Authentication for Flat Files S3 API
The Flat Files S3 API uses S3-compatible authentication methods. This allows you to use existing S3 tools and libraries to access our data securely.
Authentication Methods
- API Key as Access Key ID: Your CoinAPI key serves as the Access Key ID.
- Static Secret Key: Use "coinapi" as the Secret Access Key.
- AWS Signature: Requests should be signed using AWS Signature Version 2 or 4.
Configuration Examples
AWS CLI
Configure the AWS CLI with the following command:
aws configure
Enter the following information when prompted:
AWS Access Key ID: YOUR_COINAPI_KEY
AWS Secret Access Key: coinapi
Default region name: us-east-1
Default output format: json
S3 Browser
In S3 Browser, create a new account with these settings:
- Account Name: CoinAPI Flat Files
- Access Key ID: YOUR_COINAPI_KEY
- Secret Access Key: coinapi
- Rest Endpoint: https://s3.flatfiles.coinapi.io
SDK Usage
When using S3 SDKs, configure the client as follows:
import boto3
s3 = boto3.client('s3',
aws_access_key_id='YOUR_COINAPI_KEY',
aws_secret_access_key='coinapi',
endpoint_url='http://s3.flatfiles.coinapi.io'
)
Remember to replace 'YOUR_COINAPI_KEY' with your actual CoinAPI key in all examples.
AWS Signature Authentication
AWS Signature Version 2
For this method of authorization, please put the API Key in both the Access Key ID
and Secret Access Key
fields.
AWS Signature Version 4
Amazon S3 uses the Authorization
request header to provide authorization information. The value for this header must follow a specific pattern described as AWS Signature Version 4.
The example below shows the Authorization header value compliant with AWS Signature Version 4.
Please note that the Credential string contains our apikey
as access-key-id.
Assuming that your API key is 73034021-THIS-IS-SAMPLE-KEY
, then the authorization header you should send to us will look like:
Authorization: AWS4-HMAC-SHA256
Credential=73034021-THIS-IS-SAMPLE-KEY/20211203/us-east-1/s3/aws4_request,
SignedHeaders=host;
Signature=65e655c69da9906ac6076a28f75d9e4947aaed3be1f419757a3a84e24662673d
Although AWS Signature Version 4 is very strict about each of the signature components, our API takes only our apikey
value into account.
Security Best Practices
- Keep your API key confidential.
- Use HTTPS endpoints in production environments.
- Regularly rotate your API keys.
- Use the principle of least privilege when setting up IAM-like policies.
For any questions or support needs regarding authentication, please contact our support team.