Cloud Storage

The Google Cloud Storage connector lets you connect to a Google Cloud Storage and perform file transfer operations.

Before you begin

Before using the Cloud Storage connector, do the following tasks:

  • In your Google Cloud project:
    • Ensure that network connectivity is set up. For information about network patterns, seeNetwork connectivity.
    • Grant theroles/connectors.admin IAM role to the user configuring the connector.
    • Grant the following IAM roles to the service account that you want to use for the connector:
      • roles/secretmanager.viewer
      • roles/secretmanager.secretAccessor
      • roles/storage.admin

      A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs. If you don't have a service account, you must create a service account. The connector and the service account must belong to the same project. For more information, seeCreating a service account.

    • Enable the following services:
      • secretmanager.googleapis.com (Secret Manager API)
      • connectors.googleapis.com (Connectors API)

      To understand how to enable services, seeEnabling services.

    If these services or permissions have not been enabled for your project previously, you are prompted to enable them when configuring the connector.

Configure the connector

A connection is specific to a data source. Itmeans that if you have many data sources, you must create a separate connectionfor each data source. To create a connection, do the following:

  1. In theCloud console, go to theIntegration Connectors > Connections page and then select or create a Google Cloud project.

    Go to the Connections page

  2. Click+ CREATE NEW to open theCreate Connection page.
  3. In theLocation section, choose the location for the connection.
    1. Region: Select a location from the drop-down list.

      For the list of all the supported regions, seeLocations.

    2. ClickNEXT.
  4. In theConnection Details section, complete the following:
    1. Connector: SelectCloud Storage from the drop down list of available Connectors.
    2. Connector version: Select the Connector version from the drop down list of available versions.
    3. In theConnection Name field, enter a name for the Connection instance.

      Connection names must meet the following criteria:

      • Connection names can use letters, numbers, or hyphens.
      • Letters must be lower-case.
      • Connection names must begin with a letter and end with a letter or number.
      • Connection names cannot exceed 49 characters.
    4. Optionally, enter aDescription for the connection instance.
    5. Optionally, enableCloud logging, and then select a log level. By default, the log level is set toError.
    6. Service Account: Select a service account that has therequired roles.
    7. Optionally, configure theConnection node settings:

      • Minimum number of nodes: Enter the minimum number of connection nodes.
      • Maximum number of nodes: Enter the maximum number of connection nodes.

      A node is a unit (or replica) of a connection that processes transactions. More nodes are required to process more transactions for a connection and conversely, fewer nodes are required to process fewer transactions. To understand how the nodes affect your connector pricing, see Pricing for connection nodes. If you don't enter any values, by default the minimum nodes are set to 2 (for better availability) and the maximum nodes are set to 50.

      8. Note: You can customize the connection node values only if you are a Pay-as-you-go customer.
    8. Project ID: The ID of the Google Cloud project where the data resides.
    9. Optionally, click+ ADD LABEL to add a label to the Connection in the form of a key/value pair.
    10. ClickNEXT.
  5. Review: Review your connection.
  6. ClickCreate.

Entities, operations, and actions

All the Integration Connectors provide a layer of abstraction for the objects ofthe connected application. You can access an application's objects only through this abstraction. The abstraction is exposed to you as entities, operations, and actions.

Note: You can view the entities, operations, and actions of a connector in theConnectors task.
  • Entity:An entity can be thought of as an object, or a collection of properties, in theconnected application or service. The definition of an entity differs from a connector to a connector. For example, in a database connector, tables are the entities, in a file server connector, folders are the entities, and in a messaging system connector, queues are the entities.

    However, it is possible that a connector doesn't support or have any entities, in which case theEntities list will be empty.

  • Operation:An operation is the activity that you can perform on an entity. You can performany of the following operations on an entity:

    Selecting an entity from the available list, generates a list ofoperations available for the entity. For a detailed description of the operations, see the Connectors task'sentity operations. However, if a connector doesn't support any of the entity operations, such unsupported operations aren't listed in theOperations list.

