I cannot access my R2 bucket via the S3 API. All operations return 403 Access Denied.

What works:

Uploading files via the Cloudflare dashboard UI
Public bucket URL serves files correctly

What fails:

All S3 API operations (ListBuckets, PutObject, GetObject, HeadBucket)
Tested with boto3, s3cmd, and rclone - all return Access Denied
Created multiple new tokens with fresh credentials - same result

The credentials are valid (no InvalidAccessKeyId error), but every operation returns AccessDenied.

Please advise.

I made a brand new account from scratch and still acccess denied. Basically no one can sign up and use R2 at all.

@solar stone URGENT

Workaround: Use Cloudflare REST API instead of S3 API

I had the exact same issue — new account, fresh tokens, all S3 API operations returning AccessDenied while dashboard uploads worked fine.

The fix: Use Cloudflare's REST API instead of the S3-compatible API. It's a known bug with new R2 token authorization.

Instead of boto3/S3:

python

This fails with AccessDenied

s3.put_object(Bucket='my-bucket', Key='file.txt', Body=data)
Use Cloudflare REST API:

python
import requests

url = f"https://api.cloudflare.com/client/v4/accounts/{account_id}/r2/buckets/{bucket}/objects/{key}"
headers = {'Authorization': f'Bearer {api_token}'}
response = requests.put(url, headers=headers, data=file_data)

This works!

You'll need an Account API Token (not R2 User API Token) with Workers R2 Storage: Edit permission.

The S3 API tokens seem to have a propagation/authorization bug for new accounts. REST API works immediately.