The Subscriptions API supports delivery to Amazon S3, Microsoft Azure Blob Storage, Google Cloud Storage, or Oracle Cloud Storage. Activation and processing for direct download is not currently supported.
For any cloud storage delivery option, you will need to create an cloud storage account with both write
and delete
access.
When creating a subscription or order with bucket delivery, Planet will check the bucket permissions linked to your token by first attempting to deliver a file named planetverify.txt and then immediately deleting it. If Planet has the adequate permissions, you should not expect to see this file. If you do see this file in your buckets, we recommend that you review your permissions to ensure that Planet has both write and delete access.
Cloud Credential Security
When creating a subscription, a user must input their credentials for successful cloud delivery of Planet data. This poses a potential security risk. For secure handling of cloud service credentials in the request, please ensure that access is limited to the desired delivery path with no read/write access for any other storage locations or cloud services.
Delivery Schema¶
The schema for Subscriptions API delivery
below. Note that this schema varies slightly from the delivery
schema of the Orders API.
"delivery": {
"type": "cloud-storage-provider",
"parameters": {
"parameter1-name": "p1-value",
"parameter2-name": "p2-value"
}
}
Supported Delivery Options¶
Delivery to Amazon S3¶
For Amazon S3 delivery you will need an AWS account with GetObject
, PutObject
, and DeleteObject
permissions.
Parameters
- aws_access_key_id (required): AWS credentials.
- aws_secret_access_key (required): AWS credentials.
- bucket (required): The name of the bucket that will receive the order output.
- aws_region (required): The region where the bucket lives in AWS.
Example Request
"delivery": {
"type": "amazon_s3",
"parameters": {
"bucket": "foo-bucket",
"aws_region": "us-east-2",
"aws_access_key_id": "",
"aws_secret_access_key": ""
}
}
Delivery to Microsoft Azure¶
For Microsoft Azure delivery you will need an Azure account with read
, write
, delete
, and list
permissions.
Parameters
- account (required): Azure account name.
- container (required): The name of the container which will receive the order output.
- sas_token (required): Azure Shared Access Signature token. Token should be specified without a leading '?'. (I.e. "sv=2017-04-17u0026si=writersr=cu0026sig=LGqc" rather than "?sv=2017-04-17u0026si=writersr=cu0026sig=LGqc")
- storage_endpoint_suffix (optional): To deliver your order to a sovereign cloud a
storage_endpoint_suffix
should be set appropriately for your cloud. The default is "core.windows.net".
Example Request
"delivery": {
"type": "azure_blob_storage",
"parameters": {
"account": "accountname",
"container": "containername",
"sas_token": "sv=2017-04-17u0026si=writersr=cu0026sig=LGqc",
"storage_endpoint_suffix": "core.windows.net"
}
}
Delivery to Google Cloud Storage¶
For Google Cloud Storage delivery you will need an GCS account with write
and delete
permissions.
Preparing Your Google Cloud Storage Credentials
The Google Cloud Storage delivery option requires in a single-line base64 version of your service account credentials for use by the credentials
parameter.
To download your service account credentials in JSON format (not P12) and encode them as a base64 string, you can use a command line operation such as:
cat my_creds.json | base64 | tr -d '\n'
Parameters
- credentials (required): GCS credentials.
- bucket (required): The name of the GCS bucket which will receive the order output.
Example Request
"delivery": {
"type": "google_cloud_storage",
"parameters": {
"bucket": "your-gcs-bucket",
"credentials": "c29tZWNyZWRzZm9yeW91cmdjc2J1Y2..."
}
}
Delivery to Oracle Cloud Storage¶
For Oracle Cloud Storage delivery you need an Oracle account with read
, write
, and delete
permissions. For authentication you need a Customer Secret Key which consists of an Access Key/Secret Key pair.
Parameters
- customer_access_key_id (required): Customer Secret Key credentials.
- customer_secret_key (required): Customer Secret Key credentials.
- bucket (required): The name of the bucket that will receive the order output.
- region (required): The region where the bucket lives in Oracle.
- namespace (required): Object Storage namespace name.
Example Request
"delivery": {
"type": "oracle_cloud_storage",
"parameters": {
"bucket": "foo-bucket",
"namespace": "ORACLE_NAMESPACE",
"region": "us-sanjose-1",
"customer_access_key_id": "YOUR_ACCESS_ID",
"customer_secret_key": "YOUR_SECRET_KEY",
}
}
Delivery Layout¶
When data is delivered to your cloud storage solution for your Subscription, we will deliver your files in accordance with the following layout scheme: <subscription_id>/<item_id>/...
For example, if we're delivering the file 20170716_144316_1041_3B_AnalyticMS.tif
for item 20170716_144316_1041
as output for subscription 0ee41665-ab3b-4faa-98d1-25738cdd579c
, the file will be delivered to the path:
0ee41665-ab3b-4faa-98d1-25738cdd579c/20170716_144316_1041/20170716_144316_1041_3B_AnalyticMS.tif
.
Rate this guide: