# Object Lock

Object Lock Configuration

## GetObjectLockConfiguration

> Retrieves the Object Lock configuration for a bucket.\
> \
> \#### Permissions\
> You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\
> to perform the \`s3:GetBucketObjectLockConfiguration\` operation using \[Bucket Policy]\(#tag/Policy/operation/PutBucketPolicy).<br>

```json
{"openapi":"3.0.3","info":{"title":"IONOS Object Storage API for user-owned buckets","version":"2.0.15"},"tags":[{"name":"Object Lock","description":"Object Lock Configuration"}],"servers":[{"url":"https://s3.eu-central-1.ionoscloud.com","description":"URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.de-central.profitbricks.com","description":"Legacy URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.eu-central-2.ionoscloud.com","description":"URL for `eu-central-2` (Berlin, Germany)"},{"url":"https://s3.eu-south-2.ionoscloud.com","description":"URL for `eu-south-2` (Logroño, Spain)"}],"security":[{"hmac":[]}],"components":{"securitySchemes":{"hmac":{"type":"apiKey","name":"Authorization","in":"header","description":"IONOS Object Storage API requests are authenticated using the AWS signature. \nThe IONOS Object Storage API authenticates users using a customized HTTP scheme based on a [keyed-HMAC](https://en.wikipedia.org/wiki/HMAC) (Hash Message Authentication Code).\nThe process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.\n\n<img src=\"/docs/s3/hmac-postman.png\" width=\"800px\" />\n\nIn the **Authorization** tab for a request, select **AWS Signature** from the **Type** dropdown list.\nSpecify where Postman should append your authorization data using the **Add authorization data to** drop-down menu.\n\n* If you select **Request Headers**, Postman populates the **Headers** tab with Authorization and `X-Amz-` prefixed fields.\n\n* If you select **Request URL**, Postman populates the **Params** tab with authentication details prefixed with `X-Amz-`.\n\n\n**Note:** The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.\n\n* For **Access Key**, enter your `access key` directly in the fields or through variables for added security.\n\n* For **Secret Key**, enter your `secret key` directly in the fields or through variables for added security.\n\nAdvanced fields are optional, but Postman will attempt to generate them automatically if necessary.\n* For **AWS Region**, enter one of the [regions](#section/Endpoints) (`eu-central-3`) where your bucket is hosted.\n\n* For **Service Name**, enter `s3`. The name of the service that receives the requests.\n\n* For **Session Token**, **leave the field blank**. This is only required when temporary security credentials are used.\n"}},"schemas":{"GetObjectLockConfigurationOutput":{"type":"object","xml":{"name":"ObjectLockConfiguration"},"properties":{"ObjectLockConfiguration":{"type":"object","description":"A container for an object lock configuration.","properties":{"ObjectLockEnabled":{"enum":["Enabled"]},"Rule":{"$ref":"#/components/schemas/ObjectLockRule"}}}}},"ObjectLockRule":{"description":"The container element for an Object Lock rule.","type":"object","properties":{"DefaultRetention":{"$ref":"#/components/schemas/DefaultRetention"}},"xml":{"name":"Rule"}},"DefaultRetention":{"description":"The default Object Lock retention mode and period for new objects placed in the specified bucket. Bucket\nsettings require both a mode and a period. The period can be either `Days` or `Years` but you must\nselect one. You cannot specify `Days` and `Years` at the same time.\n","type":"object","properties":{"Mode":{"description":"The default Object Lock retention mode for new\nobjects placed in the specified bucket. Must be used with either `Days` or `Years`.  \n","type":"string","enum":["GOVERNANCE","COMPLIANCE"]},"Days":{"description":"The number of days that you want to specify for the default retention period. Must be used with `Mode`.","type":"integer","minimum":1},"Years":{"description":"The number of years that you want to specify for the default retention period. Must be used with `Mode`.","type":"integer","minimum":1}}},"Error":{"type":"object","description":"Container for all error elements.","properties":{"Error":{"type":"object","properties":{"Code":{"type":"string","enum":["AccessDenied","AccountProblem","AmbiguousGrantByEmailAddress","BadDigest","BucketAlreadyExists","BucketAlreadyOwnedByYou","BucketNotEmpty","CrossLocationLoggingProhibited","EntityTooSmall","EntityTooLarge","IllegalVersioningConfigurationException","IncorrectNumberOfFilesInPostRequest","InternalError","InvalidAccessKeyId","InvalidArgument","InvalidBucketName","InvalidBucketState","InvalidDigest","InvalidEncryptionAlgorithmError","InvalidLocationConstraint","InvalidObjectState","InvalidPart","InvalidPartOrder","InvalidPolicyDocument","InvalidRange","InvalidRequest","InvalidSecurity","InvalidTargetBucketForLogging","InvalidURI","KeyTooLong","MalformedACLError","MalformedPOSTRequest","MalformedXML","MaxMessageLengthExceeded","MaxPostPreDataLengthExceededError","MetadataTooLarge","MethodNotAllowed","MissingContentLength","MissingSecurityHeader","NoSuchBucket","NoSuchBucketPolicy","NoSuchKey","NoSuchLifecycleConfiguration","NoSuchReplicationConfiguration","NoSuchUpload","NoSuchVersion","NotImplemented","PermanentRedirect","PreconditionFailed","Redirect","RestoreAlreadyInProgress","RequestIsNotMultiPartContent","RequestTimeout","RequestTimeTooSkewed","SignatureDoesNotMatch","ServiceUnavailable","SlowDown","TemporaryRedirect","TooManyBuckets","UnexpectedContent","UnresolvableGrantByEmailAddress","UserKeyMustBeSpecified"],"description":"The error code is a string that uniquely identifies an error\ncondition. It is meant to be read and understood by programs\nthat detect and handle errors by type.\n\n## IONOS Object Storage error codes\n- AccessDenied\n  - Description: Access Denied\n  - HTTPStatus Code: 403 Forbidden\n- AccountProblem\n  - Description: There is a problem with your IONOS Object Storage account that prevents the operation from completing successfully. Contact IONOS for further assistance.\n  - HTTP Status Code: 403 Forbidden\n- AmbiguousGrantByEmailAddress\n  - Description: The email address you provided is associated with more than one account.\n  - HTTP Status Code: 400 Bad Request\n- BadDigest\n  - Description: The Content-MD5 you specified did not match what we received.\n  - HTTP Status Code: 400 Bad Request\n- BucketAlreadyExists\n  - Description: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.\n  - HTTP Status Code: 409 Conflict\n- BucketAlreadyOwnedByYou\n  - Description: The bucket you tried to create already exists, and you own it.\n  - HTTP Code: 409 Conflict\n- BucketNotEmpty\n  - Description: The bucket you tried to delete is not empty.\n  - HTTP Status Code: 409 Conflict\n- CrossLocationLoggingProhibited\n  - Description: Cross-location logging not allowed. Buckets in one geographic location cannot log information to a bucket in another location.\n  - HTTP Status Code: 403 Forbidden\n- EntityTooSmall\n  - Description: Your proposed upload is smaller than the minimum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- EntityTooLarge\n  - Description: Your proposed upload exceeds the maximum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- IllegalVersioningConfigurationException\n  - Description: Indicates that the versioning configuration specified in the request is invalid.\n  - HTTP Status Code: 400 Bad Request\n- IncorrectNumberOfFilesInPostRequest\n  - Description: POST requires exactly one file upload per request.\n  - HTTP Status Code: 400 Bad Request\n- InternalError\n  - Description: We encountered an internal error. Please try again.\n  - HTTP Status Code: 500 Internal Server Error \n- InvalidAccessKeyId\n  - Description: The IONOS Object Storage access key ID you provided does not exist in our records.\n  - HTTP Status Code: 403 Forbidden\n- InvalidArgument\n  - Description: Invalid Argument\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketName\n  - Description: The specified bucket is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketState\n  - Description: The request is not valid with the current state of the bucket.\n  - HTTP Status Code: 409 Conflict\n- InvalidDigest\n  - Description: The Content-MD5 you specified is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidEncryptionAlgorithmError\n  - Description: The encryption request you specified is not valid. The valid value is AES256.\n  - HTTP Status Code: 400 Bad Request\n- InvalidLocationConstraint\n  - HTTP Status Code: 400 Bad Request\n- InvalidObjectState\n  - Description: The operation is not valid for the current state of the object.\n  - HTTP Status Code: 403 Forbidden\n- InvalidPart\n  - Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPartOrder\n  - Description: The list of parts was not in ascending order. Parts list must be specified in order by part number.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPolicyDocument\n  - Description: The content of the form does not meet the conditions specified in the policy document.\n  - HTTP Status Code: 400 Bad Request\n- InvalidRange\n  - Description: The requested range cannot be satisfied.\n  - HTTP Status Code: 416 Requested Range Not Satisfiable\n- InvalidRequest\n  - Description: Please use `AWS4-HMAC-SHA256`.\n  - HTTP Status Code: 400 Bad Request\n- InvalidSecurity\n  - Description: The provided security credentials are not valid.\n  - HTTP Status Code: 403 Forbidden\n- InvalidTargetBucketForLogging\n  - Description: The target bucket for logging does not exist, is not owned by you, or does not have the appropriate grants for the log-delivery group.\n  - Status Code: 400 Bad Request\n- InvalidURI\n  - Description: Couldn't parse the specified URI.\n  - HTTP Status Code: 400 Bad Request\n- KeyTooLong\n  - Description: Your key is too long.\n  - HTTP Status Code: 400 Bad Request\n- MalformedACLError\n  - Description: The XML you provided was not well-formed or did not validate against our published schema.\n  - HTTP Status Code: 400 Bad Request\n- MalformedPOSTRequest\n  - Description: The body of your POST request is not well-formed multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- MalformedXML\n  - Description: This happens when the user sends malformed XML (XML that doesn't conform to the published XSD) for the configuration. The error message is, \"The XML you provided was not well-formed or did not validate against our published schema.\"\n  - HTTP Status Code: 400 Bad Request\n- MaxMessageLengthExceeded\n  - Description: Your request was too big.\n  - HTTP Status Code: 400 Bad Request\n- MaxPostPreDataLengthExceededError\n  - Description: Your POST request fields preceding the upload file were too large.\n  - HTTP Status Code: 400 Bad Request\n- MetadataTooLarge\n  - Description: Your metadata headers exceed the maximum allowed metadata size.\n  - HTTP Status Code: 400 Bad Request\n- MethodNotAllowed\n  - Description: The specified method is not allowed against this resource.\n  - HTTP Status Code: 405 Method Not Allowed\n- MissingContentLength\n  - Description: You must provide the Content-Length HTTP header.\n  - HTTP Status Code: 411 Length Required\n- MissingSecurityHeader\n  - Description: Your request is missing a required header.\n  - HTTP Status Code: 400 Bad Request\n- NoSuchBucket\n  - Description: The specified bucket does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchBucketPolicy\n  - Description: The specified bucket does not have a bucket policy.\n  - HTTP Status Code: 404 Not Found\n- NoSuchKey\n  - Description: The specified key does not exist.