Cannot setup Backblaze B2 backup: Combination of key and secret is invalid

I’m trying to setup a Backblaze B2 backup profile. I’ve filled in all details, but I’m getting a validation error on the Application Key field: “Combination of key and secret is invalid”.

I’ve double-checked my credentials, tried regenerating the application key and also tried using the master application key. I’ve checked the documentation but AFAIK everything is correct.

Could this be a bug? Or am I doing something wrong here?

Found the fix! When creating a Backblaze B2 application key, I limited access to a single bucket. However, Cleavr requires you to check this checkbox: “Allow listing all bucket names including bucket creation dates (required for S3 List Buckets API)”.

So if you decide to limit the key to a single bucket, be sure to check this! Now it works perfectly! Leaving this here to help others :slight_smile:

1 Like

Hello @Atlesque - welcome to the Cleavr forum!

Thanks for bringing this up! That is exactly true and looks like we didn’t have this listed in our docs so I just added a mention. Backup Profiles - Cleavr docs

Wow, what blazing fast support! :sunglasses: Thanks!

Noticed a small typo in the new section: selecintg. Otherwise very clear!

oops! Thanks for letting me know. Fixed it.

I thought I’d chime in with a couple of other things I noticed when setting up Backblaze with Cleavr, in case it’s helpful to people in the future. Some of these things may be obvious, but a couple (including what Atlesque noted!) took me a bit to figure out.

Cleavr uses the Backblaze S3 compatible API, not Backblaze’s Native API.

If you had an account with Backblaze before they introduced their S3 compatible API (like I did), your Master Application Key won’t work with the S3 integration. You’ll need to reset your Master Key in order for it to work. I believe the same goes for existing Application Keys that were created before the release of the S3 integration, so a new Application Key will need to be made in order for them to work.

Buckets also must have been created after the S3 release and include an “Endpoint” in order to work.


Thanks for clarifying it. We’ll update our docs to include your points. You observation is right on - we use S3 compatible API not the native’s API. This gives us the flexibility of adding support for new providers quickly and most of them seem to work just fine (minus the API fiasco as you have noted).

To be honest, I also didn’t know that their master key needed to be reset for supporting S3 and that they didn’t have S3 compatibility from the get go. Thanks again!