This page explains the different request endpoints you can use to accessCloud Storage. Cloud Storage supports HTTP/1.1, HTTP/2, and HTTP/3protocols. An endpoint is the location where Cloud Storage can beaccessed, written as a URL.

For connections through a proxy, see theTroubleshooting topic forrecommended practices.

Encoding URL path parts

In addition to general considerations forbucket naming andobject naming, to ensure compatibility across Cloud Storagetools, you should encode the following characters when they appear in eitherthe object name or query string of a request URL:

!,#,$,&,',(,),*,+,,,/,:,;,=,?,@,[,], and space characters.

For example, if you send aJSON APIGET request for the object namedfoo??bar in the bucketexample-bucket, then your request URL should be:

GET https://storage.googleapis.com/storage/v1/b/example-bucket/o/foo%3f%3fbar

Note that not all of the listed characters must be encoded in every scenario.Additionally, encoding is typically handled for you by client libraries, such astheCloud Storage Client Libraries, so you can pass the rawobject name when using such tools.

For more information about using percent-encoding, seeSection 3.3 Path in RFC 3986.

Google Cloud console endpoints

When using the Google Cloud console, you access different resources usingthe following URLs:

gcloud endpoints

gcloud storage commands use JSON API endpoints. Endpoint usage ismanaged on your behalf by the gcloud CLI.

Client library endpoints

Cloud Storage client libraries manage request endpoints automatically.Optionally, you can set the request endpoint manually. This can be useful whenyou want to use a specific endpoint, or for testing, such as when you want touse a local emulator:

namespaceg=::google::cloud;namespacegcs=::google::cloud::storage;[](std::stringconst&bucket_name,std::stringconst&object_name){// NOTE: the CLOUD_STORAGE_EMULATOR_HOST environment variable overrides any//     value provided here.autoclient=gcs::Client(g::Options{}.set<gcs::RestEndpointOption>("https://storage.googleapis.com"));PerformSomeOperations(client,bucket_name,object_name);}

usingGoogle.Cloud.Storage.V1;usingSystem;publicclassSetClientEndpointSample{publicStorageClientSetClientEndpoint(stringendpoint)=>newStorageClientBuilder{BaseUri=endpoint}.Build();}

import("context""fmt""io""cloud.google.com/go/storage""google.golang.org/api/option")// setClientEndpoint sets the request endpoint.funcsetClientEndpoint(wio.Writer,customEndpointstring,opts...option.ClientOption)error{// customEndpoint := "https://my-custom-endpoint.example.com/storage/v1/"// opts := []option.ClientOption{}ctx:=context.Background()// Add the custom endpoint option to any other desired options passed to storage.NewClient.opts=append(opts,option.WithEndpoint(customEndpoint))client,err:=storage.NewClient(ctx,opts...)iferr!=nil{returnfmt.Errorf("storage.NewClient: %w",err)}deferclient.Close()// Use the client as per your custom endpoint, for example, attempt to get a bucket's metadata.client.Bucket("bucket-name").Attrs(ctx)returnnil}

importcom.google.cloud.storage.Storage;importcom.google.cloud.storage.StorageOptions;publicclassSetClientEndpoint{publicstaticvoidsetClientEndpoint(StringprojectId,Stringendpoint){// The ID of your GCP project// String projectId = "your-project-id";// The endpoint you wish to target// String endpoint = "https://storage.googleapis.com"Storagestorage=StorageOptions.newBuilder().setProjectId(projectId).setHost(endpoint).build().getService();System.out.println("Storage Client initialized with endpoint "+storage.getOptions().getHost());}}

/** * TODO(developer): Uncomment the following lines before running the sample. */// The custom endpoint to which requests should be made// const apiEndpoint = 'https://yourcustomendpoint.com';// Imports the Google Cloud client libraryconst{Storage}=require('@google-cloud/storage');// Creates a clientconststorage=newStorage({apiEndpoint:apiEndpoint,useAuthWithCustomEndpoint:true,});console.log(`Client initiated with endpoint:${storage.apiEndpoint}.`);

use Google\Cloud\Storage\StorageClient;/** * Sets a custom endpoint for storage client. * * @param string $projectId The ID of your Google Cloud Platform project. *        (e.g. 'my-project-id') * @param string $endpoint The endpoint for storage client to target. *        (e.g. 'https://storage.googleapis.com') */function set_client_endpoint(    string $projectId,    string $endpoint): void {    $storage = new StorageClient([        'projectId' => $projectId,        'apiEndpoint' => $endpoint,    ]);    // fetching apiEndpoint and baseUri from StorageClient is excluded for brevity    # ...    print('Storage Client initialized.' . PHP_EOL);}

fromgoogle.cloudimportstoragedefset_client_endpoint(api_endpoint):"""Initiates client with specified endpoint."""# api_endpoint = 'https://storage.googleapis.com'storage_client=storage.Client(client_options={'api_endpoint':api_endpoint})print(f"client initiated with endpoint:{storage_client._connection.API_BASE_URL}")returnstorage_client