\n  - HTTP Status Code:404 Not Found\n- NoSuchLifecycleConfiguration\n  - Description: The lifecycle configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchReplicationConfiguration\n  - Description: The replication configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchUpload\n  - Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.\n  - HTTP Status Code: 404 Not Found\n- NoSuchVersion\n  - Description: Indicates that the version ID specified in the request does not match an existing version.\n  - HTTP Status Code: 404 Not Found\n- NotImplemented\n  - Description: A header you provided implies functionality that is not implemented.\n  - HTTP Status Code: 501 Not Implemented\n- PermanentRedirect\n  - Description: The bucket you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.\n  - HTTP Status Code: 301 Moved Permanently\n- PreconditionFailed\n  - Description: At least one of the preconditions you specified did not hold.\n  - HTTP Status Code: 412 Precondition Failed\n- Redirect\n  - Description: Temporary redirect.\n  - HTTP Status Code: 307 Moved Temporarily\n- RestoreAlreadyInProgress\n  - Description: Object restore is already in progress.\n  - HTTP Status Code: 409 Conflict\n- RequestIsNotMultiPartContent\n  - Description: Bucket POST must be of the enclosure-type multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeout\n  - Description: Your socket connection to the server was not read from or written to within the timeout period.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeTooSkewed\n  - Description: The difference between the request time and the server's time is too large.\n  - HTTP Status Code: 403 Forbidden\n- SignatureDoesNotMatch\n  - HTTP Status Code: 403 Forbidden\n- ServiceUnavailable\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Service Unavailable\n- SlowDown\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Slow Down\n- TemporaryRedirect\n  - Description: You are being redirected to the bucket while DNS updates.\n  - HTTP Status Code: 307 Moved Temporarily\n- TooManyBuckets\n  - Description: You have attempted to create more buckets than allowed.\n  - HTTP Status Code: 400 Bad Request\n- UnexpectedContent\n  - Description: This request does not support content.\n  - HTTP Status Code: 400 Bad Request\n- UnresolvableGrantByEmailAddress\n  - Description: The email address you provided does not match any account on record.\n  - HTTP Status Code: 400 Bad Request\n- UserKeyMustBeSpecified\n  - Description: The bucket POST must contain the specified field name. If it is specified, check the order of the fields.\n  - HTTP Status Code: 400 Bad Request\n"},"Message":{"type":"string","description":"Gives a brief English description of the issue."},"RequestId":{"type":"string"},"HostId":{"type":"string"}}}},"xml":{"name":"Error"}},"BucketName":{"description":"The bucket name.","type":"string","minLength":3,"maxLength":63,"xml":{"name":"Name"}}}},"paths":{"/{Bucket}?object-lock":{"get":{"tags":["Object Lock"],"summary":"GetObjectLockConfiguration","operationId":"GetObjectLockConfiguration","description":"Retrieves the Object Lock configuration for a bucket.\n\n#### Permissions\nYou must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\nto perform the `s3:GetBucketObjectLockConfiguration` operation using [Bucket Policy](#tag/Policy/operation/PutBucketPolicy).\n","responses":{"200":{"description":"Successful operation","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/GetObjectLockConfigurationOutput"}}}},"403":{"description":"AccessDenied","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"ObjectLockConfigurationNotFoundError, NoSuchBucket or NoSuchKey","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}}},"parameters":[{"name":"Bucket","in":"path","required":true,"schema":{"$ref":"#/components/schemas/BucketName"}},{"name":"object-lock","in":"query","required":true,"schema":{"type":"boolean","enum":[true]},"allowEmptyValue":true}]}}}}
```

## PutObjectLockConfiguration

> Applies an Object Lock configuration on the specified bucket, which requires\
> the Object Lock feature to have been enabled during its creation.\
> The rule specified in the Object Lock configuration will be applied by default to\
> every new object placed in the specified bucket.\
> \
> \*\*Note:\*\*\
> \- An Object Lock Configuration can only be applied to buckets\
> with Object Lock enabled.\
> \- This feature can only be activated on a new bucket\
> during its creation.\
> \- Object Lock cannot be enabled on a bucket that already exists.\
> \
> \#### Permissions\
> You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\
> to perform the \`s3:PutBucketObjectLockConfiguration\` operation using \[Bucket Policy]\(#tag/Policy/operation/PutBucketPolicy).<br>

```json
{"openapi":"3.0.3","info":{"title":"IONOS Object Storage API for user-owned buckets","version":"2.0.15"},"tags":[{"name":"Object Lock","description":"Object Lock Configuration"}],"servers":[{"url":"https://s3.eu-central-1.ionoscloud.com","description":"URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.de-central.profitbricks.com","description":"Legacy URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.eu-central-2.ionoscloud.com","description":"URL for `eu-central-2` (Berlin, Germany)"},{"url":"https://s3.eu-south-2.ionoscloud.com","description":"URL for `eu-south-2` (Logroño, Spain)"}],"security":[{"hmac":[]}],"components":{"securitySchemes":{"hmac":{"type":"apiKey","name":"Authorization","in":"header","description":"IONOS Object Storage API requests are authenticated using the AWS signature. \nThe IONOS Object Storage API authenticates users using a customized HTTP scheme based on a [keyed-HMAC](https://en.wikipedia.org/wiki/HMAC) (Hash Message Authentication Code).\nThe process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.\n\n<img src=\"/docs/s3/hmac-postman.png\" width=\"800px\" />\n\nIn the **Authorization** tab for a request, select **AWS Signature** from the **Type** dropdown list.\nSpecify where Postman should append your authorization data using the **Add authorization data to** drop-down menu.\n\n* If you select **Request Headers**, Postman populates the **Headers** tab with Authorization and `X-Amz-` prefixed fields.\n\n* If you select **Request URL**, Postman populates the **Params** tab with authentication details prefixed with `X-Amz-`.\n\n\n**Note:** The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.\n\n* For **Access Key**, enter your `access key` directly in the fields or through variables for added security.\n\n* For **Secret Key**, enter your `secret key` directly in the fields or through variables for added security.\n\nAdvanced fields are optional, but Postman will attempt to generate them automatically if necessary.\n* For **AWS Region**, enter one of the [regions](#section/Endpoints) (`eu-central-3`) where your bucket is hosted.\n\n* For **Service Name**, enter `s3`. The name of the service that receives the requests.\n\n* For **Session Token**, **leave the field blank**. This is only required when temporary security credentials are used.\n"}},"schemas":{"Error":{"type":"object","description":"Container for all error elements.","properties":{"Error":{"type":"object","properties":{"Code":{"type":"string","enum":["AccessDenied","AccountProblem","AmbiguousGrantByEmailAddress","BadDigest","BucketAlreadyExists","BucketAlreadyOwnedByYou","BucketNotEmpty","CrossLocationLoggingProhibited","EntityTooSmall","EntityTooLarge","IllegalVersioningConfigurationException","IncorrectNumberOfFilesInPostRequest","InternalError","InvalidAccessKeyId","InvalidArgument","InvalidBucketName","InvalidBucketState","InvalidDigest","InvalidEncryptionAlgorithmError","InvalidLocationConstraint","InvalidObjectState","InvalidPart","InvalidPartOrder","InvalidPolicyDocument","InvalidRange","InvalidRequest","InvalidSecurity","InvalidTargetBucketForLogging","InvalidURI","KeyTooLong","MalformedACLError","MalformedPOSTRequest","MalformedXML","MaxMessageLengthExceeded","MaxPostPreDataLengthExceededError","MetadataTooLarge","MethodNotAllowed","MissingContentLength","MissingSecurityHeader","NoSuchBucket","NoSuchBucketPolicy","NoSuchKey","NoSuchLifecycleConfiguration","NoSuchReplicationConfiguration","NoSuchUpload","NoSuchVersion","NotImplemented","PermanentRedirect","PreconditionFailed","Redirect","RestoreAlreadyInProgress","RequestIsNotMultiPartContent","RequestTimeout","RequestTimeTooSkewed","SignatureDoesNotMatch","ServiceUnavailable","SlowDown","TemporaryRedirect","TooManyBuckets","UnexpectedContent","UnresolvableGrantByEmailAddress","UserKeyMustBeSpecified"],"description":"The error code is a string that uniquely identifies an error\ncondition. It is meant to be read and understood by programs\nthat detect and handle errors by type.\n\n## IONOS Object Storage error codes\n- AccessDenied\n  - Description: Access Denied\n  - HTTPStatus Code: 403 Forbidden\n- AccountProblem\n  - Description: There is a problem with your IONOS Object Storage account that prevents the operation from completing successfully. Contact IONOS for further assistance.\n  - HTTP Status Code: 403 Forbidden\n- AmbiguousGrantByEmailAddress\n  - Description: The email address you provided is associated with more than one account.\n  - HTTP Status Code: 400 Bad Request\n- BadDigest\n  - Description: The Content-MD5 you specified did not match what we received.\n  - HTTP Status Code: 400 Bad Request\n- BucketAlreadyExists\n  - Description: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.\n  - HTTP Status Code: 409 Conflict\n- BucketAlreadyOwnedByYou\n  - Description: The bucket you tried to create already exists, and you own it.\n  - HTTP Code: 409 Conflict\n- BucketNotEmpty\n  - Description: The bucket you tried to delete is not empty.\n  - HTTP Status Code: 409 Conflict\n- CrossLocationLoggingProhibited\n  - Description: Cross-location logging not allowed. Buckets in one geographic location cannot log information to a bucket in another location.\n  - HTTP Status Code: 403 Forbidden\n- EntityTooSmall\n  - Description: Your proposed upload is smaller than the minimum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- EntityTooLarge\n  - Description: Your proposed upload exceeds the maximum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- IllegalVersioningConfigurationException\n  - Description: Indicates that the versioning configuration specified in the request is invalid.\n  - HTTP Status Code: 400 Bad Request\n- IncorrectNumberOfFilesInPostRequest\n  - Description: POST requires exactly one file upload per request.\n  - HTTP Status Code: 400 Bad Request\n- InternalError\n  - Description: We encountered an internal error. Please try again.\n  - HTTP Status Code: 500 Internal Server Error \n- InvalidAccessKeyId\n  - Description: The IONOS Object Storage access key ID you provided does not exist in our records.\n  - HTTP Status Code: 403 Forbidden\n- InvalidArgument\n  - Description: Invalid Argument\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketName\n  - Description: The specified bucket is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketState\n  - Description: The request is not valid with the current state of the bucket.\n  - HTTP Status Code: 409 Conflict\n- InvalidDigest\n  - Description: The Content-MD5 you specified is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidEncryptionAlgorithmError\n  - Description: The encryption request you specified is not valid. The valid value is AES256.\n  - HTTP Status Code: 400 Bad Request\n- InvalidLocationConstraint\n  - HTTP Status Code: 400 Bad Request\n- InvalidObjectState\n  - Description: The operation is not valid for the current state of the object.\n  - HTTP Status Code: 403 Forbidden\n- InvalidPart\n  - Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPartOrder\n  - Description: The list of parts was not in ascending order. Parts list must be specified in order by part number.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPolicyDocument\n  - Description: The content of the form does not meet the conditions specified in the policy document.\n  - HTTP Status Code: 400 Bad Request\n- InvalidRange\n  - Description: The requested range cannot be satisfied.\n  - HTTP Status Code: 416 Requested Range Not Satisfiable\n- InvalidRequest\n  - Description: Please use `AWS4-HMAC-SHA256`.\n  - HTTP Status Code: 400 Bad Request\n- InvalidSecurity\n  - Description: The provided security credentials are not valid.\n  - HTTP Status Code: 403 Forbidden\n- InvalidTargetBucketForLogging\n  - Description: The target bucket for logging does not exist, is not owned by you, or does not have the appropriate grants for the log-delivery group.\n  - Status Code: 400 Bad Request\n- InvalidURI\n  - Description: Couldn't parse the specified URI.\n  - HTTP Status Code: 400 Bad Request\n- KeyTooLong\n  - Description: Your key is too long.\n  - HTTP Status Code: 400 Bad Request\n- MalformedACLError\n  - Description: The XML you provided was not well-formed or did not validate against our published schema.\n  - HTTP Status Code: 400 Bad Request\n- MalformedPOSTRequest\n  - Description: The body of your POST request is not well-formed multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- MalformedXML\n  - Description: This happens when the user sends malformed XML (XML that doesn't conform to the published XSD) for the configuration. The error message is, \"The XML you provided was not well-formed or did not validate against our published schema.\"\n  - HTTP Status Code: 400 Bad Request\n- MaxMessageLengthExceeded\n  - Description: Your request was too big.\n  - HTTP Status Code: 400 Bad Request\n- MaxPostPreDataLengthExceededError\n  - Description: Your POST request fields preceding the upload file were too large.\n  - HTTP Status Code: 400 Bad Request\n- MetadataTooLarge\n  - Description: Your metadata headers exceed the maximum allowed metadata size.\n  - HTTP Status Code: 400 Bad Request\n- MethodNotAllowed\n  - Description: The specified method is not allowed against this resource.\n  - HTTP Status Code: 405 Method Not Allowed\n- MissingContentLength\n  - Description: You must provide the Content-Length HTTP header.\n  - HTTP Status Code: 411 Length Required\n- MissingSecurityHeader\n  - Description: Your request is missing a required header.\n  - HTTP Status Code: 400 Bad Request\n- NoSuchBucket\n  - Description: The specified bucket does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchBucketPolicy\n  - Description: The specified bucket does not have a bucket policy.\n  - HTTP Status Code: 404 Not Found\n- NoSuchKey\n  - Description: The specified key does not exist.\n  - HTTP Status Code:404 Not Found\n- NoSuchLifecycleConfiguration\n  - Description: The lifecycle configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchReplicationConfiguration\n  - Description: The replication configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchUpload\n  - Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.\n  - HTTP Status Code: 404 Not Found\n- NoSuchVersion\n  - Description: Indicates that the version ID specified in the request does not match an existing version.\n  - HTTP Status Code: 404 Not Found\n- NotImplemented\n  - Description: A header you provided implies functionality that is not implemented.\n  - HTTP Status Code: 501 Not Implemented\n- PermanentRedirect\n  - Description: The bucket you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.\n  - HTTP Status Code: 301 Moved Permanently\n- PreconditionFailed\n  - Description: At least one of the preconditions you specified did not hold.\n  - HTTP Status Code: 412 Precondition Failed\n- Redirect\n  - Description: Temporary redirect.\n  - HTTP Status Code: 307 Moved Temporarily\n- RestoreAlreadyInProgress\n  - Description: Object restore is already in progress.\n  - HTTP Status Code: 409 Conflict\n- RequestIsNotMultiPartContent\n  - Description: Bucket POST must be of the enclosure-type multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeout\n  - Description: Your socket connection to the server was not read from or written to within the timeout period.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeTooSkewed\n  - Description: The difference between the request time and the server's time is too large.\n  - HTTP Status Code: 403 Forbidden\n- SignatureDoesNotMatch\n  - HTTP Status Code: 403 Forbidden\n- ServiceUnavailable\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Service Unavailable\n- SlowDown\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Slow Down\n- TemporaryRedirect\n  - Description: You are being redirected to the bucket while DNS updates.\n  - HTTP Status Code: 307 Moved Temporarily\n- TooManyBuckets\n  - Description: You have attempted to create more buckets than allowed.\n  - HTTP Status Code: 400 Bad Request\n- UnexpectedContent\n  - Description: This request does not support content.\n  - HTTP Status Code: 400 Bad Request\n- UnresolvableGrantByEmailAddress\n  - Description: The email address you provided does not match any account on record.\n  - HTTP Status Code: 400 Bad Request\n- UserKeyMustBeSpecified\n  - Description: The bucket POST must contain the specified field name. If it is specified, check the order of the fields.\n  - HTTP Status Code: 400 Bad Request\n"},"Message":{"type":"string","description":"Gives a brief English description of the issue."},"RequestId":{"type":"string"},"HostId":{"type":"string"}}}},"xml":{"name":"Error"}},"BucketName":{"description":"The bucket name.","type":"string","minLength":3,"maxLength":63,"xml":{"name":"Name"}},"Content-MD5":{"type":"string","description":"The base64 encoded MD5 digest of the message (without the headers) according to\n[RFC 1864](http://www.ietf.org/rfc/rfc1864.txt).\n"},"DefaultRetention":{"description":"The default Object Lock retention mode and period for new objects placed in the specified bucket. Bucket\nsettings require both a mode and a period. The period can be either `Days` or `Years` but you must\nselect one. You cannot specify `Days` and `Years` at the same time.\n","type":"object","properties":{"Mode":{"description":"The default Object Lock retention mode for new\nobjects placed in the specified bucket. Must be used with either `Days` or `Years`.  \n","type":"string","enum":["GOVERNANCE","COMPLIANCE"]},"Days":{"description":"The number of days that you want to specify for the default retention period. Must be used with `Mode`.","type":"integer","minimum":1},"Years":{"description":"The number of years that you want to specify for the default retention period. Must be used with `Mode`.","type":"integer","minimum":1}}}}},"paths":{"/{Bucket}?object-lock":{"put":{"tags":["Object Lock"],"summary":"PutObjectLockConfiguration","operationId":"PutObjectLockConfiguration","description":"Applies an Object Lock configuration on the specified bucket, which requires\nthe Object Lock feature to have been enabled during its creation.\nThe rule specified in the Object Lock configuration will be applied by default to\nevery new object placed in the specified bucket.\n\n**Note:**\n- An Object Lock Configuration can only be applied to buckets\nwith Object Lock enabled.\n- This feature can only be activated on a new bucket\nduring its creation.\n- Object Lock cannot be enabled on a bucket that already exists.\n\n#### Permissions\nYou must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\nto perform the `s3:PutBucketObjectLockConfiguration` operation using [Bucket Policy](#tag/Policy/operation/PutBucketPolicy).\n","responses":{"200":{"description":"Successful operation","headers":{},"content":{"application/xml":{}}},"400":{"description":"MalformedXML","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"403":{"description":"AccessDenied","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"409":{"description":"InvalidBucketState","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}}},"parameters":[{"name":"Bucket","in":"path","required":true,"schema":{"$ref":"#/components/schemas/BucketName"}},{"name":"object-lock","in":"query","required":true,"schema":{"type":"boolean","enum":[true]},"allowEmptyValue":true},{"name":"Content-MD5","in":"header","required":true,"schema":{"$ref":"#/components/schemas/Content-MD5"}}],"requestBody":{"required":true,"content":{"application/xml":{"schema":{"type":"object","properties":{"ObjectLockConfiguration":{"type":"object","description":"A container for an object lock configuration.","properties":{"ObjectLockEnabled":{"type":"string","enum":["Enabled"]},"Rule":{"description":"Specifies Object Lock rule for the specified object. Enable this rule when you apply `ObjectLockConfiguration` to a bucket. Bucket settings require both a mode and a period. Specify the period either in `Days` or `Years`, and not both at the same time.","type":"object","properties":{"DefaultRetention":{"$ref":"#/components/schemas/DefaultRetention"}},"xml":{"name":"Rule"}}}}}}}}}}}}}
```

## GetObjectRetention

> Retrieves an object's retention configuration.\
> \
> \#### Permissions\
> You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\
> to perform the \`s3:GetObjectRetention\` operation using \[Bucket Policy]\(#tag/Policy/operation/PutBucketPolicy).<br>

```json
{"openapi":"3.0.3","info":{"title":"IONOS Object Storage API for user-owned buckets","version":"2.0.15"},"tags":[{"name":"Object Lock","description":"Object Lock Configuration"}],"servers":[{"url":"https://s3.eu-central-1.ionoscloud.com","description":"URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.de-central.profitbricks.com","description":"Legacy URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.eu-central-2.ionoscloud.com","description":"URL for `eu-central-2` (Berlin, Germany)"},{"url":"https://s3.eu-south-2.ionoscloud.com","description":"URL for `eu-south-2` (Logroño, Spain)"}],"security":[{"hmac":[]}],"components":{"securitySchemes":{"hmac":{"type":"apiKey","name":"Authorization","in":"header","description":"IONOS Object Storage API requests are authenticated using the AWS signature. \nThe IONOS Object Storage API authenticates users using a customized HTTP scheme based on a [keyed-HMAC](https://en.wikipedia.org/wiki/HMAC) (Hash Message Authentication Code).\nThe process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.\n\n<img src=\"/docs/s3/hmac-postman.png\" width=\"800px\" />\n\nIn the **Authorization** tab for a request, select **AWS Signature** from the **Type** dropdown list.\nSpecify where Postman should append your authorization data using the **Add authorization data to** drop-down menu.\n\n* If you select **Request Headers**, Postman populates the **Headers** tab with Authorization and `X-Amz-` prefixed fields.\n\n* If you select **Request URL**, Postman populates the **Params** tab with authentication details prefixed with `X-Amz-`.\n\n\n**Note:** The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.\n\n* For **Access Key**, enter your `access key` directly in the fields or through variables for added security.\n\n* For **Secret Key**, enter your `secret key` directly in the fields or through variables for added security.\n\nAdvanced fields are optional, but Postman will attempt to generate them automatically if necessary.\n* For **AWS Region**, enter one of the [regions](#section/Endpoints) (`eu-central-3`) where your bucket is hosted.\n\n* For **Service Name**, enter `s3`. The name of the service that receives the requests.