Backblaze B2

Application key restrictions

Only application keys manually created in the Backblaze web UI or via the Backblaze B2 native API can be used to authenticate with the Backblaze S3 compatible API.

Automatically created master application key is not supported in Backblaze S3 compatible API.

If an app key is restricted to a bucket, the listAllBucketNames permission is required for compatibility with SDKs and integrations. This permission can be enabled during creation in the web UI or via the b2_create_key API call.

As a rule, both writeFiles and deleteFiles permissions must be assigned to any key used for deleting files in the S3 compatible API.

Backblaze S3 compatible API does not support unauthenticated ListObject calls on public buckets.

Support for immutable storage

Remember that immutable storage configuration is available only when creating a new bucket— there is no option to enable it for an existing bucket.

Enabling retention and/or versioning for the bucket may result in additional data being stored. It is recommended that the retention period in Xopero ONE be longer than the one set for the storage. Otherwise, this may lead to storage overload.

If you want to use immutable storage, the following permissions are required:

Required to read Object Lock

s3:GetBucketObjectLockConfiguration

Required to read the versioning configuration

configuration.s3:GetBucketVersioning

It must be added to the Action section, and after the changes, the section should look as shown below:

"Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:PutObject",
                    "s3:DeleteObject",
		    "s3:GetBucketVersioning",
	            "s3:GetBucketObjectLockConfiguration"
               ],

Useful links and items

b2_create_bucketwww.backblaze.com

Five Ways to Use Object Lock ImmutabilityBackblaze Blog | Cloud Storage & Cloud Backup

Last updated 1 month ago