How to authenticate in REST request to MinIO

I am experimenting with MinIO. I try to send REST API calls directly to MinIO port 9000. So far, I understood that authentication works the same as the Amazon S3 API authentication works - correct? Unfortunately, I am also new to S3.

Here are my questions:

• What does a request header to MinIO look like?
• I read that I also need a signature that needs to be calculated somehow. How is this calculation done?

I do my experiments on Windows 10 and run MinIO in a Docker Container. My experiments target "http://localhost:9000/"

So far I only get a 403 error for a GET request:

<?xml version="1.0" encoding="UTF-8"?>
<Error>
    <Code>AccessDenied</Code>
    <Message>Access Denied.</Message>
    <Resource>/</Resource>
    <RequestId>173BACCB19FAF4C4</RequestId>
    <HostId>d200d104-da55-44e2-a94d-ce68ee959272</HostId>
</Error>

I read through the S3 Api Reference "https://docs.aws.amazon.com/pdfs/AmazonS3/latest/API/s3-api.pdf#Type_API_Reference" but to be honest, I got lost.

Can please someone help me out?

You needs to set an authentication values.

URL

GET http://localhost:9099/{bucket name}/{file name}

Select Authorization tab

Select Type AWS Signature

Access Key : copy from minio UI

Secret Key : copy from minio UI

Service name: s3

Postman access

minio browser

Create Key

Access Key / Secret Key

local docker compose file

save as docker-compose.yml

version: "3"

services:
  minio-service:
    image: minio/minio:latest
    volumes:
      - ./storage/minio:/data
    ports:
      - "9000:9000"
      - "9099:9099"
    environment:
      MINIO_ROOT_USER: admin
      MINIO_ROOT_PASSWORD: admin-strong
    command: server --address ":9099" --console-address ":9000" /data
    restart: always # necessary since it's failing to start sometimes

launching container

$ docker compose up

URL

http://localhost:9000/

The confidential is matched docker-compose.yml

user name : admin
password: admin-strong

curl access

curl --location 'http://localhost:9000/api/v1/login' \
--silent \
--header 'Content-Type: application/json' \
--cookie-jar cookies.txt \
--data '{"accessKey":"admin","secretKey":"admin-strong"}

cookies.txt: save a cookie file a login command by curl It will hold an access token for next curl API call.

This curl example to get content of demo bucket with cookie.

curl --cookie cookies.txt --silent --location 'http://localhost:9000/api/v1/buckets/demo/objects?with_versions=true' | json_pp

Detail information in here