Public vs. private buckets
Every Filebase bucket has an access level that controls who can read its objects:
- Private — only requests authenticated with your access key can read. (Default.)
- Public — any HTTP client can
GETan object using its public URL, no signature required.
The setting applies at the bucket level. Mixing public and private objects within one bucket is not supported — if you need both, use two buckets.
Choose private when…
- You're storing user uploads, customer data, or anything sensitive.
- You'll mediate access through your own application (presenting pre-signed URLs when downloads are warranted).
- You don't want the contents discoverable by web crawlers.
Choose public when…
- You're hosting static website assets — images, JavaScript bundles, CSS, fonts.
- You're distributing files that are intentionally public — software downloads, documentation, releases.
- You want browser clients to fetch directly without an authentication round-trip.
Public bucket URLs
Public buckets are served over HTTPS at:
https://<bucket-name>.s3.filebase.io/<object-key>
For example, an object with key images/logo.svg in a public bucket called my-site-assets is reachable at:
https://my-site-assets.s3.filebase.io/images/logo.svg
Filebase serves these requests through our global CDN, so popular objects are cached at edge locations close to your users.
Make a bucket public at creation time
aws --endpoint https://s3.filebase.io s3api create-bucket \
--bucket my-site-assets \
--acl public-read
import { CreateBucketCommand } from '@aws-sdk/client-s3';
await s3.send(
new CreateBucketCommand({
Bucket: 'my-site-assets',
ACL: 'public-read',
}),
);
Change a bucket's ACL after creation
aws --endpoint https://s3.filebase.io s3api put-bucket-acl \
--bucket my-site-assets \
--acl public-read
To switch a public bucket back to private, set the ACL to private.
Object-level ACLs
Filebase intentionally does not support object-level ACLs. The GetObjectAcl and GetBucketAcl calls work for compatibility — GetObjectAcl returns the ACL of the parent bucket — but you cannot make a single object public inside a private bucket or vice versa.
This is a deliberate design choice. Object-level ACL drift is the most common cause of accidental data exposure on AWS S3. By forcing all objects in a bucket to share the bucket's ACL, Filebase eliminates the failure mode where an automation or a misclick exposes one object out of millions.
If you need a mix of public and private objects, use two buckets.
Public access for free accounts
Public bucket functionality is available on paid plans only. Free-tier accounts can create private buckets and use pre-signed URLs for time-limited public access to specific objects.