Application Key Capabilities

Print
Dark
Light

Article Summary

Share feedback

Thanks for sharing your feedback!

Each application key (app key) is associated with a set of capabilities. Each of those capabilities provide access to Backblaze B2 Cloud Storage APIs.

listKeys	Enumerate the app keys in an account and their metadata. The metadata for a key includes everything except the secret app key string. This capability provides access to the following API: `b2_list_keys`
writeKeys	Create new app keys. This option does not impose any restrictions on what those keys can do. Enabling the `writeKeys` capability grants full access to the Backblaze B2 account. This capability provides access to the following API: `b2_create_key`
deleteKeys	Delete any app key that belongs to the account. This capability provides access to the following API: `b2_delete_key`
listBuckets	List the buckets in the account and their metadata. The metadata includes the bucket ID, bucket name, bucket type, bucket info, CORS rules, and lifecycle rules. If an app key is restricted to one bucket, you must provide the bucket name or ID in the `b2_list_buckets` request. This capability provides access to the following API: `b2_list_buckets`
listAllBucketNames	List the names and IDs of all of the buckets in the account, even app keys that are restricted to a bucket. This capability provides access only to the S3-Compatible API `List Buckets`, as there is currently no Native API that lists only bucket names and IDs.
readBuckets	View additional information about a bucket such as access control lists, location, and versioning. This capability provides access only to the relevant S3-Compatible API, as there is currently no Native API that provides this information.
writeBuckets	Create new buckets in the account. Also, update the bucket type, bucket info, and lifecycle rules for a bucket. This option is not allowed for app keys that are restricted to a bucket. This capability provides access to the following APIs: `b2_create_bucket` `b2_update_bucket`
deleteBuckets	Delete any bucket in the account. This option is not allowed for app keys that are restricted to a bucket. This capability provides access to the following API: `b2_delete_bucket`
readBucketRetentions	Determine whether Object Lock is enabled for a bucket. Also, view the default lock mode and period (if configured) on a bucket that has Object Lock enabled. This capability is used in the following APIs: `b2_create_bucket` `b2_delete_bucket` `b2_list_buckets` `b2_update_bucket`
writeBucketRetentions	Create a bucket that has Object Lock enabled. Also, update the default lock mode and period on a bucket that has Object Lock enabled. This capability is used in the following APIs: `b2_create_bucket` `b2_update_bucket`
readBucketEncryption	View the default encryption settings on a bucket. This capability is used in the following APIs: `b2_create_bucket` `b2_delete_bucket` `b2_list_buckets` `b2_update_bucket`
writeBucketEncryption	Enable or disable default encryption on a bucket. This capability is used in the following APIs: `b2_create_bucket` `b2_update_bucket`
listFiles	List files and their metadata. Metadata includes the file name, file id, file info, size, and content type. For app keys that are restricted to a bucket, only the files in that bucket are listed. For app keys that are restricted to a file name prefix, you must include a matching prefix in the list request. You can supply the same prefix as in the app key or a more restrictive one. This capability provides access to the following APIs: `b2_list_file_names` `b2_list_file_versions` `b2_list_unfinished_large_files`
readFiles	View the metadata for files and download their contents. Metadata includes the file name, file id, file info, size, and content type. For app keys that are restricted to a bucket, only the files in that bucket are downloaded. For app keys that are restricted to a file name prefix, only the files with a prefix in the name are downloaded. This capability provides access to the following APIs: `b2_download_file_by_id` `b2_download_file_by_name` `b2_get_file_info`
shareFiles	Create authorization tokens for downloading files. For app keys that are restricted to a bucket, only the files in that bucket are authorized. For app keys that are restricted to a file name prefix, only the files with a prefix in the name are authorized. This capability provides access to the following API: `b2_get_download_authorization`
writeFiles	Upload files to Backblaze B2, including both regular files and large files. To support large file uploads, all of the APIs that are involved in uploading large files are allowed. For app keys that are restricted to a bucket, files can be uploaded only to that bucket. For app keys that are restricted to a file name prefix, only files with a prefix in the name are uploaded. This capability provides access to the following APIs: `b2_cancel_large_file` `b2_finish_large_file` `b2_get_upload_part_url` `b2_get_upload_url` `b2_hide_file` `b2_list_parts` `b2_start_large_file` `b2_upload_file` `b2_upload_part`
deleteFiles	Delete files. For app keys that are restricted to a bucket, only files in that bucket are deleted. For app keys that are restricted to a file name prefix, only files with a prefix in the name are deleted. This capability provides access to the following API: `b2_delete_file_version`
readFileLegalHolds	View the Object Lock legal hold status on a file. These files must be located in a bucket that has Object Lock enabled. This capability is used in the following APIs: `b2_copy_file` `b2_finish_large_file` `b2_get_file_info` `b2_list_file_names` `b2_list_file_versions` `b2_list_unfinished_large_files` `b2_upload_file`
writeFileLegalHolds	Update the Object Lock legal hold status on a file. These files must be located in a bucket that has Object Lock enabled. This capability is used in the following APIs: `b2_update_file_legal_hold` `b2_upload_file`
readFileRetentions	View the Object Lock retention settings (mode and expiration) on a file. These files must be located in a bucket that has Object Lock enabled. This capability is used in the following APIs: `b2_copy_file` `b2_finish_large_file` `b2_get_file_info` `b2_list_file_names` `b2_list_file_versions` `b2_list_unfinished_large_files` `b2_upload_file`
writeFileRetentions	Update the Object Lock retention settings (mode and expiration) on a file. These files must be located in a bucket that has Object Lock enabled. This capability is used in the following APIs: `b2_update_file_retention` `b2_upload_file`
bypassGovernance	Delete governance mode-locked files. Also, shorten governance mode expiration and switch governance mode to compliance mode. This capability is used in the following APIs: `b2_delete_file_version` `b2_update_file_retention`
readBucketReplications	View (but not change) bucket replication information. For more information, see Cloud Replication. This capability is used in the following APIs: `b2_create_bucket` `b2_update_bucket` `b2_list_buckets`
writeBucketReplications	Write bucket replication information. For more information, see Cloud Replication. This capability is used in the following APIs: `b2_create_bucket` `b2_update_bucket`
readBucketNotifications	Read the event notification rules for a bucket. This capability is used in the following APIs: `b2_get_bucket_notification_rules`
writeBucketNotifications	Write event notification rule information for a bucket. This capability is used in the following APIs: `b2_set_bucket_notification_rules`

Was this article helpful?

What's Next

Buckets

Application Key Capabilities

Related articles

What's Next