Wasabi S3 supports both HTTP and HTTPS connections, so you can choose the right option for your environment.
Authentication of calls will be through the Authorization HTTP header. The caller must use both the access and secret keys provided by Wasabi as the Authorization header value: <ACCESS_KEY>:<SECRET_KEY>.
You can find, generate, and rotate access keys within the Wasabi Console Access Keys feature.
Keys from a Root account provide full administrative access, including billing, without additional policies. Sub-user keys, however, require attached policies to define their level of access (such as storage or billing permissions).
Keep the keys safe and protected. Use them only in trusted server-to-server communications. Do not put the keys in any untrusted environments (such as browser-side JavaScript) or otherwise expose them to unauthorized personnel.
To better control Wasabi S3 API access, Wasabi provides the following policies:
AmazonS3FullAccess
AmzonS3ReadOnly