Can't get API access to R2, to change TLS defaults

For Workers & Pages, what is the name of the domain?

not relevant

What is the issue or error you’re encountering

Can’t get API access to R2, to change TLS defaults

What steps have you taken to resolve the issue?

I found the thread here, where several other people have the same problem.

So I was happy to try the solution of using the API to fix this.

I went to R2 storage, created a new API key, just for cli access, and gave it full permissions to access and edit all buckets and settings.
However when I try to use the key in the suggested way, for eg.
curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/r2/buckets
–header “X-Auth-Email: $CLOUDFLARE_EMAIL”
–header “X-Auth-Key: $CLOUDFLARE_API_KEY”
Then I get an authentication error.
{“success”:false,“errors”:[{“code”:10000,“message”:“Authentication error”}]}

I have visited the account main page, and see that this key has been set up with this permission (only) Workers R2 Storage:Edit

What do I need to add to this to make it work.

I don’t think that’s going to be an R2 token. Try a regular API token, like this:

Screenshot 2025-01-05 at 8.37.58 PM2614×1200 197 KB

Although the API key was created via the R2 area, it stillappears in the Profile > API Tokens area. (I think the R2 route was just a shortcut to adding the right perms for R2 storage)
The one I created like that has edit permissions for Workers R2 Storage.
I’ve tried editing it and adding anything I can see to do with SSL or TLS, but still the same “no authentication” message

I’ll also add that I’ve successfully created API tokens to access buckets, and the files within, using various s3 clients (eg rclone). And I’ve created other API tokens to change Zone settings in the past. But I can’t figure out what permissions R2 bucket settings wants.

I’m quite sure it’s the screenshot I just posted. I just set mine while scanning SSL:

Screenshot 2025-01-05 at 9.06.16 PM2140×560 47 KB

Here’s what I sent:

Screenshot 2025-01-05 at 9.06.57 PM1826×442 37.8 KB

And then I set it back to 1.0 before the scan completed:

Screenshot 2025-01-05 at 9.10.42 PM2130×1000 205 KB

OK well thanks for the confirmation. I have an API token with identical permissions, but its not authorizing properly. So I guess there must be something strange going on with the account itself.
I can’t even list buckets, so its not a read/write thing.

I’m logging in as a delegate of the account, with (I am assured) full admin access. I’ve tried changing the account email and/or account ID with all permutations, so its not that …

So just making sure … are these the headers you’re using to authenticate?
These are the ones suggested in the link in my first post, which are different from the ones I used previously, namely
“Authorization: Bearer xxxxxxyyyyyyyyy”

Ugh. It seems that’s it. If I use Authorization Bearer, it works.
If I use X-Auth-Key, and X-Auth-Email, as instructed in the documentation (!), it doesn’t. Who would have guessed.

Might want to also update the API documentation so that the example uses Authorization Bearer, so others don’t spend hours on this!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.