- Print
- DarkLight
Application Key Capabilities
- Print
- DarkLight
Each application key (app key) is associated with a set of capabilities. Each of those capabilities provide access to Backblaze B2 Cloud Storage APIs.
listKeys | Enumerate the app keys in an account and their metadata. The metadata for a key includes everything except the secret app key string. This capability provides access to the following API: |
writeKeys | Create new app keys. This option does not impose any restrictions on what those keys can do. Enabling the This capability provides access to the following API: |
deleteKeys | Delete any app key that belongs to the account. This capability provides access to the following API: |
listBuckets | List the buckets in the account and their metadata. The metadata includes the bucket ID, bucket name, bucket type, bucket info, CORS rules, and lifecycle rules. If an app key is restricted to one bucket, you must provide the bucket name or ID in the This capability provides access to the following API: |
listAllBucketNames | List the names and IDs of all of the buckets in the account, even app keys that are restricted to a bucket. This capability provides access only to the S3-Compatible API |
readBuckets | View additional information about a bucket such as access control lists, location, and versioning. This capability provides access only to the relevant S3-Compatible API, as there is currently no Native API that provides this information. |
writeBuckets | Create new buckets in the account. Also, update the bucket type, bucket info, and lifecycle rules for a bucket. This option is not allowed for app keys that are restricted to a bucket. This capability provides access to the following APIs: |
deleteBuckets | Delete any bucket in the account. This option is not allowed for app keys that are restricted to a bucket. This capability provides access to the following API: |
readBucketRetentions | Determine whether Object Lock is enabled for a bucket. Also, view the default lock mode and period (if configured) on a bucket that has Object Lock enabled. This capability is used in the following APIs: |
writeBucketRetentions | Create a bucket that has Object Lock enabled. Also, update the default lock mode and period on a bucket that has Object Lock enabled. This capability is used in the following APIs: |
readBucketEncryption | View the default encryption settings on a bucket. This capability is used in the following APIs: |
writeBucketEncryption | Enable or disable default encryption on a bucket. This capability is used in the following APIs: |
listFiles | List files and their metadata. Metadata includes the file name, file id, file info, size, and content type. For app keys that are restricted to a bucket, only the files in that bucket are listed. For app keys that are restricted to a file name prefix, you must include a matching prefix in the list request. You can supply the same prefix as in the app key or a more restrictive one. This capability provides access to the following APIs: |
readFiles | View the metadata for files and download their contents. Metadata includes the file name, file id, file info, size, and content type. For app keys that are restricted to a bucket, only the files in that bucket are downloaded. For app keys that are restricted to a file name prefix, only the files with a prefix in the name are downloaded. This capability provides access to the following APIs: |
shareFiles | Create authorization tokens for downloading files. For app keys that are restricted to a bucket, only the files in that bucket are authorized. For app keys that are restricted to a file name prefix, only the files with a prefix in the name are authorized. This capability provides access to the following API: |
writeFiles | Upload files to Backblaze B2, including both regular files and large files. To support large file uploads, all of the APIs that are involved in uploading large files are allowed. For app keys that are restricted to a bucket, files can be uploaded only to that bucket. For app keys that are restricted to a file name prefix, only files with a prefix in the name are uploaded. This capability provides access to the following APIs: |
deleteFiles | Delete files. For app keys that are restricted to a bucket, only files in that bucket are deleted. For app keys that are restricted to a file name prefix, only files with a prefix in the name are deleted. This capability provides access to the following API: |
readFileLegalHolds | View the Object Lock legal hold status on a file. These files must be located in a bucket that has Object Lock enabled. This capability is used in the following APIs: |
writeFileLegalHolds | Update the Object Lock legal hold status on a file. These files must be located in a bucket that has Object Lock enabled. This capability is used in the following APIs: |
readFileRetentions | View the Object Lock retention settings (mode and expiration) on a file. These files must be located in a bucket that has Object Lock enabled. This capability is used in the following APIs: |
writeFileRetentions | Update the Object Lock retention settings (mode and expiration) on a file. These files must be located in a bucket that has Object Lock enabled. This capability is used in the following APIs: |
bypassGovernance | Delete governance mode-locked files. Also, shorten governance mode expiration and switch governance mode to compliance mode. This capability is used in the following APIs: |
readBucketReplications | View (but not change) bucket replication information. For more information, see Cloud Replication. This capability is used in the following APIs: |
writeBucketReplications | Write bucket replication information. For more information, see Cloud Replication. This capability is used in the following APIs: |