OVH Object Storage

This guide explains how to configure OVH Object Storage credentials for use with the Data Factory HTTP task. OVH Object Storage is S3-compatible, so it uses AWS Signature V4 authentication.

Overview

OVH Object Storage is a cloud storage service that provides an S3-compatible API. This means you can use the same AWS Signature V4 authentication method as Amazon S3, but with OVH-specific endpoints and credentials.

Supported Operations

• List objects in a container/bucket
• Upload files (PUT object)
• Download files (GET object)
• Delete files (DELETE object)
• Head object - Get object metadata

Prerequisites

• An OVH account
• Access to the OVH Control Panel
• A Public Cloud project created
• Product-Live account with access to the Data Factory platform

Step 1: Create an Object Storage Container

1. Sign in to the OVH Control Panel
2. Navigate to Public Cloud → Select your project
3. Go to Object Storage → My containers
4. Click Create an Object Storage container
5. Select a region (e.g., gra for Gravelines, sbg for Strasbourg)
6. Choose the container type:
   • Standard - For general purpose storage
   • High Performance - For high throughput workloads
7. Enter a Container name (e.g., product-live-data-factory)
8. Click Create the container

Container Names

Container names must be unique within your OVH account and follow DNS naming conventions (lowercase, no special characters except hyphens).

Step 2: Create S3 API Credentials

1. In the OVH Control Panel, navigate to Public Cloud → Your project
2. Go to Object Storage → S3 users
3. Click + Add user
4. Enter a Description (e.g., Product-Live Data Factory)
5. Select a role:
   • ObjectStore operator - Read/write access to objects
   • Administrator - Full access including bucket management
6. Click Create

The system will immediately display:

• Access Key ID (e.g., abc123def456...)
• Secret Access Key (e.g., xyz789...)

Important

Save these credentials immediately! The Secret Access Key will only be shown once. You can click the ... button next to a user to view the secret key again, download the Rclone configuration, or delete the user.

Step 3: Note Your Endpoint

OVH Object Storage uses region-specific endpoints. The endpoint URL is displayed when you create your container or in the container details.

New Region Format (AWS-style)

Region Code	Location	Endpoint
eu-west-par	Paris, France	s3.eu-west-par.io.cloud.ovh.net
eu-west-rbx	Roubaix, France	s3.eu-west-rbx.io.cloud.ovh.net
eu-west-gra	Gravelines, France	s3.eu-west-gra.io.cloud.ovh.net
eu-west-sbg	Strasbourg, France	s3.eu-west-sbg.io.cloud.ovh.net
eu-central-de	Frankfurt, Germany	s3.eu-central-de.io.cloud.ovh.net
eu-central-waw	Warsaw, Poland	s3.eu-central-waw.io.cloud.ovh.net
ca-east-bhs	Beauharnois, Canada	s3.ca-east-bhs.io.cloud.ovh.net
ap-southeast-sgp	Singapore	s3.ap-southeast-sgp.io.cloud.ovh.net
ap-south-mum	Mumbai, India	s3.ap-south-mum.io.cloud.ovh.net

Legacy Region Format

Some older containers may still use the legacy format:

Region	Standard Endpoint	High Performance Endpoint
gra	s3.gra.io.cloud.ovh.net	s3.gra.perf.cloud.ovh.net
sbg	s3.sbg.io.cloud.ovh.net	s3.sbg.perf.cloud.ovh.net
bhs	s3.bhs.io.cloud.ovh.net	s3.bhs.perf.cloud.ovh.net
de	s3.de.io.cloud.ovh.net	s3.de.perf.cloud.ovh.net
uk	s3.uk.io.cloud.ovh.net	s3.uk.perf.cloud.ovh.net
waw	s3.waw.io.cloud.ovh.net	s3.waw.perf.cloud.ovh.net

Finding Your Endpoint

The exact endpoint URL is displayed in the OVH Control Panel when viewing your container details. Use the region code shown in your endpoint URL for the region parameter in the authentication configuration.