\n\n* For **Session Token**, **leave the field blank**. This is only required when temporary security credentials are used.\n"}},"schemas":{"GetObjectRetentionOutput":{"type":"object","properties":{"Retention":{"$ref":"#/components/schemas/ObjectLockRetention"}}},"ObjectLockRetention":{"description":"A Retention configuration for an object.","type":"object","properties":{"Mode":{"description":"Indicates the Retention mode for the specified object.","type":"string","enum":["GOVERNANCE","COMPLIANCE"]},"RetainUntilDate":{"description":"The date on which this Object Lock Retention will expire.","type":"string","format":"date"}}},"Error":{"type":"object","description":"Container for all error elements.","properties":{"Error":{"type":"object","properties":{"Code":{"type":"string","enum":["AccessDenied","AccountProblem","AmbiguousGrantByEmailAddress","BadDigest","BucketAlreadyExists","BucketAlreadyOwnedByYou","BucketNotEmpty","CrossLocationLoggingProhibited","EntityTooSmall","EntityTooLarge","IllegalVersioningConfigurationException","IncorrectNumberOfFilesInPostRequest","InternalError","InvalidAccessKeyId","InvalidArgument","InvalidBucketName","InvalidBucketState","InvalidDigest","InvalidEncryptionAlgorithmError","InvalidLocationConstraint","InvalidObjectState","InvalidPart","InvalidPartOrder","InvalidPolicyDocument","InvalidRange","InvalidRequest","InvalidSecurity","InvalidTargetBucketForLogging","InvalidURI","KeyTooLong","MalformedACLError","MalformedPOSTRequest","MalformedXML","MaxMessageLengthExceeded","MaxPostPreDataLengthExceededError","MetadataTooLarge","MethodNotAllowed","MissingContentLength","MissingSecurityHeader","NoSuchBucket","NoSuchBucketPolicy","NoSuchKey","NoSuchLifecycleConfiguration","NoSuchReplicationConfiguration","NoSuchUpload","NoSuchVersion","NotImplemented","PermanentRedirect","PreconditionFailed","Redirect","RestoreAlreadyInProgress","RequestIsNotMultiPartContent","RequestTimeout","RequestTimeTooSkewed","SignatureDoesNotMatch","ServiceUnavailable","SlowDown","TemporaryRedirect","TooManyBuckets","UnexpectedContent","UnresolvableGrantByEmailAddress","UserKeyMustBeSpecified"],"description":"The error code is a string that uniquely identifies an error\ncondition. It is meant to be read and understood by programs\nthat detect and handle errors by type.\n\n## IONOS Object Storage error codes\n- AccessDenied\n  - Description: Access Denied\n  - HTTPStatus Code: 403 Forbidden\n- AccountProblem\n  - Description: There is a problem with your IONOS Object Storage account that prevents the operation from completing successfully. Contact IONOS for further assistance.\n  - HTTP Status Code: 403 Forbidden\n- AmbiguousGrantByEmailAddress\n  - Description: The email address you provided is associated with more than one account.\n  - HTTP Status Code: 400 Bad Request\n- BadDigest\n  - Description: The Content-MD5 you specified did not match what we received.\n  - HTTP Status Code: 400 Bad Request\n- BucketAlreadyExists\n  - Description: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.\n  - HTTP Status Code: 409 Conflict\n- BucketAlreadyOwnedByYou\n  - Description: The bucket you tried to create already exists, and you own it.\n  - HTTP Code: 409 Conflict\n- BucketNotEmpty\n  - Description: The bucket you tried to delete is not empty.\n  - HTTP Status Code: 409 Conflict\n- CrossLocationLoggingProhibited\n  - Description: Cross-location logging not allowed. Buckets in one geographic location cannot log information to a bucket in another location.\n  - HTTP Status Code: 403 Forbidden\n- EntityTooSmall\n  - Description: Your proposed upload is smaller than the minimum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- EntityTooLarge\n  - Description: Your proposed upload exceeds the maximum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- IllegalVersioningConfigurationException\n  - Description: Indicates that the versioning configuration specified in the request is invalid.\n  - HTTP Status Code: 400 Bad Request\n- IncorrectNumberOfFilesInPostRequest\n  - Description: POST requires exactly one file upload per request.\n  - HTTP Status Code: 400 Bad Request\n- InternalError\n  - Description: We encountered an internal error. Please try again.\n  - HTTP Status Code: 500 Internal Server Error \n- InvalidAccessKeyId\n  - Description: The IONOS Object Storage access key ID you provided does not exist in our records.\n  - HTTP Status Code: 403 Forbidden\n- InvalidArgument\n  - Description: Invalid Argument\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketName\n  - Description: The specified bucket is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketState\n  - Description: The request is not valid with the current state of the bucket.\n  - HTTP Status Code: 409 Conflict\n- InvalidDigest\n  - Description: The Content-MD5 you specified is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidEncryptionAlgorithmError\n  - Description: The encryption request you specified is not valid. The valid value is AES256.\n  - HTTP Status Code: 400 Bad Request\n- InvalidLocationConstraint\n  - HTTP Status Code: 400 Bad Request\n- InvalidObjectState\n  - Description: The operation is not valid for the current state of the object.\n  - HTTP Status Code: 403 Forbidden\n- InvalidPart\n  - Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPartOrder\n  - Description: The list of parts was not in ascending order. Parts list must be specified in order by part number.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPolicyDocument\n  - Description: The content of the form does not meet the conditions specified in the policy document.\n  - HTTP Status Code: 400 Bad Request\n- InvalidRange\n  - Description: The requested range cannot be satisfied.\n  - HTTP Status Code: 416 Requested Range Not Satisfiable\n- InvalidRequest\n  - Description: Please use `AWS4-HMAC-SHA256`.\n  - HTTP Status Code: 400 Bad Request\n- InvalidSecurity\n  - Description: The provided security credentials are not valid.\n  - HTTP Status Code: 403 Forbidden\n- InvalidTargetBucketForLogging\n  - Description: The target bucket for logging does not exist, is not owned by you, or does not have the appropriate grants for the log-delivery group.\n  - Status Code: 400 Bad Request\n- InvalidURI\n  - Description: Couldn't parse the specified URI.\n  - HTTP Status Code: 400 Bad Request\n- KeyTooLong\n  - Description: Your key is too long.\n  - HTTP Status Code: 400 Bad Request\n- MalformedACLError\n  - Description: The XML you provided was not well-formed or did not validate against our published schema.\n  - HTTP Status Code: 400 Bad Request\n- MalformedPOSTRequest\n  - Description: The body of your POST request is not well-formed multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- MalformedXML\n  - Description: This happens when the user sends malformed XML (XML that doesn't conform to the published XSD) for the configuration. The error message is, \"The XML you provided was not well-formed or did not validate against our published schema.\"\n  - HTTP Status Code: 400 Bad Request\n- MaxMessageLengthExceeded\n  - Description: Your request was too big.\n  - HTTP Status Code: 400 Bad Request\n- MaxPostPreDataLengthExceededError\n  - Description: Your POST request fields preceding the upload file were too large.\n  - HTTP Status Code: 400 Bad Request\n- MetadataTooLarge\n  - Description: Your metadata headers exceed the maximum allowed metadata size.\n  - HTTP Status Code: 400 Bad Request\n- MethodNotAllowed\n  - Description: The specified method is not allowed against this resource.\n  - HTTP Status Code: 405 Method Not Allowed\n- MissingContentLength\n  - Description: You must provide the Content-Length HTTP header.\n  - HTTP Status Code: 411 Length Required\n- MissingSecurityHeader\n  - Description: Your request is missing a required header.\n  - HTTP Status Code: 400 Bad Request\n- NoSuchBucket\n  - Description: The specified bucket does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchBucketPolicy\n  - Description: The specified bucket does not have a bucket policy.\n  - HTTP Status Code: 404 Not Found\n- NoSuchKey\n  - Description: The specified key does not exist.\n  - HTTP Status Code:404 Not Found\n- NoSuchLifecycleConfiguration\n  - Description: The lifecycle configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchReplicationConfiguration\n  - Description: The replication configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchUpload\n  - Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.\n  - HTTP Status Code: 404 Not Found\n- NoSuchVersion\n  - Description: Indicates that the version ID specified in the request does not match an existing version.\n  - HTTP Status Code: 404 Not Found\n- NotImplemented\n  - Description: A header you provided implies functionality that is not implemented.\n  - HTTP Status Code: 501 Not Implemented\n- PermanentRedirect\n  - Description: The bucket you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.\n  - HTTP Status Code: 301 Moved Permanently\n- PreconditionFailed\n  - Description: At least one of the preconditions you specified did not hold.\n  - HTTP Status Code: 412 Precondition Failed\n- Redirect\n  - Description: Temporary redirect.\n  - HTTP Status Code: 307 Moved Temporarily\n- RestoreAlreadyInProgress\n  - Description: Object restore is already in progress.\n  - HTTP Status Code: 409 Conflict\n- RequestIsNotMultiPartContent\n  - Description: Bucket POST must be of the enclosure-type multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeout\n  - Description: Your socket connection to the server was not read from or written to within the timeout period.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeTooSkewed\n  - Description: The difference between the request time and the server's time is too large.\n  - HTTP Status Code: 403 Forbidden\n- SignatureDoesNotMatch\n  - HTTP Status Code: 403 Forbidden\n- ServiceUnavailable\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Service Unavailable\n- SlowDown\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Slow Down\n- TemporaryRedirect\n  - Description: You are being redirected to the bucket while DNS updates.\n  - HTTP Status Code: 307 Moved Temporarily\n- TooManyBuckets\n  - Description: You have attempted to create more buckets than allowed.\n  - HTTP Status Code: 400 Bad Request\n- UnexpectedContent\n  - Description: This request does not support content.\n  - HTTP Status Code: 400 Bad Request\n- UnresolvableGrantByEmailAddress\n  - Description: The email address you provided does not match any account on record.\n  - HTTP Status Code: 400 Bad Request\n- UserKeyMustBeSpecified\n  - Description: The bucket POST must contain the specified field name. If it is specified, check the order of the fields.\n  - HTTP Status Code: 400 Bad Request\n"},"Message":{"type":"string","description":"Gives a brief English description of the issue."},"RequestId":{"type":"string"},"HostId":{"type":"string"}}}},"xml":{"name":"Error"}},"BucketName":{"description":"The bucket name.","type":"string","minLength":3,"maxLength":63,"xml":{"name":"Name"}}}},"paths":{"/{Bucket}/{Key}?retention":{"get":{"tags":["Object Lock"],"summary":"GetObjectRetention","operationId":"GetObjectRetention","description":"Retrieves an object's retention configuration.\n\n#### Permissions\nYou must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\nto perform the `s3:GetObjectRetention` operation using [Bucket Policy](#tag/Policy/operation/PutBucketPolicy).\n","responses":{"200":{"description":"Successful operation","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/GetObjectRetentionOutput"}}}},"400":{"description":"InvalidRequest","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"403":{"description":"AccessDenied","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"NoSuchBucket or NoSuchKey","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}}},"parameters":[{"name":"Bucket","in":"path","required":true,"schema":{"$ref":"#/components/schemas/BucketName"}},{"name":"Key","in":"path","required":true,"description":"The key name of the object whose retention settings you want to retrieve.","schema":{"type":"string","minLength":1}},{"name":"retention","in":"query","required":true,"schema":{"type":"boolean","enum":[true]},"allowEmptyValue":true},{"name":"versionId","in":"query","required":false,"description":"The version ID of the object whose retention settings you want to retrieve.","schema":{"type":"string"}}]}}}}
