Using Spaces, I get a (403) Forbidden error when trying to load an image on my website.

In my case, I integrated the S3 API with a Laravel application. And then used Laravel Media Library to upload (PUT) and view (GET) images on the site… Even though uploading was okay, I was getting 403 forbidden requests for viewing those files!

And thanks to the support, they pointed out that you can view the individual file’s permission within the Space storage in DigitalOcean, and then it hit me! The files were uploaded without the necessary x-amz-acl header that is set to public-read and it was defaulted to private!-_-’

https://developers.digitalocean.com/documentation/spaces/#object

Anyhow, thanks to the amazing Laravel Media Library package, its configuration included an array for extra headers to be attached to the PUT HTTP requests.

Spaces is DO’s Object Storage solution as opposed to Droplet’s which is a compute platform :-)

Usually files uploaded to Spaces are private by default. You can chance the setting at a file level for every file you upload. Can you please make sure your files are not uploaded with the default “private” setting? If it is, please switch this to public. You can do this from our cloud portal or via our API.

Spaces have the following request rate limits:

• 750 requests (any operation) per IP address per second to all Spaces on an account.

• 240 total operations per second to any individual Space.

• 150 combined PUT, POST, COPY, DELETE, and LIST operations per second to any individual Space. We may further limit LIST operations if necessary under periods of high load.

• 5 PUT or COPY requests per 5 minutes to any individual object in a Space.

Can you verify if you are hitting any of those limits by any chance?

For more information on the limits, you could check out the documentation here:

https://docs.digitalocean.com/products/spaces/details/limits