Contents x
b2_authorize_account
    • Print
    • Dark
      Light
    Contents

    b2_authorize_account

      • Print
      • Dark
        Light
      Article summary

      Get
      /b2api/v4/b2_authorize_account

      Returns an authorization token

      This operation returns an authorization token and base URL for subsequent API calls.

      You can use either the master application key or a normal application key.

      NOTE: The account ID can be used in place of the master application key ID.

      You'll find the master application key in the Backblaze web UI. When using the master application key, use your "master application key ID" and the "application key" you got from the site.

      Master Application Key: This is the first key you have access to. It is available in the Backblaze web UI. This key has all capabilities, access to all buckets, and has no file prefix restrictions or expiration.

      Application Key(s) [non-master]: These are other keys created by you that can be limited to a specific bucket, a bucket with a specific file prefix, or all buckets with a specific file prefix, have limited read/write access, and can be set to expire.

      Normal application keys come from the b2_create_key call. When using one of them, the "application key ID" and "application key" are returned after creating the key.

      API Versions

      v4 b2_authorize_account (April 29, 2025)

      Please note: Multi-Bucket Application Keys are keys restricted to a specific group of buckets. These keys can only be used with a v4 b2_authorize_account request. An error will be returned if you use a Multi-Bucket Application Key with an earlier API version (v1, v2, or v3) of this operation.

      Compatibility note: application keys with and without bucket restrictions created using v3 b2_create_key will work with v4 b2_authorize_account. Application keys created using v4 b2_create_key with no bucket restrictions will work with v3 b2_authorize_account.

      The response structure has been updated in v4 to allow for the creation and use of Multi-Bucket Application Keys. The bucketId, bucketName, and infoType fields have been removed, and there is now an allowed field that encapsulates application key restriction terms such as buckets, capabilities, and namePrefix. Bucket-specific information, including the bucket id and name fields, is grouped within the buckets JSON object.

      v3 b2_authorize_account (September 23, 2021)

      v2 Return bucket name (Sept 13, 2018)

      When using an application key with a bucket restriction, the name of the bucket is now returned.


      For information on all API versions, view our API changelog.

      Header parameters
      Authorization
      stringRequired

      An HTTP basic auth value constructed as follows:

      • The application key id and application key are combined into a string in the format "applicationKeyId:applicationKey".
      • The combined string is Base64 encoded.
      • "Basic" is put before the encoded string.
      Responses
      200

      The request succeeded.

      Authorization token returned
      {
  "accountId": "ACCOUNT_ID",
  "apiInfo": {
    "storageApi": {
      "absoluteMinimumPartSize": 5000000,
      "apiUrl": "https://api001.backblazeb2.com",
      "allowed": {
        "buckets": [
          {
            "id": "bucketId1",
            "name": "bucketIdName1"
          },
          {
            "id": "bucketId2",
            "name": "bucketIdName2"
          },
          {
            "id": "bucketId3",
            "name": null
          }
        ],
        "capabilities": [
          "listAllBucketNames",
          "listBuckets",
          "writeBuckets",
          "readBuckets",
          "listFiles",
          "readFiles",
          "shareFiles",
          "writeFiles",
          "deleteFiles",
          "readBucketEncryption",
          "writeBucketEncryption",
          "readBucketNotifications",
          "writeBucketNotifications",
          "bypassGovernance",
          "readBucketRetentions",
          "writeBucketRetentions",
          "readFileRetentions",
          "writeFileRetentions",
          "readFileLegalHolds",
          "writeFileLegalHolds"
        ],
        "namePrefix": null
      },
      "downloadUrl": "https://f001.backblazeb2.com",
      "recommendedPartSize": 100000000,
      "s3ApiUrl": "https://s3.us-west-001.backblazeb2.com"
    },
    "groupsApi": {
      "capabilities": [
        "all"
      ],
      "groupsApiUrl": "https://apiNNN.backblazeb2.com",
      "infoType": "groupsApi"
    }
  },
  "applicationKeyExpirationTimestamp": null,
  "authorizationToken": "AUTHORIZATION_TOKEN"
}
      Expand All
      object
      accountId
      string

      The identifier for the account.