  • Action:An action is a first class function that is made available to the integrationthrough the connector interface. An action lets you make changes to an entity or entities, and vary from connector to connector. Normally, an action will have some input parameters, and an output parameter. However, it is possible that a connector doesn't support any action, in which case theActions list will be empty.
Note:All entities and actions will have a schema associated with them. For example, an action schema will have the parameter details such as; the parameternames, and its corresponding data type. The schema (metadata) for entities and actions is fetched by the connection atruntime from your backend. If there are any updates to the schema, such updates won't be automatically reflected in your existing connections; you must manually refresh the schema. To refreshthe schema for a connection, open theConnection details page of the connection, and then clickRefresh connection schema.

System limitations

The Google Cloud Storage connector can process a maximum of 10 transactions per second, pernode, andthrottles any transactions beyond this limit. By default, Integration Connectors allocates 2 nodes (for better availability) for a connection.

For information on the limits applicable to Integration Connectors, seeLimits.

Note: The number ofIntegration Connectors nodes will autoscale dynamically based on your usage. However, if you want to reserve capacity for large volumes without waiting for autoscaling, you can adjust the minimum node value for a connection. More nodes are required to process more transactions for a connection. Conversely, fewer nodes are required if a connection processes fewer transactions. To configure the node values, do the following:
  • If you are a pay-as-you-go customer, configure the minimum and maximum node value in the edit connection page.
  • If you are a subscription based customer,contact support.

The maximum transactions that a node can handle depends on various factors. So, before adjusting the minimum nodes for better throughput, it is recommended you check if your backend systems are set up optimally to handle the required traffic.

Actions

The Google Cloud Storage connection supports the following actions:

Note: The results of all the entity operations and actions will be available as a JSON response in theConnectors task'sconnectorOutputPayload response parameter after you run your integration.

DownloadObject action

The following table describes the input parameters of theDownloadObject action.

Parameter nameRequiredData typeDescription
BucketYesStringBucket name where the object to be downloaded is present.
ObjectFilePathNoStringName of the object that should be downloaded. If not specified, all the objects from the specified bucket will be downloaded.

If the object to download is present in a child folder of a bucket, you must provide the full path of such object. For example, to downloadlogfile.txt that is present inbucket_01'sfolderA, the object path should befolderA/logfile.txt.

HasBytesNoBooleanWhether to download content as bytes. The valid values aretrue orfalse. If set totrue, the content is downloaded as aBase64 encoded string.

By default, theHasBytes field is set tofalse.

UpdatedEndDateNoDateThe end date range to download objects. If not specified, objects will be downloaded from the specifiedUpdatedStartDate until the present day.
UpdatedStartDateNoDateThe start of the date range to download objects. If not specified, objects will be downloaded from the beginning of the time until theUpdatedEndDate.
Note: The objects will not be downloaded to any local system, but will be available to you as a JSON response in the Connector task'sconnectorOutputPayload response parameter after you run your integration.

For examples on how to configure theDownloadObject action, seeExamples.

UploadObject action

The following table describes the input parameters of theUploadObject action.

Parameter nameRequiredData typeDescription
BucketYesStringBucket name where the object will be uploaded.
FolderPathNoStringThe path to the folder where the object should be uploaded.
ContentBytesNoStringContent to upload in the form of bytes (Base64 encoded string).
HasBytesNoBooleanWhether to upload content as bytes. Valid values;true orfalse. If set totrue, the content you want to upload should be a Base64 encoded string.

By default, theHasBytes field is set tofalse.

ContentYesStringThe content to be uploaded.
ObjectNameNoStringName of the object that will be uploaded.
Note: If the specified upload folder doesn't exist, the folderis automatically created in the bucket.

For examples on how to configure theUploadObject action, seeExamples.

CopyObject action

The following table describes the input parameters of theCopyObject action.

Parameter nameRequiredData typeDescription
BucketSourceYesStringBucket name from which you want to copy the object.
ObjectSourceYesStringFull path of the folder where you want to copy the object.
BucketDestinationYesStringBucket name to which you want to copy the object.
ObjectDestinationNoStringFull path of the destination including the object name. If you don't specify any object name, the name of the source object is retained.

