AiR API Authentication and Security
Wasabi S3 supports both HTTP and HTTPS connections, so you can choose the right option for your environment.
Authentication of calls will be through the Authorization HTTP header. The caller must use both the access and secret keys provided by Wasabi as the Authorization header value: <ACCESS_KEY>:<SECRET_KEY>.
You can find, generate, and rotate access keys within the Wasabi Console Access Keys feature.
Keys from a Root account provide full administrative access, including billing, without additional policies. Sub-user keys, however, require attached policies to define their level of access (such as storage or billing permissions).
Keep the keys safe and protected. Use them only in trusted server-to-server communications. Do not put the keys in any untrusted environments (such as browser-side JavaScript) or otherwise expose them to unauthorized personnel.
To better control Wasabi AiR API access, Wasabi provides the following policies:
WasabiManageAiR
WasabiViewAiR
The following example shows the AiR API access keys used in the request headers:
# List jobs (auth check)
curl -sS https://{BASE_URL}/jobs \
-H "x-amz-access-key: $WASABI_ACCESS_KEY" \
-H "x-amz-secret-key: $WASABI_SECRET_KEY"Replace the BASE_URL with your AiR API base and fill keys.
You must use both headers in every AiR API request (for example, GET/POST /jobs). These header names are required; requests without them will be rejected (401).