CloudRaya Documentation
Storage ServicesStorageRaya

Access & Integration

StorageRaya is an S3-compatible Object Storage service, meaning it can be accessed using standard S3 APIs supported by most modern applications, SDKs, and tools.

This page explains how access works in StorageRaya, how integrations are typically designed, and best practices for secure and reliable usage.

What “S3-Compatible” Means

S3-compatible means StorageRaya follows the Amazon S3 API specification, allowing you to:

  • Use common S3 SDKs (AWS SDK, MinIO SDK, etc.)
  • Integrate with backup tools, applications, and data pipelines
  • Access storage programmatically over HTTPS

StorageRaya provides its own endpoints, credentials, and buckets, while maintaining compatibility with standard S3 workflows.

Core Access Components

To access StorageRaya programmatically, you need:

1️⃣ Endpoint

  • The StorageRaya service endpoint
  • Defines where API requests are sent
  • Region-specific and provided by CloudRaya

This endpoint replaces s3.amazonaws.com in standard S3 configurations.

2️⃣ Access Key & Secret Key

These credentials authenticate requests to StorageRaya.

  • Access Key – identifies the client
  • Secret Key – signs and secures requests

Credentials are generated per bucket and can be rotated at any time.

📄 See: Access & Credentials

3️⃣ Bucket Name

  • Buckets are the top-level containers in StorageRaya
  • Each object is stored inside a bucket
  • Bucket names must be globally unique across CloudRaya

Access Control Model in StorageRaya

StorageRaya uses a bucket- and object-level access model based on standard S3-compatible Access Control Lists (ACLs).

What This Means

  • Access Keys grant access to a specific bucket
  • Fine-grained API-level permissions (such as allowing only PutObject or only GetObject) are not configured through IAM-style policies
  • Access isolation is achieved by:
    • Using separate buckets per workload
    • Using separate credentials per system or application
    • Applying ACLs at the bucket or object level where needed

This model aligns with common S3-compatible storage systems that focus on bucket-based isolation rather than per-action policy engines.

Common Integration Patterns

Typical use cases

  • File uploads
  • Media storage
  • Report exports
  • Application-generated assets

Pattern

  • Application server connects to StorageRaya using S3 APIs
  • Credentials stored securely (environment variables or secret manager)
  • No direct browser-side credentials

Best practices

  • One access key per application or service
  • Separate buckets per environment (dev / staging / prod)
  • Keep all credentials on the server side

Backup & Data Pipeline Integration

Typical use cases

  • Database backups
  • Log archiving
  • Scheduled exports

Pattern

  • Backup tools write directly to StorageRaya
  • A dedicated bucket and credentials are used for backup systems

Best practices

  • Use separate buckets for backup workloads
  • Use dedicated credentials per backup workflow
  • Do not reuse application credentials for backup systems

This approach limits the impact of credential exposure and prevents backup tools from accessing unrelated application data.

CLI & Tool-Based Access

StorageRaya can be accessed using S3-compatible tools, such as:

  • Command-line clients
  • File synchronization tools
  • Data migration utilities

Best practices

  • Use tools for operational and migration tasks only
  • Avoid embedding credentials in shared scripts
  • Rotate automation keys regularly

Authentication & Request Signing

StorageRaya uses standard S3 request signing.

Key characteristics:

  • Requests are authenticated using Access Key & Secret Key
  • Each request is cryptographically signed
  • HTTPS is required for secure transmission

This ensures:

  • Request integrity
  • Secure authentication
  • Full compatibility with standard S3 SDKs

Common Integration Mistakes to Avoid

🚫 Embedding access keys in frontend code

🚫 Using one credential for all applications

🚫 Treating StorageRaya like a mounted disk

🚫 Leaving unused credentials active

🚫 Making buckets public by default

When to Use StorageRaya APIs

Use StorageRaya (S3-compatible API) when you need:

  • Scalable file storage
  • Application-level data persistence
  • Backup and archival targets
  • Integration with existing S3-based tools

If your workload requires POSIX filesystem behavior, use VM block storage instead.

📄 Create a Bucket

📄 Access & Credentials

📄 Manage Bucket

📄 StorageRaya Use Cases & Best Practices

Access & Credentials

Access Control Model in StorageRaya (ACL vs IAM)

© 2026 CloudRaya Product Team. All rights reserved.

On this page

What “S3-Compatible” MeansCore Access Components1️⃣ Endpoint2️⃣ Access Key & Secret Key3️⃣ Bucket NameAccess Control Model in StorageRayaWhat This MeansCommon Integration PatternsApplication Integration (Recommended)Backup & Data Pipeline IntegrationCLI & Tool-Based AccessAuthentication & Request SigningCommon Integration Mistakes to AvoidWhen to Use StorageRaya APIsRelated Guides