
  1. Download crcmod-1.7.win32-py2.7.msi or another version of the .msi file.
    
    Note
    The 32-bit version of crcmod is compatible with both 32-bit and 64-bit Windows systems.
  2. Install the .msi file and during the installation process, specify the installation path for crcmod to the Lib\site-packages folder in your local Python installation directory. For example, D:\python\Lib\site-packages\.
  3. After the installation is complete, run the crcmod verification steps again.
  Linux
  
  If this issue occurs on a Linux system, perform the following steps:
  1. Run the following command to uninstall crcmod.
    pip uninstall crcmod
  2. Install python-devel. See Prepare the environment.
  3. Run the following command to reinstall crcmod.
    pip install crcmod
    
    If the installation fails again, uninstall crcmod and run the following command to view detailed error information.
    pip install crcmod -v

Error: No module named 'Crypto'?

Cause:

The Crypto module does not exist in the system, or the crypto module (with a lowercase initial letter) exists.
Solution:

Check for the Crypto module in your local Python installation path, for example, D:\python3.9\Lib\site-packages.
- If the Crypto module does not exist, run the following command.
```
python -m pip install --upgrade setuptools
```
- If a module named crypto (with a lowercase c) exists, rename it to Crypto and then restart your program.

Error: "not an internal or external command"?

On Windows, if you receive 'is not recognized as an internal or external command', add the Python and pip installation paths (typically the Scripts folder in the Python directory) to the Path environment variable. Restart your computer for the changes to take effect.

OSS Python SDK V1 installation failure

If installation fails, uninstall and retry.

pip uninstall oss2

Upgrade the OSS Python SDK V1

Run the following command to upgrade the SDK.

 pip install --upgrade oss2

Troubleshoot AccessDenied errors

An AccessDenied error indicates insufficient permissions. Troubleshoot as follows:

Ensure that you are using the correct AccessKey ID and AccessKey Secret.
Verify that the RAM user has the required permissions for the bucket or object operations.
Check the bucket policy: An error message containing "Access denied by bucket policy" indicates the request was blocked by a bucket policy.

Improve transfer speed for intra-region access

For faster transfers, access OSS from an Alibaba Cloud product (such as ECS) in the same region as your bucket, using an internal endpoint.

View AccessKeys and manage AccessKey Secrets

To view a RAM user's AccessKey: Log on to the RAM console and select the specific user to view their AccessKey information.
A RAM user's AccessKey Secret is shown only at creation time. If you lose it, create a new AccessKey in the RAM console. Create an AccessKey.