# api_endpoint = "https://storage.googleapis.com"require"google/cloud/storage"storage=Google::Cloud::Storage.new(endpoint:api_endpoint)puts"Client initiated with endpoint#{storage.service.service.root_url}"

Custom domains

If you own your own domain, you can map its URIs to one or moreGoogle Cloud services, including Cloud Storage buckets. The termbucket-bound hostname is sometimes used to describe thisCloud Storage request endpoint. To connect a custom domain to aCloud Storage bucket, you create either anA orCNAME redirect inyour DNS record.

A records

When connecting a custom domain to a Cloud Storage bucket, yougenerally should use anA record.

• A records supportHTTPS requests.
• A records can be used to send traffic coming from a single hostname tomultiple buckets as well as to other Google Cloud services.
• A records do not place any restrictions on your bucket name.

The drawback to usingA records is that they require additional setup anduse of additional Google Cloud resources. SeeSetting up your load balancer and SSL certificate for a guide to usingcustom domains withA records.

CNAME records

When connecting a custom domain to a Cloud Storage bucket, you canuse aCNAME record, but note that doing so has certain limitations:

• CNAME records only supportHTTP requests.
• CNAME records can only direct traffic from a given hostname to a singlebucket.
• CNAME records require the hostname and the associated bucket name tomatch, and you mustvalidate your bucket name.
• CNAME records can only be used for subdomains, such aswww.mydomain.com,not top-level domains such asmydomain.com.

When usingCNAME records, the hostname portion of yourCNAME record mustbe set to the following:

c.storage.googleapis.com.

For example, say your domain isexample.com, and you want to make travel mapsavailable to your customers. You can create a bucket in Cloud Storagecalledtravel-maps.example.com, and then create aCNAME record in DNS thatredirects requests fromtravel-maps.example.com to the Cloud StorageURI. To do this, you publish the followingCNAME record in DNS:

NAME                      TYPE     DATAtravel-maps               CNAME    c.storage.googleapis.com.

By doing this, your customers can use the following URL to access a map ofParis:

http://travel-maps.example.com/paris.jpg

Your domain registration service should have a way for you to administer yourdomain, including adding aCNAME resource record. For example, if you useCloud DNS, instructions for adding resource records can be foundon theAdd, modify, and delete records page.

Authenticated browser downloads

Authenticated browser downloads use cookie-based authentication. Cookie-basedauthentication asks users to sign in to their user account to establish theiridentity. The specified account must have appropriate permission to download theobject. For example, if you are using Identity and Access Management to control access to yourobjects, the user's account should have thestorage.objects.viewer permission,which isgranted in the Storage Object Viewer role.

To download an object using cookie-based authentication, use the following URL,replacingBUCKET_NAME andOBJECT_NAME with the appropriate values:

https://storage.cloud.google.com/BUCKET_NAME/OBJECT_NAME

For example, if you shared an imagelondon.jpg from your bucketexample-maps, the URL would be:

https://storage.cloud.google.com/example-maps/london.jpg

After successfully signing in, you are redirected to the requested content. TheURL for this content has the formathttps://ALPHANUMERIC_SEQUENCE-apidata.googleusercontent.com/download/storage/v1/b/BUCKET_NAME/o/OBJECT_NAME.

Using HTTPS is required when performing authenticated browser downloads;attempts to use HTTP redirect to HTTPS.

Access to public objects

All requests to thestorage.cloud.google.com URI require authentication. Thisapplies even whenallUsers have permission to access an object. If you wantusers to download anonymously accessible objects without authenticating, use theXML API path-style endpoint:

https://storage.googleapis.com/BUCKET_NAME/OBJECT_NAME

For details and examples, seeAccessing Public Data.

Mutual TLS support

• JSON API requests:storage.mtls.googleapis.com

• XML API requests:storage.mtls.googleapis.com

• Authenticated browser downloads:storage.mtls.cloud.google.com

What's next

• Upload a file to Cloud Storage.
• Download a file from Cloud Storage.
• Host a static website.
• Learn about options tocontrol access to your data.