How to Create and Delete Network File Storage Access Points
Last verified 25 Jun 2026
Network File Storage is a fully managed, POSIX-compliant file storage solution built for demanding workloads like AI/ML pipelines, containerized applications, and DigitalOcean Kubernetes (DOKS) clusters. It provides scalable, high-throughput shared storage that simplifies storage management for distributed applications.
Network File Storage (NFS) access points give clients controlled access to a share from one or more VPC networks in the same region. Every share is created with a default access point that provides full read and write access to the share’s root directory. You can also create subdirectory access points that restrict a client to a specific path within the share. For an overview of how access points work, see NFS features.
Access points are included with Network File Storage at no additional cost.
Create an Access Point Using Automation
To create an access point with the API, send a POST request to the /v2/nfs/shares/{share_id}/access_points endpoint with the access point’s name, path, target vpc_id, and an access_policy:
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
-d '{
"name": "team-a",
"path": "/projects/team-a",
"vpc_id": "<your_vpc_id>",
"access_policy": {
"anonuid": 65534,
"anongid": 65534,
"protocols": ["NFS4"],
"squash_config": "ROOT_SQUASH",
"identity_enforcement_enabled": false
}
}' \
"https://api.digitalocean.com/v2/nfs/shares/<your_share_id>/access_points"Replace <your_vpc_id> with the ID of the VPC network to pin the access point to, and <your_share_id> with the ID of your share. The name must be unique within the share and cannot be default, which is reserved for the share’s default access point. The path must start with /, but cannot be / alone, which is reserved for the default access point. The access_policy controls the export’s user squashing and allowed protocols. The response returns the new access point, including its id and status, along with an action you can use to track provisioning.
Create an Access Point Using the Control Panel
You can create an access point from the share’s … menu or from the Access Points and VPCs tab on the share’s detail page.
To create an access point from the control panel, click Network File Storage in the main menu. On the Network File Storage page, find the share in the list, then click its … menu, then click Create Access Point.
You can also open the share’s detail page by clicking its name, then click the Access Points and VPCs tab, then click Create Access Point.
In the Create Access Point window, configure the access point:
- Name: Enter a name for the access point.
- Path: Enter a subdirectory path within the share, such as
/data, to restrict clients to that directory and its contents. - VPC Network: Select the VPC network the access point allows clients to connect from. The VPC network must be in the same region as the share.
Click Create Access Point. The system provisions the network path and returns a mount IP address for the access point.
Use this mount IP address to mount the share from Droplets and DOKS clusters in the selected VPC network. Clients that mount through a subdirectory access point can read and write within that directory and its children, but cannot navigate above it.
The Access Points and VPCs tab lists each access point with its name, path, VPC network, status, and creation time. Every share includes a default access point named default at path /.
List and Retrieve Access Points Using Automation
To list all access points on a share, including its default access point, send a GET request to the /v2/nfs/shares/{share_id}/access_points endpoint:
curl -X GET \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
"https://api.digitalocean.com/v2/nfs/shares/<your_share_id>/access_points"To retrieve a single access point by its ID, send a GET request to the /v2/nfs/access_points/{access_point_id} endpoint:
curl -X GET \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
"https://api.digitalocean.com/v2/nfs/access_points/<your_access_point_id>"Delete an Access Point Using Automation
To delete an access point, send a DELETE request to the /v2/nfs/access_points/{access_point_id} endpoint:
curl -X DELETE \
-H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
"https://api.digitalocean.com/v2/nfs/access_points/<your_access_point_id>"Replace <your_access_point_id> with the ID of the access point to delete. Deleting an access point immediately revokes access for all clients using its mount IP address. The data on the share is not affected.
Delete an Access Point Using the Control Panel
To delete an access point, open the share’s detail page, then click the Access Points and VPCs tab. Find the access point you want to remove, click its … menu, then click Delete Access Point.
Deleting an access point immediately revokes access for all clients using its mount IP address, and active mounts on those clients become stale. The data on the share is not affected. Write access for any subdirectory governed by the deleted access point reverts to the default access point.
Change an Access Point
You cannot edit an existing access point. To change an access point’s VPC network or subdirectory path, delete it and create a new one with the settings you want, then update the mount IP address on any clients that use it.