About Authentication and Access Control
Authentication and authorization for AI Object Storage
Before you start using AI Object Storage, you must set up access tokens, access keys, and organization access policies. Bucket access policies are optional; you can use them for finer-grained control of your resources. The Object Storage API lets you manage access keys and policies programmatically, while the Object Storage S3 endpoint lets you create and manage buckets and objects.
Authentication summary table
This table summarizes the authentication required to use each AI Object Storage API and interface:
| API/Interface | Purpose | Authentication Required |
|---|---|---|
Object Storage APIapi.coreweave.com | Object Storage control plane Create access keys, org policies | API Access Token for a principal that has the Object Storage Admin IAM role (via IAM Access Policies). For AI Object Storage, this IAM role replaces the legacy CoreWeave admin group. |
Object Storage S3-compatible endpointscwobject.com or cwlota.com | Storage operations Manage buckets, upload objects | Access keys to authenticate users |
| Cloud Console | Both IAM and Storage | API Access Tokens for Console/API actions Access Keys for S3-compatible bucket and object operations |