Backblaze B2 is a cloud storage solution offering scalable and affordable data storage for individuals, developers, and businesses. Backblaze's B2 service aim for simplicity and cost-effectiveness.
However, users may find the documentation cumbersome to understand, which can be a hurdle for those new to the platform.
Intro
This article introduce how to use the backblaze cloud storage solution to store private user file that can only be accessed by the owner.
This article will cover:
- How to setup a bucket for your application
- How to authorise your application to access the bucket
- Upload a file to your bucket
- Download a file for a user with the right access
Bucket
When setting up the bucket make sure the following options are checked:
- Private This will ensure your files won’t be accessible without the correct permission
- Encryption This will ensure your file are properly encrypted. Make sure there is no sensitive informations in the name or metadata of the files. Those won’t be encrypted!
- Object lock (optional) This will ensure your file won’t be altered for the selected timeframe. In my case that wasn’t needed so I left it unchecked
Application keys
To access your bucket you will need to setup application keys. You can use the master application keys but I won’t advise it as it have all right for all bucket.
You should consider creating a dedicated application key for your bucket this will prevent any interaction with other buckets.
Once created you should have access to your application key id and application key.
Save them for later use as they will be hidden as soon as you leave the page!
In case that happened no worries just delete and recreate your application key.
Authorise your application
To setup authorisation in your application you will need to fetch the following endpoint.
Example
https://api.backblazeb2.com/b2api/v3/b2_authorize_account
Authorisation header
To access this endpoint you will need the application key id and application key setup earlier. Concatenate them in a string, encode them to Base64 and prefix them with Basic .
Here is a pseudo code example:
Basic Base64({application_key_id}:{application_key})
Returned data
This endpoint will return data related to your application key. Here is the list of required datas for the next step:
- Api url
- Bucket id
- Bucket name
- Authorisation token (1) from application key
- Download url
More infos
https://www.backblaze.com/apidocs/b2-authorize-account
Upload a file
Uploading a file is done in 2 steps:
- Get the upload url
- Upload the file
1) Get the upload url
This endpoint will return you the data needed to upload your files. You will need the Api url, Bucket id and Authorisation token from the previous endpoint.
Example
{api_url}/b2api/v3/b2_get_upload_url?bucketId={bucket_id}
Authorisation header
Pass the Authorisation token from application key to the Authorisation header:
Authorisation {authorisation_token_1}
Returned data
This endpoint will return data required to upload a file:
- Upload url
- Authorisation token (2) to upload a file
More infos
https://www.backblaze.com/apidocs/b2-get-upload-url
2) Upload a file
This endpoint will upload a file to your bucket. You will need the Upload url and Authorisation token from the previous endpoint.
Example
{upload_url}
Use the url previously returned.
Authorisation header
Pass the Authorisation token to upload a file directly to the Authorisation header:
Authorisation {authorisation_token_2}
Headers
You will need to pass header related to your file metadata.
-
X-Bz-File-NameThe name of your file in the bucket. NB: In case you want to separate your file per users you can use this syntax:{user_id}/{file_name}This will store the file related to your user in a dedicated folder to prevent other users accessing it. -
Content-TypeThe MIME type of your file. eg:image/png -
Content-LengthThe size of you file in bytes. -
X-Bz-Content-Sha1The Sha1 of your file to ensure integrity of the file. This need to be generated in your code. In development environment you can passdo_not_verifythis will skip the integrity validation.
More infos
https://www.backblaze.com/apidocs/b2-upload-file
Download a file
Downloading a file is done in 2 steps:
- Get the download authorisation
- Get the file
1) Get the download authorisation
This endpoint will generate a download authorisation for a / some files. You will need the Api url, Authorisation token and Bucket id from the first authorisation endpoint.
Example
{api_url}/b2api/v3/b2_get_download_authorization?bucketId={bucket_id}
Authorisation header
Pass the Authorisation token from application key to the Authorisation header:
Authorisation {authorisation_token_1}
Query params
This endpoint will require some more query params to work properly:
-
fileNamePrefixThe prefix (folder) previously used to store our files. In our case that was theuser_id. This will generate authorisation only for the chosen folder. -
validDurationInSecondsThe number of seconds before your authorisation expire.
After passing those query params your endpoint will look something like:
{api_url}/b2api/v3/b2_get_download_authorization?bucketId={bucket_id}&fileNamePrefix={user_id}&validDurationInSeconds={duration_in_sec}
Returned data
This endpoint will return data required to download a file:
- Authorisation token (3) to download a file
- File name prefix in our case user id
More infos
https://www.backblaze.com/apidocs/b2-get-download-authorization
2) Get a file by name
This endpoint will download a file from your bucket based on its name. You will need the Download url, Bucket name from first authorisation endpoint. Authorisation token and File name prefix in our case user id from previous endpoint.
Example
{download_url}/file/{bucket_name}/{user_id}/{file_name}?Authorization={authorisation_token_3}
This link can be used to fetch a file for a specific user with an expiration limit.
More infos
https://www.backblaze.com/apidocs/b2-download-file-by-name
Schema
To have a better overview of the implementation here is an explication schema:
Top comments (0)