Developer documentation

Storage API (Beta)

Warning

This is a Beta service. The API is subject to change and should not be used in production implementations.

Obtain scoped, temporary Amazon S3-compatible credentials for a private, isolated storage bucket on Cleverbase infrastructure. Each client–user pair gets its own dedicated bucket. Credentials are short-lived and restricted to that single bucket, so one user can never access another user's files.

Technical overview

Host

ServiceHost
Storage Authorization APIhttps://storage-authorization.cleverbase.com
Storage Resource Serverhttps://storage.cleverbase.com

Authentication

The API is an OAuth 2.0 resource server. Every request must include a valid Bearer access token obtained from Cleverbase Identification API (see Identification API).

RequirementValue
Grant typeAuthorization Code
Scopecom.cleverbase.storage

Sequence diagram

Cleverbase Storage Resource ServerStorage Authorization APICleverbase Identification APIClient ApplicationCleverbase Storage Resource ServerStorage Authorization APICleverbase Identification APIClient ApplicationAuthorization request (scope: com.cleverbase.storage)1access_token2POST /v1/credentials (Bearer access_token)3bucket, endpoint, temporary credentials4S3 operations (using temporary credentials)5
  1. The client application initiates an OAuth 2.0 authorization code flow, requesting the com.cleverbase.storage scope from Cleverbase Identity.
  2. After the user authenticates, the client exchanges the authorization code for an access_token.
  3. The client calls POST /v1/credentials with the token to receive a bucket name, an S3-compatible endpoint URL, and a set of short-lived credentials.
  4. The client uses any S3-compatible SDK or tool to perform file operations directly against Cleverbase Storage API, using the received credentials.

Credential lifetime

Temporary credentials expire after 1 hour. Call POST /v1/credentials again to obtain a fresh set; the bucket name does not change between refreshes.