Public & Private Buckets
SparkDB buckets can be public (world-readable) or private (authenticated access only). Choose the right visibility for your use case.
Visibility Overview
| Setting | Access | Use Case |
|---|---|---|
| Private (default) | Owner only via API key | User uploads, backups, sensitive data |
| Public | Anyone with the URL | Static assets, public downloads, CDN |
Private Buckets
Private buckets restrict access to the bucket owner. All operations require authentication:- Listing files: API key required
- Uploading: API key required
- Downloading: API key required (
x-api-keyheader orAuthorization: Bearer spk_*) - Deleting: API key required
When to Use Private
- User-generated content (profile pictures, document uploads)
- Backups and data exports
- Any content that should not be publicly accessible
Public Buckets
Public buckets allow anyone with the file URL to download files without authentication. The S3 bucket gets a public-read policy applied. File URLs for public buckets point directly to the S3 endpoint:S3 Bucket Policy
When a bucket is created as public, SparkDB applies this policy to the underlying MinIO bucket:When to Use Public
- Static website assets (CSS, JS, images)
- Public file distribution
- CDN-origin storage
- Open data sets
Changing Visibility
Via Dashboard
When creating a bucket, check the Public bucket option.Via API
Toggle visibility after creation:curl
"public" or "private".
