Providing Read Only R2 Access to Untrusted Clients


As per the title, I want to provide read only access to untrusted clients. Currently I am doing this via an R2 bucket scoped read only API token. It works nicely, the client calls a worker and authenticates and the worker provides the read only keys so the client can go straight to R2.

However, I’ve just hit the limit of 50 tokens on my account that I did not see coming. What alternatives are there to providing access for such clients?

I’d ideally like to avoid having my worker sign every read request as there are many (to load assets on my client we’re talking ~20 R2 reads per page), however I think that’s the only solution I have in mind. Also not ideal from a latency/load time perspective as it adds another request in serial.

Thanks in advance.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.