Before you start using AI Object Storage, you must set up access tokens, access keys, and organization access policies. Bucket access policies are optional; you can use them for finer-grained control of your resources. The Object Storage API lets you manage access keys and policies programmatically, while the Object Storage S3 endpoint lets you create and manage buckets and objects. For production workloads, Workload Identity Federation is the recommended method for obtaining Access Keys. It exchanges short-lived OIDC tokens for temporary credentials, eliminating the need to store or rotate long-lived static keys.Documentation Index
Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
Use this file to discover all available pages before exploring further.
Authentication summary table
This table summarizes the authentication required to use each AI Object Storage API and interface:| API/Interface | Purpose | Authentication Required |
|---|---|---|
Object Storage APIapi.coreweave.com | Object Storage control plane Create access keys, org policies | API Access Token for a principal that has the Object Storage Admin IAM role (via IAM Access Policies). For AI Object Storage, this IAM role replaces the legacy CoreWeave admin group. |
Object Storage S3-compatible endpointscwobject.com or cwlota.com | Storage operations Manage buckets, upload objects | Access Keys: obtained via Cloud Console tokens (static) or Workload Identity Federation (ephemeral, recommended for production) |
| Cloud Console | Both IAM and Storage | API Access Tokens for Console/API actions Access Keys for S3-compatible bucket and object operations |