For examples on how to configure theCopyObject action, seeExamples.

MoveObject action

The following table describes the input parameters of the MoveObject action.

Parameter nameRequiredData typeDescription
BucketSourceYesStringBucket name from which you want to move the object.
ObjectSourceYesStringFull path of the folder where you want to move the object.
BucketDestinationYesStringBucket name to which you want to move the object.
ObjectDestinationNoStringFull path of the destination including the object name. If you don't specify any object name, the name of the source object is retained.
Tip: If you want to rename a file in a bucket, use the MoveObject action and specify the same bucket name in both source and destination.

DeleteObject action

The following table describes the input parameters of theDeleteObject action.

Parameter nameRequiredData typeDescription
BucketSourceYesStringBucket name where the object to be deleted is present.
ObjectSourceYesStringName of the object that you want to delete.
GenerationNoDoubleVersion of the object to delete. If present, deletes the specified revision of the object as opposed to the latest version, which is the default behaviour.
IfGenerationMatchNoDoubleMakes the delete operation conditional on whether the object's current generation matches the given value. Setting this value to0 makes the operation succeed only if there are no live versions of the object.
IfGenerationNotMatchNoDoubleMakes the delete operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting this value to0 makes the operation succeed only if there is a live version of the object.
IfMetagenerationMatchNoDoubleMakes the delete operation conditional on whether the object's current metageneration matches the specified value.
IfMetagenerationNotMatchNoDoubleMakes the delete operation conditional on whether the object's current metageneration does not match the specified value.

SignURL action

The following table describes the input parameters of theSignURL action which creates a signed URL for the specified object.

Parameter nameRequiredData typeDescription
BucketYesStringThe bucket name where the object resides.
ObjectYesStringThe name of the object to generate the SignedURL for.
RequestMethodNoStringThe method that the signed request will use. The default value isGET.
LocationNoStringLocation of the specified bucket. The default value isauto.
ActiveDateTimeNoStringThe dateTime when the SignedURL will become active. If not specified the current dateTime will be used.
QueryNoStringThe query string that must be included when using the SignedURL, if not specified no query string will be used.
CustomHeadersNoStringA comma separated list of name=value of the headers to use with the SignedURL, if not specified not custom headers will be used.
ExpiresInYesStringThe expiration time for the SignedURL it should be in the format:1d2h3m4s, the maximum value is7d0h0m0s.
HMAC Access IDYesStringThe HMAC access ID. For information, seeHMAC keys.
HMAC SecretYesStringThe HMAC secret.

Examples

This examples in this section describe the following operations:

  • List all objects
  • List all objects in a bucket
  • List objects using the LIKE filter for name
  • List all buckets
  • Download an object
  • Download a binary object
  • Upload a binary object to a bucket
  • Upload an object to a bucket
  • Upload an object to a folder
  • Copy an object
  • Move an object
  • Delete an object
  • Create a signed URL for an object

The following table lists the sample scenarios and the corresponding configuration in the Connectors task:

TaskConfiguration
List all objects
  1. In theConfigure connector task dialog, clickEntities.
  2. Select theObjects entity and then select theList operation.
  3. ClickDone.

This lists all the objects in all the buckets. The objects are listed in theConnectors task'sconnectorOutputPayload response parameter.

List all objects in a bucket
  1. In theConfigure connector task dialog, clickEntities.
  2. Select theObjects entity and then select theList operation.
  3. ClickDone.
  4. Set thefilterClause to the bucket name from which you want to list the objects. To set the clause, in theTask Input section of theConnectors task, clickfilterClause and then enterBucket = 'BUCKET_NAME' in theDefault Value field. For example,Bucket = 'bucket_01'.
List objects using the LIKE filter for name
  1. In theConfigure connector task dialog, clickEntities.
  2. Select theObjects entity and then select theList operation.
  3. ClickDone.
  4. Set thefilterClause to the bucket name from which you want to list the objects. To set the clause, in theTask Input section of theConnectors task, clickfilterClause and then enterName LIKE 'NAME%' AND Bucket = 'BUCKET_NAME' in theDefault Value field.

    For example,Name LIKE 'Operations%' AND Bucket = 'OperationsBucket'.

List all buckets
  1. In theConfigure connector task dialog, clickEntities.
  2. Select theBuckets entity and then select theList operation.
  3. ClickDone.
Download an object
  1. In theConfigure connector task dialog, clickActions.
  2. Select theDownloadObject action, and then clickDone.
  3. In theTask Input section of theConnectors task, clickconnectorInputPayload and then enter a value similar to the following in theDefault Value field:
    {"Bucket":"bucket-test-01","ObjectFilePath":"logfile.txt"}

    4. This example downloads thelogfile.txt file. The downloaded file's content is available to you in JSON format in theConnectors task'sconnectorOutputPayload response parameter.

Download a binary object

The steps to download a binary object are the same as downloading a regular object as previously described. Additionally, you must specify theHasBytes astrue in theconnectorInputPayload field. This downloads the object as a Base64 encoded string. Sample value for theconnectorInputPayload field:

{"Bucket":"bucket-test-01","ObjectFilePath":"image01.png","HasBytes":true}

If the download is successful, the output in theconnectorOutputPayload field will be similar to the following:

{"Success":"true","ContentBytes":"SGVsbG8gdGVzdCE\u003d"}

By default, theHasBytes field is set tofalse.

If the file, contains special characters, such as ä, Ø, Thành, do the following:

  1. Encode in UTF-8: Encode the file in UTF-8 to handle the special charecters.
  2. Convert to Base64: Convert the file to Base64 to ensure that the original text remains intact.
  3. Decode the Base64 string: Decode the file to Base64 string to retrieve the original value with the special characters.
Upload a binary object to a bucket
  1. In theConfigure connector task dialog, clickActions.
  2. Select theUploadObject action, and then clickDone.
  3. In theTask Input section of theConnectors task, clickconnectorInputPayload and then enter the following in theDefault Value field:
    {"ContentBytes":"SGVsbG8gVGVzdCE=","Bucket":"bucket-test-01","ObjectName":"test-file-01","HasBytes":true}

    4. This example creates thetest-file-01 file in thebucket-test-01 bucket. If there is an existing file with thetest-file-01 name, it's overwritten.

Upload an object to a bucket
  1. In theConfigure connector task dialog, clickActions.
  2. Select theUploadObject action, and then clickDone.
  3. In theTask Input section of theConnectors task, clickconnectorInputPayload and then enter the following in theDefault Value field:
    {"Content":"Hello test!","Bucket":"bucket-test-01","ObjectName":"test-file-01.txt"}

    4. This example creates thetest-file-01.txt file with the contentHello test! in thebucket-test-01 bucket. If there is an existing file with thetest-file-01.txt name, it's overwritten.

Upload an object to a folder
  1. In theConfigure connector task dialog, clickActions.
  2. Select theUploadObject action, and then clickDone.
  3. In theTask Input section of theConnectors task, clickconnectorInputPayload and then enter the following in theDefault Value field:
    {"Content":"Hello test!","Bucket":"bucket-test-01","FolderPath":"folderA","ObjectName":"test-file-01.txt"}

    4. This example creates thetest-file-01.txt file with the contentHello test! in thebucket-test-01'sfolderA folder. If the folder has an existing file with thetest-file-01.txt name, it's overwritten.

Copy an object
  1. In theConfigure connector task dialog, clickActions.
  2. Select theCopyObject action, and then clickDone.
  3. In theTask Input section of theConnectors task, clickconnectorInputPayload and then enter the following in theDefault Value field:
    {"BucketSource":"bucket_01","ObjectSource":"folderA/logfile.txt","BucketDestination":"bucket_02","ObjectDestination":"folderB/logfile.txt"}

    4. This example copies thefolderA/logfile.txt file frombucket_01 tofolderB/logfile.txt inbucket_02.

If the copy is successful, the output in theconnectorOutputPayload field will be similar to the following:

{"Success":"true"}
Move an object
  1. In theConfigure connector task dialog, clickActions.
  2. Select theMoveObject action, and then clickDone.
  3. In theTask Input section of theConnectors task, clickconnectorInputPayload and then enter the following in theDefault Value field:
    {"BucketSource":"bucket_01","ObjectSource":"folderA/logfile.txt","BucketDestination":"bucket_02","ObjectDestination":"folderB/logfile.txt"}

    4. This example moves thefolderA/logfile.txt file frombucket_01 tofolderB/logfile.txt inbucket_02.

If the copy is successful, the output in theconnectorOutputPayload field will be similar to the following:

{"Success":"true"}
Delete an object
  1. In theConfigure connector task dialog, clickActions.
  2. Select theDeleteObject action, and then clickDone.
  3. In theTask Input section of theConnectors task, clickconnectorInputPayload and then enter the following in theDefault Value field:
    {"BucketSource":"bucket_01","ObjectSource":"logfile.txt"}

    4. This example deletes thelogfile.txt file frombucket_01.

If the copy is successful, the output in theconnectorOutputPayload field will be similar to the following:

{"Success":"true"}
Create a signed URL for an object
  1. In theConfigure connector task dialog, clickActions.
  2. Select theSignURL action, and then clickDone.
  3. In theTask Input section of theConnectors task, clickconnectorInputPayload and then enter the following in theDefault Value field:
    {"Bucket":"bucket-test-01","ObjectName":"test-file-01.txt"}

    4. This example creates a signed URL for thetest-file-01.txt file which is in thebucket-test-01 bucket. If the action is successful, you will get the signed URL in the response similar to the following:

    {"Success": "true","SignURL": "https://storage.googleapis.com/example-bucket/cat.jpeg?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=example%40example-project.iam.gserviceaccount.com%2F20181026%2Fus-central1%2Fstorage%2Fgoog4_request&X-Goog-Date=20181026T181309Z&X-Goog-Expires=900&X-Goog-SignedHeaders=host&X-Goog-Signature=247a2aa45f169edf4d187d54e7cc46e4731b1e6273242c4f4c39a1d2507a0e58706e25e3a85a7dbb891d62afa8496def8e260c1db863d9ace85ff0a184b894b117fe46d1225c82f2aa19efd52cf21d3e2022b3b868dcc1aca2741951ed5bf3bb25a34f5e9316a2841e8ff4c530b22ceaa1c5ce09c7cbb5732631510c20580e61723f5594de3aea497f195456a2ff2bdd0d13bad47289d8611b6f9cfeef0c46c91a455b94e90a66924f722292d21e24d31dcfb38ce0c0f353ffa5a9756fc2a9f2b40bc2113206a81e324fc4fd6823a29163fa845c8ae7eca1fcf6e5bb48b3200983c56c5ca81fffb151cca7402beddfc4a76b133447032ea7abedc098d2eb14a7"}

Considerations

  • A downloadable object can have a maximum size of 10 MB.
  • You can't upload multiple files using theUploadObject action. You can upload only a single file.

Create connections using Terraform

You can use theTerraformresource to create a new connection.

To learn how to apply or remove a Terraform configuration, seeBasic Terraform commands.

To view a sample terraform template for connection creation, seesample template.

When creating this connection by using Terraform, you must set the following variables in your Terraform configuration file:

Parameter nameData typeRequiredDescription
project_idSTRINGTrueThe ID of the Google Cloud project where the data resides.

Use the Cloud Storage connection in an integration

After you create the connection, it becomes available in bothApigee Integration and Application Integration. You can use the connectionin an integration through the Connectors task.

  • To understand how to create and use the Connectors task in Apigee Integration, seeConnectors task.
  • To understand how to create and use the Connectors task in Application Integration, seeConnectors task.

Get help from the Google Cloud community

You can post your questions and discuss this connector in the Google Cloudcommunity atCloud Forums.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.