--- title: "Authentication With Wasabi AiR API" slug: "authentication-with-wasabi-air-api" updated: 2025-11-10T20:31:36Z published: 2025-11-10T20:31:36Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.wasabi.com/llms.txt > Use this file to discover all available pages before exploring further. # Authentication With Wasabi AiR API ## AiR API Authentication and Security - Wasabi S3 supports both HTTP and HTTPS connections, so you can choose the right option for your environment. - Authentication of calls will be through the Authorization HTTP header. The caller must use both the access and secret keys provided by Wasabi as the Authorization header value: :. - You can find, generate, and rotate access keys within the Wasabi Console [Access Keys](https://docs.wasabi.com/docs/access-keys-1)****feature. - Keys from a Root account provide full administrative access, including billing, without additional policies. Sub-user keys, however, require attached policies to define their level of access (such as storage or billing permissions). - Keep the keys safe and protected. Use them only in trusted server-to-server communications. Do not put the keys in any untrusted environments (such as browser-side JavaScript) or otherwise expose them to unauthorized personnel. To better control Wasabi AiR API access, Wasabi provides the following policies: - WasabiManageAiR - WasabiViewAiR The following example shows the AiR API access keys used in the request headers: ```bash # List jobs (auth check) curl -sS https://{BASE_URL}/jobs \  -H "x-amz-access-key: $WASABI_ACCESS_KEY" \  -H "x-amz-secret-key: $WASABI_SECRET_KEY" ``` Replace the BASE_URL with your AiR API base and fill keys. You must use both headers in every AiR API request (for example, GET/POST /jobs). These header names are required; requests without them will be rejected (401).