```

## PutObjectRetention

> Places an Object Retention configuration on an object.\
> \
> \#### Permissions\
> You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\
> to perform the \`s3:PutObjectRetention\` operation using \[Bucket Policy]\(#tag/Policy/operation/PutBucketPolicy).\
> Bypassing a Governance Retention configuration also requires the \`s3:BypassGovernanceRetention\` permission.<br>

```json
{"openapi":"3.0.3","info":{"title":"IONOS Object Storage API for user-owned buckets","version":"2.0.15"},"tags":[{"name":"Object Lock","description":"Object Lock Configuration"}],"servers":[{"url":"https://s3.eu-central-1.ionoscloud.com","description":"URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.de-central.profitbricks.com","description":"Legacy URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.eu-central-2.ionoscloud.com","description":"URL for `eu-central-2` (Berlin, Germany)"},{"url":"https://s3.eu-south-2.ionoscloud.com","description":"URL for `eu-south-2` (Logroño, Spain)"}],"security":[{"hmac":[]}],"components":{"securitySchemes":{"hmac":{"type":"apiKey","name":"Authorization","in":"header","description":"IONOS Object Storage API requests are authenticated using the AWS signature. \nThe IONOS Object Storage API authenticates users using a customized HTTP scheme based on a [keyed-HMAC](https://en.wikipedia.org/wiki/HMAC) (Hash Message Authentication Code).\nThe process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.\n\n<img src=\"/docs/s3/hmac-postman.png\" width=\"800px\" />\n\nIn the **Authorization** tab for a request, select **AWS Signature** from the **Type** dropdown list.\nSpecify where Postman should append your authorization data using the **Add authorization data to** drop-down menu.\n\n* If you select **Request Headers**, Postman populates the **Headers** tab with Authorization and `X-Amz-` prefixed fields.\n\n* If you select **Request URL**, Postman populates the **Params** tab with authentication details prefixed with `X-Amz-`.\n\n\n**Note:** The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.\n\n* For **Access Key**, enter your `access key` directly in the fields or through variables for added security.\n\n* For **Secret Key**, enter your `secret key` directly in the fields or through variables for added security.\n\nAdvanced fields are optional, but Postman will attempt to generate them automatically if necessary.\n* For **AWS Region**, enter one of the [regions](#section/Endpoints) (`eu-central-3`) where your bucket is hosted.\n\n* For **Service Name**, enter `s3`. The name of the service that receives the requests.\n\n* For **Session Token**, **leave the field blank**. This is only required when temporary security credentials are used.\n"}},"schemas":{"Error":{"type":"object","description":"Container for all error elements.","properties":{"Error":{"type":"object","properties":{"Code":{"type":"string","enum":["AccessDenied","AccountProblem","AmbiguousGrantByEmailAddress","BadDigest","BucketAlreadyExists","BucketAlreadyOwnedByYou","BucketNotEmpty","CrossLocationLoggingProhibited","EntityTooSmall","EntityTooLarge","IllegalVersioningConfigurationException","IncorrectNumberOfFilesInPostRequest","InternalError","InvalidAccessKeyId","InvalidArgument","InvalidBucketName","InvalidBucketState","InvalidDigest","InvalidEncryptionAlgorithmError","InvalidLocationConstraint","InvalidObjectState","InvalidPart","InvalidPartOrder","InvalidPolicyDocument","InvalidRange","InvalidRequest","InvalidSecurity","InvalidTargetBucketForLogging","InvalidURI","KeyTooLong","MalformedACLError","MalformedPOSTRequest","MalformedXML","MaxMessageLengthExceeded","MaxPostPreDataLengthExceededError","MetadataTooLarge","MethodNotAllowed","MissingContentLength","MissingSecurityHeader","NoSuchBucket","NoSuchBucketPolicy","NoSuchKey","NoSuchLifecycleConfiguration","NoSuchReplicationConfiguration","NoSuchUpload","NoSuchVersion","NotImplemented","PermanentRedirect","PreconditionFailed","Redirect","RestoreAlreadyInProgress","RequestIsNotMultiPartContent","RequestTimeout","RequestTimeTooSkewed","SignatureDoesNotMatch","ServiceUnavailable","SlowDown","TemporaryRedirect","TooManyBuckets","UnexpectedContent","UnresolvableGrantByEmailAddress","UserKeyMustBeSpecified"],"description":"The error code is a string that uniquely identifies an error\ncondition. It is meant to be read and understood by programs\nthat detect and handle errors by type.\n\n## IONOS Object Storage error codes\n- AccessDenied\n  - Description: Access Denied\n  - HTTPStatus Code: 403 Forbidden\n- AccountProblem\n  - Description: There is a problem with your IONOS Object Storage account that prevents the operation from completing successfully. Contact IONOS for further assistance.\n  - HTTP Status Code: 403 Forbidden\n- AmbiguousGrantByEmailAddress\n  - Description: The email address you provided is associated with more than one account.\n  - HTTP Status Code: 400 Bad Request\n- BadDigest\n  - Description: The Content-MD5 you specified did not match what we received.\n  - HTTP Status Code: 400 Bad Request\n- BucketAlreadyExists\n  - Description: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.\n  - HTTP Status Code: 409 Conflict\n- BucketAlreadyOwnedByYou\n  - Description: The bucket you tried to create already exists, and you own it.\n  - HTTP Code: 409 Conflict\n- BucketNotEmpty\n  - Description: The bucket you tried to delete is not empty.\n  - HTTP Status Code: 409 Conflict\n- CrossLocationLoggingProhibited\n  - Description: Cross-location logging not allowed. Buckets in one geographic location cannot log information to a bucket in another location.\n  - HTTP Status Code: 403 Forbidden\n- EntityTooSmall\n  - Description: Your proposed upload is smaller than the minimum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- EntityTooLarge\n  - Description: Your proposed upload exceeds the maximum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- IllegalVersioningConfigurationException\n  - Description: Indicates that the versioning configuration specified in the request is invalid.\n  - HTTP Status Code: 400 Bad Request\n- IncorrectNumberOfFilesInPostRequest\n  - Description: POST requires exactly one file upload per request.\n  - HTTP Status Code: 400 Bad Request\n- InternalError\n  - Description: We encountered an internal error. Please try again.\n  - HTTP Status Code: 500 Internal Server Error \n- InvalidAccessKeyId\n  - Description: The IONOS Object Storage access key ID you provided does not exist in our records.\n  - HTTP Status Code: 403 Forbidden\n- InvalidArgument\n  - Description: Invalid Argument\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketName\n  - Description: The specified bucket is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketState\n  - Description: The request is not valid with the current state of the bucket.\n  - HTTP Status Code: 409 Conflict\n- InvalidDigest\n  - Description: The Content-MD5 you specified is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidEncryptionAlgorithmError\n  - Description: The encryption request you specified is not valid. The valid value is AES256.\n  - HTTP Status Code: 400 Bad Request\n- InvalidLocationConstraint\n  - HTTP Status Code: 400 Bad Request\n- InvalidObjectState\n  - Description: The operation is not valid for the current state of the object.\n  - HTTP Status Code: 403 Forbidden\n- InvalidPart\n  - Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPartOrder\n  - Description: The list of parts was not in ascending order. Parts list must be specified in order by part number.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPolicyDocument\n  - Description: The content of the form does not meet the conditions specified in the policy document.\n  - HTTP Status Code: 400 Bad Request\n- InvalidRange\n  - Description: The requested range cannot be satisfied.\n  - HTTP Status Code: 416 Requested Range Not Satisfiable\n- InvalidRequest\n  - Description: Please use `AWS4-HMAC-SHA256`.\n  - HTTP Status Code: 400 Bad Request\n- InvalidSecurity\n  - Description: The provided security credentials are not valid.\n  - HTTP Status Code: 403 Forbidden\n- InvalidTargetBucketForLogging\n  - Description: The target bucket for logging does not exist, is not owned by you, or does not have the appropriate grants for the log-delivery group.\n  - Status Code: 400 Bad Request\n- InvalidURI\n  - Description: Couldn't parse the specified URI.\n  - HTTP Status Code: 400 Bad Request\n- KeyTooLong\n  - Description: Your key is too long.\n  - HTTP Status Code: 400 Bad Request\n- MalformedACLError\n  - Description: The XML you provided was not well-formed or did not validate against our published schema.\n  - HTTP Status Code: 400 Bad Request\n- MalformedPOSTRequest\n  - Description: The body of your POST request is not well-formed multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- MalformedXML\n  - Description: This happens when the user sends malformed XML (XML that doesn't conform to the published XSD) for the configuration. The error message is, \"The XML you provided was not well-formed or did not validate against our published schema.\"\n  - HTTP Status Code: 400 Bad Request\n- MaxMessageLengthExceeded\n  - Description: Your request was too big.\n  - HTTP Status Code: 400 Bad Request\n- MaxPostPreDataLengthExceededError\n  - Description: Your POST request fields preceding the upload file were too large.\n  - HTTP Status Code: 400 Bad Request\n- MetadataTooLarge\n  - Description: Your metadata headers exceed the maximum allowed metadata size.\n  - HTTP Status Code: 400 Bad Request\n- MethodNotAllowed\n  - Description: The specified method is not allowed against this resource.\n  - HTTP Status Code: 405 Method Not Allowed\n- MissingContentLength\n  - Description: You must provide the Content-Length HTTP header.\n  - HTTP Status Code: 411 Length Required\n- MissingSecurityHeader\n  - Description: Your request is missing a required header.\n  - HTTP Status Code: 400 Bad Request\n- NoSuchBucket\n  - Description: The specified bucket does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchBucketPolicy\n  - Description: The specified bucket does not have a bucket policy.\n  - HTTP Status Code: 404 Not Found\n- NoSuchKey\n  - Description: The specified key does not exist.\n  - HTTP Status Code:404 Not Found\n- NoSuchLifecycleConfiguration\n  - Description: The lifecycle configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchReplicationConfiguration\n  - Description: The replication configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchUpload\n  - Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.\n  - HTTP Status Code: 404 Not Found\n- NoSuchVersion\n  - Description: Indicates that the version ID specified in the request does not match an existing version.\n  - HTTP Status Code: 404 Not Found\n- NotImplemented\n  - Description: A header you provided implies functionality that is not implemented.