The WACM Connect API uses HTTP Basic Authentication over HTTPS. Each request carries a username and an API key — the API key acts as the password. There are two kinds of API keys, generated from the WACM UI, depending on whether the integration belongs to the account as a whole or to an individual user.
Base URL
All WACM Connect API requests go to:
https://api.wacm.wasabisys.comAll requests must use HTTPS. Unsecured HTTP requests are rejected.
API Keys
WACM Connect supports two kinds of API keys. The kind of key you use determines what you supply as the username when authenticating.
Account API key
Represents the WACM account itself. Account API keys are generated by an Account Admin from the Account tab in the WACM profile. Use an Account API key for production integrations and shared services that belong to the account rather than to one person.
Username for authentication: the account name shown on your WACM profile.
Password for authentication: the Account API key.
User API key
Tied to an individual WACM user. Any user can generate a User API key from their own profile. The key inherits the permissions of the user who created it. Use a User API key for personal scripts, development, and any work where access should be scoped to a specific person.
Username for authentication: the username shown on your WACM profile.
Password for authentication: the User API key.
Generating an API Key
API keys are created in the WACM UI. The steps are slightly different for the two key types.
Generate an Account API key (Account Admin)
Log in to Wasabi Account Control Manager.
Click your avatar in the upper right, then click My Profile.
Click the Account tab.
Scroll to the WACM Connect section and click Generate New API Key.
Enter a name for the key, then click Generate.
Copy or download the API key and store it in a safe place.
Generate a User API key
Log in to Wasabi Account Control Manager.
Click your avatar in the upper right, then click My Profile.
Scroll to the WACM Connect section and click Generate New API Key.
Enter a name for the key, then click Generate.
Copy or download the API key and store it in a safe place.
The API key is shown only once. After you close the dialog there is no way to retrieve it — if you lose the key you will need to regenerate it.
Authenticating With Your Key
Most HTTP clients have Basic Authentication built in, so you do not have to construct the Authorization header yourself. Pass your username and API key through the client's Basic Auth option.
curl
curl -u "$WACM_USERNAME:$WACM_API_KEY" \
https://api.wacm.wasabisys.com/api/v1/sub-accounts/Python (requests)
import requests
response = requests.get(
"https://api.wacm.wasabisys.com/api/v1/sub-accounts/",
auth=("your_username", "your_api_key"),
)
print(response.status_code)
print(response.json())Node.js (fetch)
const auth = Buffer.from(`${username}:${apiKey}`).toString("base64");
const response = await fetch(
"https://api.wacm.wasabisys.com/api/v1/sub-accounts/",
{ headers: { Authorization: `Basic ${auth}` } },
);
console.log(await response.json());Use your account name as the username when authenticating with an Account API key, and your WACM username when authenticating with a User API key. Both are visible on your WACM profile.
Verifying Your Key
To confirm your credentials work, list your sub-accounts. A 200 response — even with an empty list — means your key is valid.
curl -u "$WACM_USERNAME:$WACM_API_KEY" \
https://api.wacm.wasabisys.com/api/v1/sub-accounts/Common Errors
If a request fails, the API returns a non-2xx status code and a JSON body describing the error. For example:
{
"error": "Invalid API key",
"code": 401
}Status | Meaning | What to check |
|---|---|---|
400 | Bad Request | The request body or query parameters are malformed. Verify field names, types, and required fields against the endpoint reference. |
401 | Unauthorized | Username or API key is wrong, the key was regenerated, or the key has been deleted. Confirm you are using the correct username for the key type (account name vs. WACM username) and that the key was copied without surrounding whitespace. |
403 | Forbidden | Credentials are valid, but the user lacks permission for this resource. For User API keys, the key inherits the user's permissions — verify the user can perform this action in the WACM UI. |
404 | Not Found | The resource does not exist or is not visible to your account. Check the resource ID and the URL path. |
429 | Too Many Requests | Rate limit exceeded. See Rate Limiting for current limits. |
500 | Internal Server Error | An error on Wasabi's side. Retry after a short delay; if the error persists, contact Wasabi Customer Support. |
Regenerating a Key
Regenerating a key deletes the existing key and replaces it with a new one. Any service still using the old key will stop working until it is updated.
Connected services will stop working until you update them with the new API key.
Log in to Wasabi Account Control Manager.
Click your avatar in the upper right, then click My Profile. For an Account API key, also click the Account tab.
Scroll to the WACM Connect section and click the More Options icon on the API key row.
Click Regenerate Key, then click Regenerate Key again to confirm.
Copy or download the new API key and store it in a safe place.
Constructing the Authorization Header Manually
If you are working in an environment without a Basic Auth helper, you can build the header by hand. The format is:
Authorization: Basic <base64(username:api_key)>Generate the base64 string in most terminals with:
echo -n 'your_username:your_api_key' | base64Then send the header on every request:
curl -H "Authorization: Basic <base64-string>" \
https://api.wacm.wasabisys.com/api/v1/sub-accounts/