API Reference

R2

Temporary Credentials

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Create Temporary Access Credentials

client.r2.temporaryCredentials.create(TemporaryCredentialCreateParams { account_id, bucket, parentAccessKeyId, 4 more } params, RequestOptionsoptions?): TemporaryCredentialCreateResponse { accessKeyId, secretAccessKey, sessionToken }

POST/accounts/{account_id}/r2/temp-access-credentials

Creates temporary access credentials on a bucket that can be optionally scoped to prefixes or objects.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

ParametersExpand Collapse

params: TemporaryCredentialCreateParams { account_id, bucket, parentAccessKeyId, 4 more }

account_id: string

Path param: Account ID.

maxLength32

bucket: string

Body param: Name of the R2 bucket.

parentAccessKeyId: string

Body param: The parent access key id to use for signing.

permission: "admin-read-write" | "admin-read-only" | "object-read-write" | "object-read-only"

Body param: Permissions allowed on the credentials.

One of the following:

"admin-read-write"

"admin-read-only"

"object-read-write"

"object-read-only"

ttlSeconds: number

Body param: How long the credentials will live for in seconds.

maximum604800

objects?: Array<string>

Body param: Optional object paths to scope the credentials to.

prefixes?: Array<string>

Body param: Optional prefix paths to scope the credentials to.

ReturnsExpand Collapse

TemporaryCredentialCreateResponse { accessKeyId, secretAccessKey, sessionToken }

accessKeyId?: string

ID for new access key.

secretAccessKey?: string

Secret access key.

sessionToken?: string

Security token.

Create Temporary Access Credentials

TypeScript

HTTP

TypeScript

Python

Go

Terraform

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const temporaryCredential = await client.r2.temporaryCredentials.create({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  bucket: 'example-bucket',
  parentAccessKeyId: 'example-access-key-id',
  permission: 'object-read-write',
  ttlSeconds: 3600,
});

console.log(temporaryCredential.accessKeyId);

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    "string"
  ],
  "result": {
    "accessKeyId": "example-access-key-id",
    "secretAccessKey": "example-secret-key",
    "sessionToken": "example-session-token"
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    "string"
  ],
  "result": {
    "accessKeyId": "example-access-key-id",
    "secretAccessKey": "example-secret-key",
    "sessionToken": "example-session-token"
  },
  "success": true
}