Stats API Authentication and Security
Wasabi S3 supports both HTTP and HTTPS connections, so you can choose the right option for your environment.
Authentication of Stats API calls will be through the Authorization HTTP header. The caller must use both the access and secret keys provided by Wasabi as the Authorization header value, for example: <ACCESS_KEY>:<SECRET_KEY>.
You can find, generate, and rotate access keys within the Wasabi Console Access Keys feature.
Keys from a Root account provide full administrative access, including billing, without additional policies. Sub-user keys, however, require attached policies to define their level of access (such as storage or billing permissions).
Keep the keys safe and protected. Use them only in trusted server-to-server communications. Do not put the keys in any untrusted environments (such as browser-side JavaScript) or otherwise expose them to unauthorized personnel.
To better control Stats API access, Wasabi provides the following policies:
WasabiAccountStatsAccess (full access for root users)
WasabiBucketStatsAccess (limited access for sub-users).
The following sample shows a request to the Wasabi Stats API, passing credentials in the Authorization header (<ACCESS_KEY>:<SECRET_KEY>) to retrieve data for the specified endpoint and query.
curl -H "Authorization: <ACCESS_KEY>:<SECRET_KEY>" \
"https://stats.wasabisys.com/<your-endpoint-and-query>"