Delivery

last updated: March 23, 2023

The Subscriptions API supports delivery to Amazon S3, Microsoft Azure Blob Storage, Google Cloud Storage, or Oracle Cloud Storage. Activation and processing for direct download is not currently supported.

For any cloud storage delivery option, you will need to create an cloud storage account with both write and delete access.

When creating a subscription or order with bucket delivery, Planet will check the bucket permissions linked to your token by first attempting to deliver a file named planetverify.txt and then immediately deleting it. If Planet has the adequate permissions, you should not expect to see this file. If you do see this file in your buckets, we recommend that you review your permissions to ensure that Planet has both write and delete access.

Cloud Credential Security

When creating a subscription, a user must input their credentials for successful cloud delivery of Planet data. This poses a potential security risk. For secure handling of cloud service credentials in the request, please ensure that access is limited to the desired delivery path with no read/write access for any other storage locations or cloud services.

Delivery Schema

The schema for Subscriptions API delivery below. Note that this schema varies slightly from the delivery schema of the Orders API. 

"delivery": {
    "type": "cloud-storage-provider",
    "parameters": {
        "parameter1-name": "p1-value",
        "parameter2-name": "p2-value"
    }
}

Supported Delivery Options

Delivery to Amazon S3

For Amazon S3 delivery you will need an AWS account with GetObject, PutObject, and DeleteObject permissions.

Parameters

  • aws_access_key_id (required): AWS credentials.
  • aws_secret_access_key (required): AWS credentials.
  • bucket (required): The name of the bucket that will receive the order output.
  • aws_region (required): The region where the bucket lives in AWS.

Example Request

"delivery": {
    "type": "amazon_s3",
    "parameters": {
        "bucket": "foo-bucket",
        "aws_region": "us-east-2",
        "aws_access_key_id": "",
        "aws_secret_access_key": ""
    }
}

Delivery to Microsoft Azure

For Microsoft Azure delivery you will need an Azure account with read, write, delete, and list permissions.

Parameters

  • account (required): Azure account name.
  • container (required): The name of the container which will receive the order output.
  • sas_token (required): Azure Shared Access Signature token. Token should be specified without a leading '?'. (I.e. "sv=2017-04-17u0026si=writersr=cu0026sig=LGqc" rather than "?sv=2017-04-17u0026si=writersr=cu0026sig=LGqc")
  • storage_endpoint_suffix (optional): To deliver your order to a sovereign cloud a storage_endpoint_suffix should be set appropriately for your cloud. The default is "core.windows.net".

Example Request

"delivery": {
    "type": "azure_blob_storage",
    "parameters": {
        "account": "accountname",
        "container": "containername",
        "sas_token": "sv=2017-04-17u0026si=writersr=cu0026sig=LGqc",
        "storage_endpoint_suffix": "core.windows.net"
    }
}

Delivery to Google Cloud Storage

For Google Cloud Storage delivery you will need an GCS account with write and delete permissions.

Preparing Your Google Cloud Storage Credentials

The Google Cloud Storage delivery option requires in a single-line base64 version of your service account credentials for use by the credentials parameter.

To download your service account credentials in JSON format (not P12) and encode them as a base64 string, you can use a command line operation such as: 

cat my_creds.json | base64 | tr -d '\n'

Parameters

  • credentials (required): GCS credentials.
  • bucket (required): The name of the GCS bucket which will receive the order output.

Example Request

"delivery": {
    "type": "google_cloud_storage",
    "parameters": {
        "bucket": "your-gcs-bucket",
        "credentials": "c29tZWNyZWRzZm9yeW91cmdjc2J1Y2..."
    }
}

Delivery to Oracle Cloud Storage

For Oracle Cloud Storage delivery you need an Oracle account with read, write, and delete permissions. For authentication you need a Customer Secret Key which consists of an Access Key/Secret Key pair.

Parameters

  • customer_access_key_id (required): Customer Secret Key credentials.
  • customer_secret_key (required): Customer Secret Key credentials.
  • bucket (required): The name of the bucket that will receive the order output.
  • region (required): The region where the bucket lives in Oracle.
  • namespace (required): Object Storage namespace name.

Example Request

"delivery": {
    "type": "oracle_cloud_storage",
    "parameters": {
        "bucket": "foo-bucket",
        "namespace": "ORACLE_NAMESPACE",
        "region": "us-sanjose-1",
        "customer_access_key_id": "YOUR_ACCESS_ID",
        "customer_secret_key": "YOUR_SECRET_KEY",
    }
}

Delivery Layout

When data is delivered to your cloud storage solution for your Subscription, we will deliver your files in accordance with the following layout scheme: <subscription_id>/<item_id>/...

For example, if we're delivering the file 20170716_144316_1041_3B_AnalyticMS.tif for item 20170716_144316_1041 as output for subscription 0ee41665-ab3b-4faa-98d1-25738cdd579c, the file will be delivered to the path: 0ee41665-ab3b-4faa-98d1-25738cdd579c/20170716_144316_1041/20170716_144316_1041_3B_AnalyticMS.tif.

Rate this guide: