Pre-authenticated requests provide a way to let users access a bucket or an object without having their own credentials, as long as the request creator has permission to access those objects. For example, you can create a request that lets operations support user upload backups to a bucket without owning API keys. Or, you can create a request that lets a business partner update shared data in a bucket without owning API keys. When creating a pre-authenticated request, you have the following options: You can specify the name of a bucket that a pre-authenticated request user has write access to and can upload one or more objects to. You can specify the name of an object that a pre-authenticated request user can read from, write to, or read from and write to. Scope and Constraints Understand the following scope and constraints regarding pre-authenticated requests: Users can't list bucket contents. You can create an unlimited number of pre-authenticated requests. There is no time limit to the expiration date that you can set. You can't edit a pre-authenticated request. If you want to change user access options in response to changing requirements, you must create a new pre-authenticated request. The target and actions for a pre-authenticated request are based on the creator's permissions. The request is not, however, bound to the creator's account login credentials. If the creator's login credentials change, a pre-authenticated request is not affected. You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with an object in that bucket.
