- Print
- DarkLight
b2_authorize_account
- Print
- DarkLight
Returns an authorization token
This operation returns an authorization token and base URL for subsequent API calls.
You can use either the master application key or a normal application key.
NOTE: The account ID can be used in place of the master application key ID.
You'll find the master application key in the Backblaze web UI. When using the master application key, use your "master application key ID" and the "application key" you got from the site.
Master Application Key: This is the first key you have access to. It is available in the Backblaze web UI. This key has all capabilities, access to all buckets, and has no file prefix restrictions or expiration.
Application Key(s) [non-master]: These are other keys created by you that can be limited to a specific bucket, a bucket with a specific file prefix, or all buckets with a specific file prefix, have limited read/write access, and can be set to expire.
Normal application keys come from the b2_create_key call. When using one of them, the "application key ID" and "application key" are returned after creating the key.
API Versions
v4 b2_authorize_account (April 29, 2025)
Please note: Multi-Bucket Application Keys are keys restricted to a specific group of buckets. These keys can only be used with a v4 b2_authorize_account request. An error will be returned if you use a Multi-Bucket Application Key with an earlier API version (v1, v2, or v3) of this operation.
Compatibility note: application keys with and without bucket restrictions created using v3 b2_create_key will work with v4 b2_authorize_account. Application keys created using v4 b2_create_key with no bucket restrictions will work with v3 b2_authorize_account.
The response structure has been updated in v4 to allow for the creation and use of Multi-Bucket Application Keys. The bucketId
, bucketName
, and infoType
fields have been removed, and there is now an allowed
field that encapsulates application key restriction terms such as buckets
, capabilities
, and namePrefix
. Bucket-specific information, including the bucket id
and name
fields, is grouped within the buckets
JSON object.
v3 b2_authorize_account (September 23, 2021)
v2 Return bucket name (Sept 13, 2018)
When using an application key with a bucket restriction, the name of the bucket is now returned.
For information on all API versions, view our API changelog.
An HTTP basic auth value constructed as follows:
- The application key id and application key are combined into a string in the format "applicationKeyId:applicationKey".
- The combined string is Base64 encoded.
- "Basic" is put before the encoded string.
The request succeeded.
{
"accountId": "ACCOUNT_ID",
"apiInfo": {
"storageApi": {
"absoluteMinimumPartSize": 5000000,
"apiUrl": "https://api001.backblazeb2.com",
"allowed": {
"buckets": [
{
"id": "bucketId1",
"name": "bucketIdName1"
},
{
"id": "bucketId2",
"name": "bucketIdName2"
},
{
"id": "bucketId3",
"name": null
}
],
"capabilities": [
"listAllBucketNames",
"listBuckets",
"writeBuckets",
"readBuckets",
"listFiles",
"readFiles",
"shareFiles",
"writeFiles",
"deleteFiles",
"readBucketEncryption",
"writeBucketEncryption",
"readBucketNotifications",
"writeBucketNotifications",
"bypassGovernance",
"readBucketRetentions",
"writeBucketRetentions",
"readFileRetentions",
"writeFileRetentions",
"readFileLegalHolds",
"writeFileLegalHolds"
],
"namePrefix": null
},
"downloadUrl": "https://f001.backblazeb2.com",
"recommendedPartSize": 100000000,
"s3ApiUrl": "https://s3.us-west-001.backblazeb2.com"
},
"groupsApi": {
"capabilities": [
"all"
],
"groupsApiUrl": "https://apiNNN.backblazeb2.com",
"infoType": "groupsApi"
}
},
"applicationKeyExpirationTimestamp": null,
"authorizationToken": "AUTHORIZATION_TOKEN"
}
The identifier for the account.
A data structure that groups the information you need by API suite.
A data structure that contains the information you need for the Partner API.
A list of strings, each one naming a capability the new key should have.
The base URL for all Partner API calls.
The API type that the information in the object corresponds to.
A data structure that contains the information you need for the B2 Native API.
The smallest possible size of a part of a large file (except the last one). This is smaller than the recommendedPartSize
. If you use it, you may find that it takes longer overall to upload a large file.
The base URL to use for all API calls except for uploading and downloading files.
A list of strings, each one naming a capability the key has.
When present, access is restricted to files whose names start with the prefix
The base URL to use for downloading files.
The recommended file part size.
The base URL to use for all API calls using the S3 compatible API.
An authorization token to use with all calls, other than b2_authorize_account, that need an Authorization header. This authorization token is valid for at most 24 hours.
Expiration timestamp for the application key.
status | code | description |
---|---|---|
400 | bad_bucket_id | The requested bucket ID does not match an existing bucket. |
400 | bad_request | The request had the wrong fields or illegal values. The message returned with the error will describe the problem. |
The numeric HTTP status code. Always matches the status in the HTTP response.
A single-identifier code that identifies the error.
A human-readable message, in English, saying what went wrong.
status | code | description |
---|---|---|
401 | unauthorized | The applicationKeyId and/or the applicationKey are wrong. |
401 | unsupported | The applicationKeyId is valid, but cannot be used with this version of the B2 Native API. The message contains information about the problem. |
status | code | description |
---|---|---|
403 | transaction_cap_exceeded | Transaction cap exceeded. To increase your cap, sign in to your B2 Cloud Storage account online. Then select the Caps & Alerts link in the B2 Cloud Storage section of the sidebar. |