Get your keys
- Open the Cloudflare dashboard and go to R2 Object Storage. On the overview page, find API Tokens under Account Details and click Manage.
- Create a token. For day-to-day use pick Object Read & Write; scope it to specific buckets if you can.
- Cloudflare shows an Access Key ID and Secret Access Key once. Copy both.
- Note your Account ID; it is part of the endpoint and shown on the R2 overview page.
Connect
- Add a new connection and choose the Cloudflare R2 preset.
- Paste your Account ID and the two keys. The preset builds the endpoint for you and sets the region to
auto, which is what R2 expects. - Connect. Your buckets appear immediately; the keys are stored in the Windows keychain.
Endpoints
| Use | Endpoint |
|---|---|
| Default | https://<account-id>.r2.cloudflarestorage.com |
| EU jurisdiction | https://<account-id>.eu.r2.cloudflarestorage.com |
If your bucket was created with a jurisdiction (for example EU data residency), you must use that jurisdiction’s endpoint; the default endpoint will not list it.
Good to know
- R2 has no regions to pick. The region field is always
auto. - R2 API tokens are separate from regular Cloudflare API tokens. If your keys are rejected, check you created them under R2, not the account API tokens page.
- Public bucket access works through R2’s own settings (custom domains or the
r2.devURL), not S3 ACLs. The app’s sharing features use standard expiring links, which work fine. - There is no egress fee from R2, which makes it a good target for the app’s cross-bucket copy and big archive downloads.