      ExampleACCOUNT_ID
      apiInfo
      object

      A data structure that groups the information you need by API suite.

      groupsApi
      object

      A data structure that contains the information you need for the Partner API.

      capabilities
      Array of string

      A list of strings, each one naming a capability the new key should have.

      Example[ "all" ]
      string
      groupsApiUrl
      string

      The base URL for all Partner API calls.

      Examplehttps://apiNNN.backblazeb2.com
      infoType
      string

      The API type that the information in the object corresponds to.

      ExamplegroupsApi
      storageApi
      object

      A data structure that contains the information you need for the B2 Native API.

      absoluteMinimumPartSize
      integer

      The smallest possible size of a part of a large file (except the last one). This is smaller than the recommendedPartSize. If you use it, you may find that it takes longer overall to upload a large file.

      Example5000000
      apiUrl
      string

      The base URL to use for all API calls except for uploading and downloading files.

      Examplehttps://apiNNN.backblazeb2.com
      allowed
      object
      buckets
      Array
      Example[ { "id": "bucketId1", "name": "bucketIdName1" }, { "id": "bucketId2", "name": "bucketIdName2" }, { "id": "bucketId3", "name": null } ]
      capabilities
      Array of string

      A list of strings, each one naming a capability the key has.

      Example[ "deleteFiles", "deleteKeys", "readBucketEncryption", "writeKeys", "writeBuckets", "writeBucketReplications", "readBucketReplications", "readBucketNotifications", "deleteBuckets", "readBuckets", "bypassGovernance", "readFileLegalHolds", "readFiles", "listAllBucketNames", "readBucketRetentions", "writeBucketNotifications", "writeBucketRetentions", "writeFileLegalHolds", "shareFiles", "writeFiles", "listKeys", "listBuckets", "listFiles", "writeFileRetentions", "writeBucketEncryption", "readFileRetentions" ]
      string
      Valid values[ "deleteFiles", "deleteKeys", "readBucketEncryption", "writeKeys", "writeBuckets", "writeBucketNotifications", "writeBucketReplications", "readBucketNotifications", "readBucketReplications", "deleteBuckets", "readBuckets", "bypassGovernance", "readFileLegalHolds", "readFiles", "listAllBucketNames", "readBucketRetentions", "writeBucketRetentions", "writeFileLegalHolds", "shareFiles", "writeFiles", "listKeys", "listBuckets", "listFiles", "writeFileRetentions", "writeBucketEncryption", "readFileRetentions" ]
      namePrefix
      string

      When present, access is restricted to files whose names start with the prefix

      ExamplemyFilePrefix
      downloadUrl
      string

      The base URL to use for downloading files.

      Examplehttps://f001.backblazeb2.com
      recommendedPartSize
      integer

      The recommended file part size.

      Example100000000
      s3ApiUrl
      string

      The base URL to use for all API calls using the S3 compatible API.

      Examplehttps://s3.us-west-NNN.backblazeb2.com
      authorizationToken
      string

      An authorization token to use with all calls, other than b2_authorize_account, that need an Authorization header. This authorization token is valid for at most 24 hours.

      ExampleAUTHORIZATION_TOKEN
      applicationKeyExpirationTimestamp
      integer

      Expiration timestamp for the application key.

      Examplenull
      400
      statuscodedescription
      400bad_bucket_idThe requested bucket ID does not match an existing bucket.
      400bad_requestThe request had the wrong fields or illegal values. The message returned with the error will describe the problem.
      object
      status
      integer

      The numeric HTTP status code. Always matches the status in the HTTP response.

      Example400
      code
      string

      A single-identifier code that identifies the error.

      Exampleinvalid_bucket_name
      message
      string

      A human-readable message, in English, saying what went wrong.

      Examplebucket name is too long
      401
      statuscodedescription
      401unauthorizedThe applicationKeyId and/or the applicationKey are wrong.
      401unsupportedThe applicationKeyId is valid, but cannot be used with this version of the B2 Native API. The message contains information about the problem.
      403
      statuscodedescription
      403transaction_cap_exceededTransaction cap exceeded. To increase your cap, sign in to your B2 Cloud Storage account online. Then select the Caps & Alerts link in the B2 Cloud Storage section of the sidebar.
      Was this article helpful?
      What's Next