\n  - HTTP Status Code: 501 Not Implemented\n- PermanentRedirect\n  - Description: The bucket you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.\n  - HTTP Status Code: 301 Moved Permanently\n- PreconditionFailed\n  - Description: At least one of the preconditions you specified did not hold.\n  - HTTP Status Code: 412 Precondition Failed\n- Redirect\n  - Description: Temporary redirect.\n  - HTTP Status Code: 307 Moved Temporarily\n- RestoreAlreadyInProgress\n  - Description: Object restore is already in progress.\n  - HTTP Status Code: 409 Conflict\n- RequestIsNotMultiPartContent\n  - Description: Bucket POST must be of the enclosure-type multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeout\n  - Description: Your socket connection to the server was not read from or written to within the timeout period.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeTooSkewed\n  - Description: The difference between the request time and the server's time is too large.\n  - HTTP Status Code: 403 Forbidden\n- SignatureDoesNotMatch\n  - HTTP Status Code: 403 Forbidden\n- ServiceUnavailable\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Service Unavailable\n- SlowDown\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Slow Down\n- TemporaryRedirect\n  - Description: You are being redirected to the bucket while DNS updates.\n  - HTTP Status Code: 307 Moved Temporarily\n- TooManyBuckets\n  - Description: You have attempted to create more buckets than allowed.\n  - HTTP Status Code: 400 Bad Request\n- UnexpectedContent\n  - Description: This request does not support content.\n  - HTTP Status Code: 400 Bad Request\n- UnresolvableGrantByEmailAddress\n  - Description: The email address you provided does not match any account on record.\n  - HTTP Status Code: 400 Bad Request\n- UserKeyMustBeSpecified\n  - Description: The bucket POST must contain the specified field name. If it is specified, check the order of the fields.\n  - HTTP Status Code: 400 Bad Request\n"},"Message":{"type":"string","description":"Gives a brief English description of the issue."},"RequestId":{"type":"string"},"HostId":{"type":"string"}}}},"xml":{"name":"Error"}},"BucketName":{"description":"The bucket name.","type":"string","minLength":3,"maxLength":63,"xml":{"name":"Name"}},"Content-MD5":{"type":"string","description":"The base64 encoded MD5 digest of the message (without the headers) according to\n[RFC 1864](http://www.ietf.org/rfc/rfc1864.txt).\n"}}},"paths":{"/{Bucket}/{Key}?retention":{"put":{"tags":["Object Lock"],"summary":"PutObjectRetention","operationId":"PutObjectRetention","description":"Places an Object Retention configuration on an object.\n\n#### Permissions\nYou must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\nto perform the `s3:PutObjectRetention` operation using [Bucket Policy](#tag/Policy/operation/PutBucketPolicy).\nBypassing a Governance Retention configuration also requires the `s3:BypassGovernanceRetention` permission.\n","responses":{"200":{"description":"Successful operation","headers":{},"content":{"application/xml":{}}},"400":{"description":"InvalidRequest or MalformedXML","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"403":{"description":"AccessDenied or ObjectLockAccessDenied","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"NoSuchBucket or NoSuchKey","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}}},"parameters":[{"name":"Bucket","in":"path","required":true,"schema":{"$ref":"#/components/schemas/BucketName"}},{"name":"Key","in":"path","required":true,"description":"The key name of the object to which you want to apply the Object Retention configuration.","schema":{"type":"string","minLength":1}},{"name":"retention","in":"query","required":true,"schema":{"type":"boolean","enum":[true]},"allowEmptyValue":true},{"name":"versionId","in":"query","required":false,"description":"The version ID of the object to which you want to apply the Object Retention configuration.","schema":{"type":"string"}},{"name":"x-amz-bypass-governance-retention","in":"header","required":false,"description":"Indicates whether this operation should bypass Governance mode's restrictions.","schema":{"type":"boolean","default":false}},{"name":"Content-MD5","in":"header","required":false,"schema":{"$ref":"#/components/schemas/Content-MD5"}}],"requestBody":{"required":true,"content":{"application/xml":{"schema":{"type":"object","properties":{"Retention":{"description":"A Retention configuration for an object.","type":"object","properties":{"Mode":{"description":"Indicates the Retention mode for the specified object.","type":"string","enum":["GOVERNANCE","COMPLIANCE"]},"RetainUntilDate":{"description":"The date on which this Object Lock Retention will expire.","type":"string","format":"date-time"}}}}}}}}}}}}
```

## GetObjectLegalHold

> Gets an object's current Legal Hold status.\
> \
> \#### Permissions\
> You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\
> to perform the \`s3:GetObjectLegalHold\` operation using \[Bucket Policy]\(#tag/Policy/operation/PutBucketPolicy).<br>

```json
{"openapi":"3.0.3","info":{"title":"IONOS Object Storage API for user-owned buckets","version":"2.0.15"},"tags":[{"name":"Object Lock","description":"Object Lock Configuration"}],"servers":[{"url":"https://s3.eu-central-1.ionoscloud.com","description":"URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.de-central.profitbricks.com","description":"Legacy URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.eu-central-2.ionoscloud.com","description":"URL for `eu-central-2` (Berlin, Germany)"},{"url":"https://s3.eu-south-2.ionoscloud.com","description":"URL for `eu-south-2` (Logroño, Spain)"}],"security":[{"hmac":[]}],"components":{"securitySchemes":{"hmac":{"type":"apiKey","name":"Authorization","in":"header","description":"IONOS Object Storage API requests are authenticated using the AWS signature. \nThe IONOS Object Storage API authenticates users using a customized HTTP scheme based on a [keyed-HMAC](https://en.wikipedia.org/wiki/HMAC) (Hash Message Authentication Code).\nThe process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.\n\n<img src=\"/docs/s3/hmac-postman.png\" width=\"800px\" />\n\nIn the **Authorization** tab for a request, select **AWS Signature** from the **Type** dropdown list.\nSpecify where Postman should append your authorization data using the **Add authorization data to** drop-down menu.\n\n* If you select **Request Headers**, Postman populates the **Headers** tab with Authorization and `X-Amz-` prefixed fields.\n\n* If you select **Request URL**, Postman populates the **Params** tab with authentication details prefixed with `X-Amz-`.\n\n\n**Note:** The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.\n\n* For **Access Key**, enter your `access key` directly in the fields or through variables for added security.\n\n* For **Secret Key**, enter your `secret key` directly in the fields or through variables for added security.\n\nAdvanced fields are optional, but Postman will attempt to generate them automatically if necessary.\n* For **AWS Region**, enter one of the [regions](#section/Endpoints) (`eu-central-3`) where your bucket is hosted.\n\n* For **Service Name**, enter `s3`. The name of the service that receives the requests.\n\n* For **Session Token**, **leave the field blank**. This is only required when temporary security credentials are used.\n"}},"schemas":{"ObjectLegalHoldConfiguration":{"description":"A Legal Hold configuration for an object.","type":"object","properties":{"Status":{"description":"Object Legal Hold status","type":"string","enum":["ON","OFF"]}},"xml":{"name":"LegalHold","namespace":"http://s3.amazonaws.com/doc/2006-03-01/"}},"Error":{"type":"object","description":"Container for all error elements.","properties":{"Error":{"type":"object","properties":{"Code":{"type":"string","enum":["AccessDenied","AccountProblem","AmbiguousGrantByEmailAddress","BadDigest","BucketAlreadyExists","BucketAlreadyOwnedByYou","BucketNotEmpty","CrossLocationLoggingProhibited","EntityTooSmall","EntityTooLarge","IllegalVersioningConfigurationException","IncorrectNumberOfFilesInPostRequest","InternalError","InvalidAccessKeyId","InvalidArgument","InvalidBucketName","InvalidBucketState","InvalidDigest","InvalidEncryptionAlgorithmError","InvalidLocationConstraint","InvalidObjectState","InvalidPart","InvalidPartOrder","InvalidPolicyDocument","InvalidRange","InvalidRequest","InvalidSecurity","InvalidTargetBucketForLogging","InvalidURI","KeyTooLong","MalformedACLError","MalformedPOSTRequest","MalformedXML","MaxMessageLengthExceeded","MaxPostPreDataLengthExceededError","MetadataTooLarge","MethodNotAllowed","MissingContentLength","MissingSecurityHeader","NoSuchBucket","NoSuchBucketPolicy","NoSuchKey","NoSuchLifecycleConfiguration","NoSuchReplicationConfiguration","NoSuchUpload","NoSuchVersion","NotImplemented","PermanentRedirect","PreconditionFailed","Redirect","RestoreAlreadyInProgress","RequestIsNotMultiPartContent","RequestTimeout","RequestTimeTooSkewed","SignatureDoesNotMatch","ServiceUnavailable","SlowDown","TemporaryRedirect","TooManyBuckets","UnexpectedContent","UnresolvableGrantByEmailAddress","UserKeyMustBeSpecified"],"description":"The error code is a string that uniquely identifies an error\ncondition. It is meant to be read and understood by programs\nthat detect and handle errors by type.\n\n## IONOS Object Storage error codes\n- AccessDenied\n  - Description: Access Denied\n  - HTTPStatus Code: 403 Forbidden\n- AccountProblem\n  - Description: There is a problem with your IONOS Object Storage account that prevents the operation from completing successfully. Contact IONOS for further assistance.\n  - HTTP Status Code: 403 Forbidden\n- AmbiguousGrantByEmailAddress\n  - Description: The email address you provided is associated with more than one account.\n  - HTTP Status Code: 400 Bad Request\n- BadDigest\n  - Description: The Content-MD5 you specified did not match what we received.\n  - HTTP Status Code: 400 Bad Request\n- BucketAlreadyExists\n  - Description: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.\n  - HTTP Status Code: 409 Conflict\n- BucketAlreadyOwnedByYou\n  - Description: The bucket you tried to create already exists, and you own it.\n  - HTTP Code: 409 Conflict\n- BucketNotEmpty\n  - Description: The bucket you tried to delete is not empty.\n  - HTTP Status Code: 409 Conflict\n- CrossLocationLoggingProhibited\n  - Description: Cross-location logging not allowed. Buckets in one geographic location cannot log information to a bucket in another location.\n  - HTTP Status Code: 403 Forbidden\n- EntityTooSmall\n  - Description: Your proposed upload is smaller than the minimum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- EntityTooLarge\n  - Description: Your proposed upload exceeds the maximum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- IllegalVersioningConfigurationException\n  - Description: Indicates that the versioning configuration specified in the request is invalid.\n  - HTTP Status Code: 400 Bad Request\n- IncorrectNumberOfFilesInPostRequest\n  - Description: POST requires exactly one file upload per request.\n  - HTTP Status Code: 400 Bad Request\n- InternalError\n  - Description: We encountered an internal error. Please try again.\n  - HTTP Status Code: 500 Internal Server Error \n- InvalidAccessKeyId\n  - Description: The IONOS Object Storage access key ID you provided does not exist in our records.\n  - HTTP Status Code: 403 Forbidden\n- InvalidArgument\n  - Description: Invalid Argument\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketName\n  - Description: The specified bucket is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketState\n  - Description: The request is not valid with the current state of the bucket.