R2 Desk ProR2 Desk PRO
Beta $25First 250 per platform
Navigation
Beta $25First 250 per platformRead docs
DocsGetting Started

Profiles and connections

Profiles are the credential boundary of the product. Configure them carefully and validate them once.

Developers and platform operators8 minCore workflowUpdated March 7, 2026
WindowsmacOSLinux
ProfilesSecurity

How profile validation works, which inputs are required, and what permissions the app expects.

  • Required and optional profile fields
  • Validation behavior
  • HTTPS enforcement
  • Cache purge credentials
Applies to
WindowsmacOSLinux
Covers
ProfilesSecurity

Profiles and connections

Required profile fields

Every connection profile requires:

  • Profile name
  • Account ID
  • Access Key ID
  • Secret Access Key

Optional fields:

  • Public base URL
  • Cloudflare Zone ID
  • CDN domain
  • Cloudflare API token for cache purge

How validation works

When you save a profile, the backend validates credentials by attempting an R2 bucket listing call.

That means:

  • Save succeeds when the credential can authenticate and list buckets.
  • Save fails when the credential is valid but does not have permission to list buckets.
  • The app does not bypass validation to save a half-working profile.

This is deliberate. It prevents support tickets caused by profiles that were accepted even though basic access was missing.

Endpoint behavior

The app derives the endpoint automatically from the Account ID. You do not manually type the R2 API endpoint.

https://<ACCOUNT_ID>.r2.cloudflarestorage.com

All request signing stays in the Tauri backend. The frontend never talks directly to R2.

HTTPS-only fields

The app rejects insecure URLs during profile save.

These fields must use https://:

  • Public base URL
  • CDN domain

Invalid examples:

  • http://assets.example.com
  • assets.example.com

Valid example:

  • https://assets.example.com

Cache purge configuration

Cache purge is optional. Do not configure it unless you actually need it.

For purge actions to work, the profile needs:

  • Cloudflare Zone ID
  • Cloudflare API token with cache purge permission
  • A public URL mapping that resolves selected objects to public URLs

If those values are missing, purge actions are unavailable. That is configuration, not an application defect.

Profile switching

You can store multiple profiles and switch the active one at any time.

When switching profiles:

  • Buckets refresh under the newly active credential.
  • Public URL behavior changes to match the selected profile.
  • Cache purge configuration changes with the active profile.

Delete behavior

Deleting a profile is a credential operation, not simple UI cleanup.

Current behavior:

  • The keychain entry is removed.
  • Profile metadata is removed from local storage.
  • Transfers and sync work tied to that profile are cancelled before the profile is removed.

Common validation failures

Access denied on save

Meaning: the credential authenticated, but the backend was not allowed to list buckets.

Fix:

  • Add bucket-list permission to the credential policy.
  • Confirm the keys belong to the intended Cloudflare account.

Generic service error on save

Check:

  • Account ID format
  • Correct key pair
  • Temporary network or TLS interception issues
  • Antivirus or endpoint security products blocking local runtime behavior

Public URL rejected

The field is not optional once populated. If you type a value, it must be a valid HTTPS URL.