API Reference

R2

Temporary Credentials

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Create Temporary Access Credentials

POST/accounts/{account_id}/r2/temp-access-credentials

Creates temporary access credentials on a bucket that can be optionally scoped to prefixes or objects.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Path ParametersExpand Collapse

account_id: string

Account ID.

maxLength32

Body ParametersJSONExpand Collapse

bucket: string

Name of the R2 bucket.

parentAccessKeyId: string

The parent access key id to use for signing.

permission: "admin-read-write" or "admin-read-only" or "object-read-write" or "object-read-only"

Permissions allowed on the credentials.

One of the following:

"admin-read-write"

"admin-read-only"

"object-read-write"

"object-read-only"

ttlSeconds: number

How long the credentials will live for in seconds.

maximum604800

objects: optional array of string

Optional object paths to scope the credentials to.

prefixes: optional array of string

Optional prefix paths to scope the credentials to.

ReturnsExpand Collapse

errors: array of ResponseInfo { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

messages: array of string

result: object { accessKeyId, secretAccessKey, sessionToken }

accessKeyId: optional string

ID for new access key.

secretAccessKey: optional string

Secret access key.

sessionToken: optional string

Security token.

success: true

Whether the API call was successful.

Create Temporary Access Credentials

HTTP

HTTP

TypeScript

Python

Go

Terraform

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/r2/temp-access-credentials \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -d '{
          "bucket": "example-bucket",
          "parentAccessKeyId": "example-access-key-id",
          "permission": "object-read-write",
          "ttlSeconds": 3600
        }'

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    "string"
  ],
  "result": {
    "accessKeyId": "example-access-key-id",
    "secretAccessKey": "example-secret-key",
    "sessionToken": "example-session-token"
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    "string"
  ],
  "result": {
    "accessKeyId": "example-access-key-id",
    "secretAccessKey": "example-secret-key",
    "sessionToken": "example-session-token"
  },
  "success": true
}