Create Cloudflare R2 API Token and S3 Secret

This guide explains how to obtain and configure the API Token and S3 credentials required by the R2 Dashboard Chrome extension. Both credentials are created together in a single step.

Understanding the Two Credential Types

R2 Dashboard requires two types of credentials:

API Token: Used to call Cloudflare's management API for listing buckets
S3 Access Keys: Used for S3-compatible operations (upload/download/delete objects)

Important: These three values (API Token + Access Key ID + Secret Access Key) all come from the same creation process on one screen.

Step-by-Step Instructions

Navigate to Cloudflare Dashboard → R2 → Manage R2 API Tokens.
Or directly visit: https://dash.cloudflare.com/<your-account-id>/r2/api-tokens (replace <your-account-id> with your actual Account ID).
Click the "Create API Token" button.
IMPORTANT: Choose the "Account API Tokens" section (NOT "User API Tokens"). Account tokens remain active even if you leave the organization.
Enter a token name (e.g., R2 Dashboard), select "Admin Read & Write" permission, and choose "Apply to all buckets" or select specific buckets.
After creation, you'll see THREE credentials on one screen:
- API Token (a long string)
- Access Key ID (similar to AWS access key)
- Secret Access Key (similar to AWS secret key)
Copy all three and paste them into the "Add New Account" form in the R2 Dashboard extension.

Least Privilege Recommendation (Optional)

For Enhanced Security:

Create two separate tokens: one with "Admin Read only" for listing buckets, and another with "Object Read & Write" for file operations.
If you only need analytics and browsing without upload/delete capabilities, create a read-only token.

Note: For most users, a single "Admin Read & Write" token is sufficient and easier to manage.