API Key Management

Learn how to securely generate, rotate, and scope your Buzstorage API credentials for different environments and specific folders.

1. Finding Your Keys

API Keys are the primary method of authenticating your backend servers with Buzstorage. You can access your credentials directly from the Console Dashboard.

Where to find them

Navigate to Settings > Apps in the Buzstorage Console. Select your desired application to view the active environments and their associated Access Keys.

Each application you create is assigned a unique set of keys for each environment. You will find an Access Key ID and a Secret Access Key. Both are required when making requests to the API.

2. Rotating Your Keys

If you suspect that your API keys have been compromised, or if your organization requires routine credential rotation, you can instantly cycle your keys from the dashboard.

Instant Invalidation

When you click Rotate API Keys, the previous credentials are immediately invalidated. Any active services relying on the old keys will experience authentication failures (401 Unauthorized) until they are updated.

For security reasons, newly generated Secret Access Keys are only displayed once in the dashboard. Additionally, an encrypted copy of the new keys is securely dispatched to your registered company email address.

3. Environment Isolation

Buzstorage intrinsically ties your API keys to specific Environments to ensure that your testing data never bleeds into your live production systems.

Production: Live media delivery. Keys typically start with an ak_prod_ prefix.
Staging: Pre-release testing. Keys isolate uploads to staging clusters.
Development: Local engineering workflows.

Automatic Context Resolution

You do not need to pass an explicit environment header in your API requests. Our edge gateway automatically resolves the target application and environment strictly based on the API key pair you use to authenticate.

To guarantee zero cross-contamination, a file uploaded using a Development key cannot be fetched, mutated, or deleted using a Production key. Ensure your environment variables are configured correctly across your deployment tiers.

4. Folder-Scoped Access

For advanced security, you can restrict an API key's access to specific logical folders within your application. This is ideal when granting access to third-party developers, microservices, or external integrations that should only read or write to a designated directory.

Configuring Scoped Access

In the Buzstorage Console, navigate to your App's Environment settings.
Under Production Scope Restrictions, toggle the switch to enable scoped access.
You will be presented with a list of all existing folders in your application.
Check the boxes next to the specific folders you want this environment to access.
Click Save Scope Configuration.

Development Environments

By design, Development environments cannot be scoped and will always have unrestricted access to all folders. Scoped access enforcement is strictly reserved for live (Production) environments.

Once folder scoping is enabled and saved:

Upload Restrictions: Any attempt to upload or move files outside of the authorized folders will be rejected with a 403 Forbidden error.
Retrieval Constraints: Listing and fetching operations will automatically filter out any assets located outside of the selected folders, ensuring strict boundaries.

PreviousQuick Start

NextBuztransfer

API Key Management

Learn how to securely generate, rotate, and scope your Buzstorage API credentials for different environments and specific folders.

1. Finding Your Keys

API Keys are the primary method of authenticating your backend servers with Buzstorage. You can access your credentials directly from the Console Dashboard.

Where to find them

Navigate to Settings > Apps in the Buzstorage Console. Select your desired application to view the active environments and their associated Access Keys.

Each application you create is assigned a unique set of keys for each environment. You will find an Access Key ID and a Secret Access Key. Both are required when making requests to the API.

2. Rotating Your Keys

If you suspect that your API keys have been compromised, or if your organization requires routine credential rotation, you can instantly cycle your keys from the dashboard.

Instant Invalidation

3. Environment Isolation

Buzstorage intrinsically ties your API keys to specific Environments to ensure that your testing data never bleeds into your live production systems.

Production: Live media delivery. Keys typically start with an ak_prod_ prefix.
Staging: Pre-release testing. Keys isolate uploads to staging clusters.
Development: Local engineering workflows.

Automatic Context Resolution

4. Folder-Scoped Access

Configuring Scoped Access

In the Buzstorage Console, navigate to your App's Environment settings.
Under Production Scope Restrictions, toggle the switch to enable scoped access.
You will be presented with a list of all existing folders in your application.
Check the boxes next to the specific folders you want this environment to access.
Click Save Scope Configuration.

Development Environments

By design, Development environments cannot be scoped and will always have unrestricted access to all folders. Scoped access enforcement is strictly reserved for live (Production) environments.

Once folder scoping is enabled and saved:

Upload Restrictions: Any attempt to upload or move files outside of the authorized folders will be rejected with a 403 Forbidden error.
Retrieval Constraints: Listing and fetching operations will automatically filter out any assets located outside of the selected folders, ensuring strict boundaries.

PreviousQuick Start

NextBuztransfer