\n  - HTTP Status Code: 409 Conflict\n- InvalidDigest\n  - Description: The Content-MD5 you specified is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidEncryptionAlgorithmError\n  - Description: The encryption request you specified is not valid. The valid value is AES256.\n  - HTTP Status Code: 400 Bad Request\n- InvalidLocationConstraint\n  - HTTP Status Code: 400 Bad Request\n- InvalidObjectState\n  - Description: The operation is not valid for the current state of the object.\n  - HTTP Status Code: 403 Forbidden\n- InvalidPart\n  - Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPartOrder\n  - Description: The list of parts was not in ascending order. Parts list must be specified in order by part number.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPolicyDocument\n  - Description: The content of the form does not meet the conditions specified in the policy document.\n  - HTTP Status Code: 400 Bad Request\n- InvalidRange\n  - Description: The requested range cannot be satisfied.\n  - HTTP Status Code: 416 Requested Range Not Satisfiable\n- InvalidRequest\n  - Description: Please use `AWS4-HMAC-SHA256`.\n  - HTTP Status Code: 400 Bad Request\n- InvalidSecurity\n  - Description: The provided security credentials are not valid.\n  - HTTP Status Code: 403 Forbidden\n- InvalidTargetBucketForLogging\n  - Description: The target bucket for logging does not exist, is not owned by you, or does not have the appropriate grants for the log-delivery group.\n  - Status Code: 400 Bad Request\n- InvalidURI\n  - Description: Couldn't parse the specified URI.\n  - HTTP Status Code: 400 Bad Request\n- KeyTooLong\n  - Description: Your key is too long.\n  - HTTP Status Code: 400 Bad Request\n- MalformedACLError\n  - Description: The XML you provided was not well-formed or did not validate against our published schema.\n  - HTTP Status Code: 400 Bad Request\n- MalformedPOSTRequest\n  - Description: The body of your POST request is not well-formed multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- MalformedXML\n  - Description: This happens when the user sends malformed XML (XML that doesn't conform to the published XSD) for the configuration. The error message is, \"The XML you provided was not well-formed or did not validate against our published schema.\"\n  - HTTP Status Code: 400 Bad Request\n- MaxMessageLengthExceeded\n  - Description: Your request was too big.\n  - HTTP Status Code: 400 Bad Request\n- MaxPostPreDataLengthExceededError\n  - Description: Your POST request fields preceding the upload file were too large.\n  - HTTP Status Code: 400 Bad Request\n- MetadataTooLarge\n  - Description: Your metadata headers exceed the maximum allowed metadata size.\n  - HTTP Status Code: 400 Bad Request\n- MethodNotAllowed\n  - Description: The specified method is not allowed against this resource.\n  - HTTP Status Code: 405 Method Not Allowed\n- MissingContentLength\n  - Description: You must provide the Content-Length HTTP header.\n  - HTTP Status Code: 411 Length Required\n- MissingSecurityHeader\n  - Description: Your request is missing a required header.\n  - HTTP Status Code: 400 Bad Request\n- NoSuchBucket\n  - Description: The specified bucket does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchBucketPolicy\n  - Description: The specified bucket does not have a bucket policy.\n  - HTTP Status Code: 404 Not Found\n- NoSuchKey\n  - Description: The specified key does not exist.\n  - HTTP Status Code:404 Not Found\n- NoSuchLifecycleConfiguration\n  - Description: The lifecycle configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchReplicationConfiguration\n  - Description: The replication configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchUpload\n  - Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.\n  - HTTP Status Code: 404 Not Found\n- NoSuchVersion\n  - Description: Indicates that the version ID specified in the request does not match an existing version.\n  - HTTP Status Code: 404 Not Found\n- NotImplemented\n  - Description: A header you provided implies functionality that is not implemented.\n  - HTTP Status Code: 501 Not Implemented\n- PermanentRedirect\n  - Description: The bucket you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.\n  - HTTP Status Code: 301 Moved Permanently\n- PreconditionFailed\n  - Description: At least one of the preconditions you specified did not hold.\n  - HTTP Status Code: 412 Precondition Failed\n- Redirect\n  - Description: Temporary redirect.\n  - HTTP Status Code: 307 Moved Temporarily\n- RestoreAlreadyInProgress\n  - Description: Object restore is already in progress.\n  - HTTP Status Code: 409 Conflict\n- RequestIsNotMultiPartContent\n  - Description: Bucket POST must be of the enclosure-type multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeout\n  - Description: Your socket connection to the server was not read from or written to within the timeout period.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeTooSkewed\n  - Description: The difference between the request time and the server's time is too large.\n  - HTTP Status Code: 403 Forbidden\n- SignatureDoesNotMatch\n  - HTTP Status Code: 403 Forbidden\n- ServiceUnavailable\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Service Unavailable\n- SlowDown\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Slow Down\n- TemporaryRedirect\n  - Description: You are being redirected to the bucket while DNS updates.\n  - HTTP Status Code: 307 Moved Temporarily\n- TooManyBuckets\n  - Description: You have attempted to create more buckets than allowed.\n  - HTTP Status Code: 400 Bad Request\n- UnexpectedContent\n  - Description: This request does not support content.\n  - HTTP Status Code: 400 Bad Request\n- UnresolvableGrantByEmailAddress\n  - Description: The email address you provided does not match any account on record.\n  - HTTP Status Code: 400 Bad Request\n- UserKeyMustBeSpecified\n  - Description: The bucket POST must contain the specified field name. If it is specified, check the order of the fields.\n  - HTTP Status Code: 400 Bad Request\n"},"Message":{"type":"string","description":"Gives a brief English description of the issue."},"RequestId":{"type":"string"},"HostId":{"type":"string"}}}},"xml":{"name":"Error"}},"BucketName":{"description":"The bucket name.","type":"string","minLength":3,"maxLength":63,"xml":{"name":"Name"}}}},"paths":{"/{Bucket}/{Key}?legal-hold":{"get":{"tags":["Object Lock"],"summary":"GetObjectLegalHold","operationId":"GetObjectLegalHold","description":"Gets an object's current Legal Hold status.\n\n#### Permissions\nYou must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\nto perform the `s3:GetObjectLegalHold` operation using [Bucket Policy](#tag/Policy/operation/PutBucketPolicy).\n","responses":{"200":{"description":"Successful operation","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/ObjectLegalHoldConfiguration"}}}},"400":{"description":"InvalidRequest","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"403":{"description":"AccessDenied","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"NoSuchBucket, NoSuchKey or NoSuchObjectLockConfiguration","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}}},"parameters":[{"name":"Bucket","in":"path","required":true,"schema":{"$ref":"#/components/schemas/BucketName"}},{"name":"Key","in":"path","required":true,"description":"The key name of the object whose Legal Hold status you want to retrieve.","schema":{"type":"string","minLength":1}},{"name":"legal-hold","in":"query","required":true,"schema":{"type":"boolean","enum":[true]},"allowEmptyValue":true},{"name":"versionId","in":"query","required":false,"description":"The version ID of the object whose Legal Hold status you want to retrieve.","schema":{"type":"string"}}]}}}}
```

## PutObjectLegalHold

> Applies a Legal Hold configuration to the specified object.\
> \
> \#### Permissions\
> You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\
> to perform the \`s3:PutObjectLegalHold\` operation using \[Bucket Policy]\(#tag/Policy/operation/PutBucketPolicy).<br>

```json
{"openapi":"3.0.3","info":{"title":"IONOS Object Storage API for user-owned buckets","version":"2.0.15"},"tags":[{"name":"Object Lock","description":"Object Lock Configuration"}],"servers":[{"url":"https://s3.eu-central-1.ionoscloud.com","description":"URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.de-central.profitbricks.com","description":"Legacy URL for `de` (Frankfurt, Germany)"},{"url":"https://s3.eu-central-2.ionoscloud.com","description":"URL for `eu-central-2` (Berlin, Germany)"},{"url":"https://s3.eu-south-2.ionoscloud.com","description":"URL for `eu-south-2` (Logroño, Spain)"}],"security":[{"hmac":[]}],"components":{"securitySchemes":{"hmac":{"type":"apiKey","name":"Authorization","in":"header","description":"IONOS Object Storage API requests are authenticated using the AWS signature. \nThe IONOS Object Storage API authenticates users using a customized HTTP scheme based on a [keyed-HMAC](https://en.wikipedia.org/wiki/HMAC) (Hash Message Authentication Code).\nThe process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.\n\n<img src=\"/docs/s3/hmac-postman.png\" width=\"800px\" />\n\nIn the **Authorization** tab for a request, select **AWS Signature** from the **Type** dropdown list.\nSpecify where Postman should append your authorization data using the **Add authorization data to** drop-down menu.\n\n* If you select **Request Headers**, Postman populates the **Headers** tab with Authorization and `X-Amz-` prefixed fields.\n\n* If you select **Request URL**, Postman populates the **Params** tab with authentication details prefixed with `X-Amz-`.\n\n\n**Note:** The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.\n\n* For **Access Key**, enter your `access key` directly in the fields or through variables for added security.\n\n* For **Secret Key**, enter your `secret key` directly in the fields or through variables for added security.\n\nAdvanced fields are optional, but Postman will attempt to generate them automatically if necessary.\n* For **AWS Region**, enter one of the [regions](#section/Endpoints) (`eu-central-3`) where your bucket is hosted.\n\n* For **Service Name**, enter `s3`. The name of the service that receives the requests.\n\n* For **Session Token**, **leave the field blank**. This is only required when temporary security credentials are used.\n"}},"schemas":{"Error":{"type":"object","description":"Container for all error elements.","properties":{"Error":{"type":"object","properties":{"Code":{"type":"string","enum":["AccessDenied","AccountProblem","AmbiguousGrantByEmailAddress","BadDigest","BucketAlreadyExists","BucketAlreadyOwnedByYou","BucketNotEmpty","CrossLocationLoggingProhibited","EntityTooSmall","EntityTooLarge","IllegalVersioningConfigurationException","IncorrectNumberOfFilesInPostRequest","InternalError","InvalidAccessKeyId","InvalidArgument","InvalidBucketName","InvalidBucketState","InvalidDigest","InvalidEncryptionAlgorithmError","InvalidLocationConstraint","InvalidObjectState","InvalidPart","InvalidPartOrder","InvalidPolicyDocument","InvalidRange","InvalidRequest","InvalidSecurity","InvalidTargetBucketForLogging","InvalidURI","KeyTooLong","MalformedACLError","MalformedPOSTRequest","MalformedXML","MaxMessageLengthExceeded","MaxPostPreDataLengthExceededError","MetadataTooLarge","MethodNotAllowed","MissingContentLength","MissingSecurityHeader","NoSuchBucket","NoSuchBucketPolicy","NoSuchKey","NoSuchLifecycleConfiguration","NoSuchReplicationConfiguration","NoSuchUpload","NoSuchVersion","NotImplemented","PermanentRedirect","PreconditionFailed","Redirect","RestoreAlreadyInProgress","RequestIsNotMultiPartContent","RequestTimeout","RequestTimeTooSkewed","SignatureDoesNotMatch","ServiceUnavailable","SlowDown","TemporaryRedirect","TooManyBuckets","UnexpectedContent","UnresolvableGrantByEmailAddress","UserKeyMustBeSpecified"],"description":"The error code is a string that uniquely identifies an error\ncondition. It is meant to be read and understood by programs\nthat detect and handle errors by type.