Step 4: Configure Data Factory Variables

Create the following variables in your Data Factory project:

Variable Name	Description	Example
ovh_access_key_id	OVH S3 Access Key ID	abc123def456ghi789
ovh_secret_access_key	OVH S3 Secret Access Key	xyz789abc123...
ovh_region	OVH Region code	gra
ovh_s3_endpoint	S3 endpoint (without bucket)	s3.gra.io.cloud.ovh.net
ovh_bucket_name	Container/Bucket name	my-bucket

Security Best Practice

Mark the ovh_secret_access_key variable as a secret in Data Factory to prevent it from being displayed in logs.

Step 5: Use in HTTP Task

Example configuration for listing objects in an OVH Object Storage container:

{
    "name": "protocol-http-perform",
    "taskReferenceName": "list-ovh-objects",
    "type": "SUB_WORKFLOW",
    "inputParameters": {
        "scheme": "HTTPS",
        "method": "GET",
        "domain": "${workflow.variables.ovh_bucket_name}.${workflow.variables.ovh_s3_endpoint}",
        "path": "/",
        "queryParameters": {
            "list-type": "2",
            "max-keys": "100"
        },
        "authentication": {
            "useAuthentication": true,
            "type": "AWS_SIGNATURE_V4",
            "accessKeyId": "${workflow.variables.ovh_access_key_id}",
            "secretAccessKey": "${workflow.variables.ovh_secret_access_key}",
            "region": "${workflow.variables.ovh_region}",
            "service": "s3"
        },
        "responses": ["STRING", "JSON"],
        "connectionTimeOutMilliseconds": 10000
    }
}

Common OVH Object Storage Operations

Upload a File

{
    "scheme": "HTTPS",
    "method": "PUT",
    "domain": "${workflow.variables.ovh_bucket_name}.${workflow.variables.ovh_s3_endpoint}",
    "path": "/my-folder/my-file.txt",
    "headers": {
        "Content-Type": "text/plain"
    },
    "body": {
        "type": "PLAIN",
        "contentType": "text/plain",
        "text": "Hello from Product-Live Data Factory!"
    },
    "authentication": {
        "useAuthentication": true,
        "type": "AWS_SIGNATURE_V4",
        "accessKeyId": "${workflow.variables.ovh_access_key_id}",
        "secretAccessKey": "${workflow.variables.ovh_secret_access_key}",
        "region": "${workflow.variables.ovh_region}",
        "service": "s3"
    }
}

Upload a Binary File

{
    "scheme": "HTTPS",
    "method": "PUT",
    "domain": "${workflow.variables.ovh_bucket_name}.${workflow.variables.ovh_s3_endpoint}",
    "path": "/my-folder/image.png",
    "headers": {
        "Content-Type": "image/png"
    },
    "body": {
        "type": "BINARY_FILE",
        "file": {
            "url": "${previous_task.output.file.url}"
        }
    },
    "authentication": {
        "useAuthentication": true,
        "type": "AWS_SIGNATURE_V4",
        "accessKeyId": "${workflow.variables.ovh_access_key_id}",
        "secretAccessKey": "${workflow.variables.ovh_secret_access_key}",
        "region": "${workflow.variables.ovh_region}",
        "service": "s3"
    },
    "responses": ["STRING"]
}

Download a File

{
    "scheme": "HTTPS",
    "method": "GET",
    "domain": "${workflow.variables.ovh_bucket_name}.${workflow.variables.ovh_s3_endpoint}",
    "path": "/my-folder/my-file.txt",
    "authentication": {
        "useAuthentication": true,
        "type": "AWS_SIGNATURE_V4",
        "accessKeyId": "${workflow.variables.ovh_access_key_id}",
        "secretAccessKey": "${workflow.variables.ovh_secret_access_key}",
        "region": "${workflow.variables.ovh_region}",
        "service": "s3"
    },
    "responses": ["FILE"]
}

