Authenticate with EdgeGrid
Every Akamai Developer interface requires authentication through EdgeGrid, which is a custom HTTP request signing protocol. In order to make requests with Akamai APIs, you’ll need to properly authenticate your requests, whether they're made directly to an API endpoint or through any of the tools that wrap the API requests.
The EdgeGrid plugins rely on an
.edgerc file that needs to be created in your home directory. Each
[section] can contain a different set of authentication tokens allowing you to store all of your credentials in a single
[default] client_secret = xxxx host = xxxx # unique string followed by `luna.akamaiapis.net` access_token = xxxx client_token = xxxx max-body = xxxx [section1] client_secret = xxxx host = xxxx # unique string followed by `luna.akamaiapis.net` access_token = xxxx client_token = xxxx max-body = xxxx
Authentication protocol specification
This specification outlines how to implement a custom HTTP request signing function in your client code.
Example HTTP authorization header:
Authorization:EG1-HMAC-SHA256 client_token=akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx; access_token=akaa-xxxxxxxxxxxxxx-xxxxxxxxxxxxxx;timestamp=20130817T02:49:13+0000; nonce=dd9957e2-4fe5-48ca-8d32-16a772ac6d8f;signature=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- Signing algorithm moniker. This shows that the algorithm includes EdgeGrid V1, hash message authentication code, SHA–256. For example:
- Client token. The value of the
- Access token. The value of the
- Timestamp. The UTC time when the request is signed. The timestamp is in this format:
- Nonce. A nonce, or number used once, must be assigned for the request. This is a random string used to detect replayed request messages.
- Signature. The signature is the base64-encoding of the SHA–256 HMAC of the data to sign with the signing key. The signing key is computed as the base64 encoding of the SHA–256 HMAC of the timestamp string with the
client secretas the key.
EdgeGrid authentication relies on a set of active tokens, tied to your Akamai account. First is a unique hostname that will receive your API request. The Akamai CLIs and Terraform Provider act as wrappers for the Akamai API libraries and will send your request to this unique hostname. You'll find the
host in the
.edgerc file, a unique string followed by
Whenever you issue an API call, you need to include the authorization in the request body, then an authentication header, based on your
client token, and current
timestamp, is generated and sent with each request.
Example HTTP GET request:
GET\abcd-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna-dev.akamaiapis.net\t /sample-api/v1/property/?fields=x&format=json&cpcode=1234 EG1-HMAC-SHA256 client_token=akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxx; access_token=akaa-xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx; timestamp=20130819T13:01:23+0000;nonce=ac392096-8aa1-44fd-8c3b-f797d35a6736;
For security reasons, Akamai EdgeGrid uses the current timestamp of the machine sending the API request. Ensure that the time is synced with NTP or the request may fail. Refer to this knowledge base article for more information.
If you're automating Akamai processes, you can use EdgeGrid libraries to handle the authentication. This table shows how you can reference the tokens in your
.edgerc file for some popular programming languages. Check the linked GitHub pages for complete code syntax and usage instructions.
|GitHub link||Description||Code syntax|
|edgegrid-python||An EdgeGrid Authentication scheme handler for the Python Requests library.|
|edgegrid-node||An EdgeGrid authentication handler for Node.js.|
|edgegrid-java||Provides a client independent implement as well as concrete implementations for REST-assured and Google HTTP Client Library for Java integration.|
|edgegrid-curl||An EdgeGrid Authentication wrapper around |
|httpie-edgegrid||An httpie plugin for EdgeGrid authentication. A command line utility for making calls to Akamai APIs.|
For additional libraries, go to Akamai EdgeGrid repositories.
You need to create authentication credentials before you can make calls to Akamai APIs, use the CLIs, or any other developer interface.
Updated about 2 months ago