Because it’s standard S3, the same endpoint and keys work with AWS SDKs in any language, the AWS CLI,
s3cmd, rclone, and most S3-compatible tools. See the Quickstart for AWS CLI and boto3 examples.Authentication
- AWS Signature Version 4 (SigV4) request signing, exactly as with AWS S3.
- Credentials are the access key / secret key pairs from your console; manage them with
onebucket keysin the CLI. - Region: use
us-east-1. The region in your credential scope is used for signature derivation (as SigV4 requires), not for routing — the endpoint determines routing. The gateway is currently lenient about the region value, but don’t rely on arbitrary names: configureus-east-1(empty andautoalso resolve to it), and future releases may reject other values.
Addressing styles
Both S3 addressing styles are supported. The gateway first looks for a bucket prefix in the hostname, then falls back to the first path segment:Virtual-hosted style requires DNS resolution of bucket subdomains. If your environment can’t resolve them, configure your client for path-style addressing (e.g.
s3.addressing_style = path in boto3).Supported features
OneBucket-specific behavior
Behind the standard API, requests resolve against the Adaptive Data Fabric:- A bucket is logical — its objects may be held by different backends (AWS S3, Azure Blob, GCS, Wasabi, Akave, on-prem, edge, air-gapped) while clients see one namespace.
- Cross-backend
copy,move, andmigrateoperations are asynchronous: they return once queued, and the destination may not be readable immediately. - Repeat reads of hot objects are served from the edge cache; prefetching keeps first reads fast too.
- All activity is emitted as storage events, queryable over the events MCP endpoint.
Errors
The gateway returns standard S3 XML error responses (e.g.NoSuchBucket, NoSuchKey, AccessDenied), so existing SDK error handling works unchanged.