\n\n## IONOS Object Storage error codes\n- AccessDenied\n  - Description: Access Denied\n  - HTTPStatus Code: 403 Forbidden\n- AccountProblem\n  - Description: There is a problem with your IONOS Object Storage account that prevents the operation from completing successfully. Contact IONOS for further assistance.\n  - HTTP Status Code: 403 Forbidden\n- AmbiguousGrantByEmailAddress\n  - Description: The email address you provided is associated with more than one account.\n  - HTTP Status Code: 400 Bad Request\n- BadDigest\n  - Description: The Content-MD5 you specified did not match what we received.\n  - HTTP Status Code: 400 Bad Request\n- BucketAlreadyExists\n  - Description: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.\n  - HTTP Status Code: 409 Conflict\n- BucketAlreadyOwnedByYou\n  - Description: The bucket you tried to create already exists, and you own it.\n  - HTTP Code: 409 Conflict\n- BucketNotEmpty\n  - Description: The bucket you tried to delete is not empty.\n  - HTTP Status Code: 409 Conflict\n- CrossLocationLoggingProhibited\n  - Description: Cross-location logging not allowed. Buckets in one geographic location cannot log information to a bucket in another location.\n  - HTTP Status Code: 403 Forbidden\n- EntityTooSmall\n  - Description: Your proposed upload is smaller than the minimum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- EntityTooLarge\n  - Description: Your proposed upload exceeds the maximum allowed object size.\n  - HTTP Status Code: 400 Bad Request\n- IllegalVersioningConfigurationException\n  - Description: Indicates that the versioning configuration specified in the request is invalid.\n  - HTTP Status Code: 400 Bad Request\n- IncorrectNumberOfFilesInPostRequest\n  - Description: POST requires exactly one file upload per request.\n  - HTTP Status Code: 400 Bad Request\n- InternalError\n  - Description: We encountered an internal error. Please try again.\n  - HTTP Status Code: 500 Internal Server Error \n- InvalidAccessKeyId\n  - Description: The IONOS Object Storage access key ID you provided does not exist in our records.\n  - HTTP Status Code: 403 Forbidden\n- InvalidArgument\n  - Description: Invalid Argument\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketName\n  - Description: The specified bucket is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidBucketState\n  - Description: The request is not valid with the current state of the bucket.\n  - HTTP Status Code: 409 Conflict\n- InvalidDigest\n  - Description: The Content-MD5 you specified is not valid.\n  - HTTP Status Code: 400 Bad Request\n- InvalidEncryptionAlgorithmError\n  - Description: The encryption request you specified is not valid. The valid value is AES256.\n  - HTTP Status Code: 400 Bad Request\n- InvalidLocationConstraint\n  - HTTP Status Code: 400 Bad Request\n- InvalidObjectState\n  - Description: The operation is not valid for the current state of the object.\n  - HTTP Status Code: 403 Forbidden\n- InvalidPart\n  - Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPartOrder\n  - Description: The list of parts was not in ascending order. Parts list must be specified in order by part number.\n  - HTTP Status Code: 400 Bad Request\n- InvalidPolicyDocument\n  - Description: The content of the form does not meet the conditions specified in the policy document.\n  - HTTP Status Code: 400 Bad Request\n- InvalidRange\n  - Description: The requested range cannot be satisfied.\n  - HTTP Status Code: 416 Requested Range Not Satisfiable\n- InvalidRequest\n  - Description: Please use `AWS4-HMAC-SHA256`.\n  - HTTP Status Code: 400 Bad Request\n- InvalidSecurity\n  - Description: The provided security credentials are not valid.\n  - HTTP Status Code: 403 Forbidden\n- InvalidTargetBucketForLogging\n  - Description: The target bucket for logging does not exist, is not owned by you, or does not have the appropriate grants for the log-delivery group.\n  - Status Code: 400 Bad Request\n- InvalidURI\n  - Description: Couldn't parse the specified URI.\n  - HTTP Status Code: 400 Bad Request\n- KeyTooLong\n  - Description: Your key is too long.\n  - HTTP Status Code: 400 Bad Request\n- MalformedACLError\n  - Description: The XML you provided was not well-formed or did not validate against our published schema.\n  - HTTP Status Code: 400 Bad Request\n- MalformedPOSTRequest\n  - Description: The body of your POST request is not well-formed multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- MalformedXML\n  - Description: This happens when the user sends malformed XML (XML that doesn't conform to the published XSD) for the configuration. The error message is, \"The XML you provided was not well-formed or did not validate against our published schema.\"\n  - HTTP Status Code: 400 Bad Request\n- MaxMessageLengthExceeded\n  - Description: Your request was too big.\n  - HTTP Status Code: 400 Bad Request\n- MaxPostPreDataLengthExceededError\n  - Description: Your POST request fields preceding the upload file were too large.\n  - HTTP Status Code: 400 Bad Request\n- MetadataTooLarge\n  - Description: Your metadata headers exceed the maximum allowed metadata size.\n  - HTTP Status Code: 400 Bad Request\n- MethodNotAllowed\n  - Description: The specified method is not allowed against this resource.\n  - HTTP Status Code: 405 Method Not Allowed\n- MissingContentLength\n  - Description: You must provide the Content-Length HTTP header.\n  - HTTP Status Code: 411 Length Required\n- MissingSecurityHeader\n  - Description: Your request is missing a required header.\n  - HTTP Status Code: 400 Bad Request\n- NoSuchBucket\n  - Description: The specified bucket does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchBucketPolicy\n  - Description: The specified bucket does not have a bucket policy.\n  - HTTP Status Code: 404 Not Found\n- NoSuchKey\n  - Description: The specified key does not exist.\n  - HTTP Status Code:404 Not Found\n- NoSuchLifecycleConfiguration\n  - Description: The lifecycle configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchReplicationConfiguration\n  - Description: The replication configuration does not exist.\n  - HTTP Status Code: 404 Not Found\n- NoSuchUpload\n  - Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.\n  - HTTP Status Code: 404 Not Found\n- NoSuchVersion\n  - Description: Indicates that the version ID specified in the request does not match an existing version.\n  - HTTP Status Code: 404 Not Found\n- NotImplemented\n  - Description: A header you provided implies functionality that is not implemented.\n  - HTTP Status Code: 501 Not Implemented\n- PermanentRedirect\n  - Description: The bucket you are attempting to access must be addressed using the specified endpoint. Send all future requests to this endpoint.\n  - HTTP Status Code: 301 Moved Permanently\n- PreconditionFailed\n  - Description: At least one of the preconditions you specified did not hold.\n  - HTTP Status Code: 412 Precondition Failed\n- Redirect\n  - Description: Temporary redirect.\n  - HTTP Status Code: 307 Moved Temporarily\n- RestoreAlreadyInProgress\n  - Description: Object restore is already in progress.\n  - HTTP Status Code: 409 Conflict\n- RequestIsNotMultiPartContent\n  - Description: Bucket POST must be of the enclosure-type multipart/form-data.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeout\n  - Description: Your socket connection to the server was not read from or written to within the timeout period.\n  - HTTP Status Code: 400 Bad Request\n- RequestTimeTooSkewed\n  - Description: The difference between the request time and the server's time is too large.\n  - HTTP Status Code: 403 Forbidden\n- SignatureDoesNotMatch\n  - HTTP Status Code: 403 Forbidden\n- ServiceUnavailable\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Service Unavailable\n- SlowDown\n  - Description: Reduce your request rate.\n  - HTTP Status Code: 503 Slow Down\n- TemporaryRedirect\n  - Description: You are being redirected to the bucket while DNS updates.\n  - HTTP Status Code: 307 Moved Temporarily\n- TooManyBuckets\n  - Description: You have attempted to create more buckets than allowed.\n  - HTTP Status Code: 400 Bad Request\n- UnexpectedContent\n  - Description: This request does not support content.\n  - HTTP Status Code: 400 Bad Request\n- UnresolvableGrantByEmailAddress\n  - Description: The email address you provided does not match any account on record.\n  - HTTP Status Code: 400 Bad Request\n- UserKeyMustBeSpecified\n  - Description: The bucket POST must contain the specified field name. If it is specified, check the order of the fields.\n  - HTTP Status Code: 400 Bad Request\n"},"Message":{"type":"string","description":"Gives a brief English description of the issue."},"RequestId":{"type":"string"},"HostId":{"type":"string"}}}},"xml":{"name":"Error"}},"BucketName":{"description":"The bucket name.","type":"string","minLength":3,"maxLength":63,"xml":{"name":"Name"}},"Content-MD5":{"type":"string","description":"The base64 encoded MD5 digest of the message (without the headers) according to\n[RFC 1864](http://www.ietf.org/rfc/rfc1864.txt).\n"},"ObjectLegalHoldConfiguration":{"description":"A Legal Hold configuration for an object.","type":"object","properties":{"Status":{"description":"Object Legal Hold status","type":"string","enum":["ON","OFF"]}},"xml":{"name":"LegalHold","namespace":"http://s3.amazonaws.com/doc/2006-03-01/"}}}},"paths":{"/{Bucket}/{Key}?legal-hold":{"put":{"tags":["Object Lock"],"summary":"PutObjectLegalHold","operationId":"PutObjectLegalHold","description":"Applies a Legal Hold configuration to the specified object.\n\n#### Permissions\nYou must be the contract owner or an administrator to perform this operation. If not, they can grant you permission\nto perform the `s3:PutObjectLegalHold` operation using [Bucket Policy](#tag/Policy/operation/PutBucketPolicy).\n","responses":{"200":{"description":"Successful operation","headers":{},"content":{"application/xml":{}}},"400":{"description":"InvalidRequest or MalformedXML","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"403":{"description":"AccessDenied","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}},"404":{"description":"NoSuchBucket or NoSuchKey","headers":{},"content":{"application/xml":{"schema":{"$ref":"#/components/schemas/Error"}}}}},"parameters":[{"name":"Bucket","in":"path","required":true,"schema":{"$ref":"#/components/schemas/BucketName"}},{"name":"Key","in":"path","required":true,"description":"The key name of the object on which you want to place a Legal Hold.","schema":{"type":"string","minLength":1}},{"name":"legal-hold","in":"query","required":true,"schema":{"type":"boolean","enum":[true]},"allowEmptyValue":true},{"name":"versionId","in":"query","required":false,"description":"The version ID of the object on which you want to place a Legal Hold.","schema":{"type":"string"}},{"name":"Content-MD5","in":"header","required":false,"schema":{"$ref":"#/components/schemas/Content-MD5"}}],"requestBody":{"required":true,"content":{"application/xml":{"schema":{"type":"object","properties":{"LegalHold":{"description":"Legal Hold configuration for an object.","type":"object","properties":{"Status":{"$ref":"#/components/schemas/ObjectLegalHoldConfiguration"}}}}}}}}}}}}
```