R2 write only api permissions to upload

Hi, so i need my r2 api token to be able to upload only. Because if my server for some reason gets compromised the bad actor would be able to delete everything from my r2 bucket.

How do i do that?
I cant find a way to do that, also using workers is not viable.

1 Like

Upload only isn’t a permission that is possible with API tokens currently. You would have to make a worker that would run in front of your bucket to make sure requests are only uploads.

which is extremely bad and kind of a meme for a “security” company. At the very least, cloudflare should provide it out of the box.

Its such a huge blocker its like forcing me to pay AWS instead. oh well

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.