Delete a File

{
    "scheme": "HTTPS",
    "method": "DELETE",
    "domain": "${workflow.variables.ovh_bucket_name}.${workflow.variables.ovh_s3_endpoint}",
    "path": "/my-folder/my-file.txt",
    "authentication": {
        "useAuthentication": true,
        "type": "AWS_SIGNATURE_V4",
        "accessKeyId": "${workflow.variables.ovh_access_key_id}",
        "secretAccessKey": "${workflow.variables.ovh_secret_access_key}",
        "region": "${workflow.variables.ovh_region}",
        "service": "s3"
    }
}

Get Object Metadata (HEAD)

{
    "scheme": "HTTPS",
    "method": "HEAD",
    "domain": "${workflow.variables.ovh_bucket_name}.${workflow.variables.ovh_s3_endpoint}",
    "path": "/my-folder/my-file.txt",
    "authentication": {
        "useAuthentication": true,
        "type": "AWS_SIGNATURE_V4",
        "accessKeyId": "${workflow.variables.ovh_access_key_id}",
        "secretAccessKey": "${workflow.variables.ovh_secret_access_key}",
        "region": "${workflow.variables.ovh_region}",
        "service": "s3"
    },
    "responses": ["HEADERS"]
}

OVH Regions Reference

New Format (AWS-style)

Region Code	Location
eu-west-par	Paris, France
eu-west-rbx	Roubaix, France
eu-west-gra	Gravelines, France
eu-west-sbg	Strasbourg, France
eu-central-de	Frankfurt, Germany
eu-central-waw	Warsaw, Poland
ca-east-bhs	Beauharnois, Canada
ap-southeast-sgp	Singapore
ap-south-mum	Mumbai, India

Legacy Format

Region Code	Location
gra	Gravelines, France
sbg	Strasbourg, France
bhs	Beauharnois, Canada
de	Frankfurt, Germany
uk	London, United Kingdom
waw	Warsaw, Poland

Troubleshooting

Error: "The request signature we calculated does not match the signature you provided"

• Verify that the Access Key ID and Secret Access Key are correct
• Ensure the region matches the bucket's actual region
• Check that the endpoint format is correct (e.g., s3.gra.io.cloud.ovh.net)
• Verify the service name is s3

Error: "Access Denied"

• Verify the user has the required permissions for the container
• Check the container's access policy
• Ensure the bucket name is correct

Error: "NoSuchBucket"

• Verify the container/bucket name is spelled correctly
• Ensure you're using the correct region endpoint for the container
• Check that the container exists in the OVH Control Panel

Error: "RequestTimeTooSkewed"

• The system time difference between your server and OVH is too large
• Ensure your server's clock is synchronized with NTP

Comparison with AWS S3

Feature	AWS S3	OVH Object Storage
Authentication	AWS Signature V4	AWS Signature V4
Endpoint Format	{bucket}.s3.{region}.amazonaws.com	{bucket}.s3.{region}.io.cloud.ovh.net
Region Format	eu-west-1, us-east-1	gra, sbg, bhs
Service Name	s3	s3
API Compatibility	Native	S3-compatible

Security Best Practices

1. Use dedicated credentials - Create a specific user for Data Factory
2. Limit permissions - Only grant access to required containers
3. Rotate credentials regularly - Generate new S3 credentials periodically
4. Never commit credentials - Use Data Factory variables/secrets
5. Use HTTPS only - All requests should use the HTTPS scheme
6. Monitor access - Check OVH logs for unusual activity

Related Documentation

• HTTP Task Reference
• Cloud Storage Integrations Overview
• AWS S3 - Similar S3 configuration
• Azure Blob Storage
• GCP Cloud Storage
• Scaleway Object Storage
• Data Factory Variables
• OVH Object Storage Documentation
• OVH S3 API Documentation