Authenticate with EdgeGrid

Every Akamai Developer interface requires authentication through EdgeGrid, which is a custom HTTP request signing protocol. In order to make requests with Akamai APIs, you’ll need to properly authenticate your requests, whether they're made directly to an API endpoint or through any of the tools that wrap the API requests.

Authentication tokens

The EdgeGrid plugins rely on an .edgerc file that needs to be created in your home directory. Each [section] can contain a different set of authentication tokens allowing you to store all of your credentials in a single .edgerc file.

[default]
client_secret = xxxx
host = xxxx # unique string followed by `luna.akamaiapis.net`
access_token = xxxx
client_token = xxxx
max-body = xxxx

[section1]
client_secret = xxxx
host = xxxx # unique string followed by `luna.akamaiapis.net`
access_token = xxxx
client_token = xxxx
max-body = xxxx

Authentication protocol specification

This specification outlines how to implement a custom HTTP request signing function in your client code.

Example HTTP authorization header:

Authorization:EG1-HMAC-SHA256 client_token=akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx;
access_token=akaa-xxxxxxxxxxxxxx-xxxxxxxxxxxxxx;timestamp=20130817T02:49:13+0000;
nonce=dd9957e2-4fe5-48ca-8d32-16a772ac6d8f;signature=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • Signing algorithm moniker. This shows that the algorithm includes EdgeGrid V1, hash message authentication code, SHA–256. For example: EG1-HMAC-SHA256
  • Client token. The value of the client_token from the .edgerc file.
  • Access token. The value of the access_token from the .edgerc file.
  • Timestamp. The UTC time when the request is signed. The timestamp is in this format: yyyyMMddTHH:mm:ss+0000
  • Nonce. A nonce, or number used once, must be assigned for the request. This is a random string used to detect replayed request messages.
  • Signature. The signature is the base64-encoding of the SHA–256 HMAC of the data to sign with the signing key. The signing key is computed as the base64 encoding of the SHA–256 HMAC of the timestamp string with the client secret as the key.

EdgeGrid authentication relies on a set of active tokens, tied to your Akamai account. First is a unique hostname that will receive your API request. The Akamai CLIs and Terraform Provider act as wrappers for the Akamai API libraries and will send your request to this unique hostname. You'll find the host in the .edgerc file, a unique string followed by luna.akamaiapis.net.

Whenever you issue an API call, you need to include the authorization in the request body, then an authentication header, based on your client secret, access token, client token, and current timestamp, is generated and sent with each request.

Example HTTP GET request:

GET\abcd-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna-dev.akamaiapis.net\t
 /sample-api/v1/property/?fields=x&format=json&cpcode=1234
 EG1-HMAC-SHA256 client_token=akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxx;
 access_token=akaa-xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx;
 timestamp=20130819T13:01:23+0000;nonce=ac392096-8aa1-44fd-8c3b-f797d35a6736;

🚧

For security reasons, Akamai EdgeGrid uses the current timestamp of the machine sending the API request. Ensure that the time is synced with NTP or the request may fail. Refer to this knowledge base article for more information.

EdgeGrid libraries

If you're automating Akamai processes, you can use EdgeGrid libraries to handle the authentication. This table shows how you can reference the tokens in your .edgerc file for some popular programming languages. Check the linked GitHub pages for complete code syntax and usage instructions.

GitHub linkDescriptionCode syntax
edgegrid-pythonAn EdgeGrid Authentication scheme handler for the Requests library.import requests from akamai.edgegrid import EdgeGridAuth
edgegrid-nodeAn EdgeGrid authentication handler for Node.js.const EdgeGrid = require('edgegrid')
edgegrid-javaProvides a client independent implement as well as concrete implementations for REST-assured and Google HTTP Client Library for Java integration.String authHeader = new EdgeGridV1Signer().getSignature(request, credential);
edgegrid-curlAn EdgeGrid Authentication wrapper around cURL that lets you make API calls from the command line.egcurl ---header 'Authorization: EG1-HMAC-SHA256 client_token={CLIENT_TOKEN};access_token={ACCESS_TOKEN};timestamp={CURRENT_TIME};nonce={RANDOM_NONCE};signature={GENERATED_SIGNATURE}'
httpie-edgegridAn httpie plugin for EdgeGrid authentication. A command line utility for making calls to Akamai APIs.http --auth-type=edgegrid -a default: :{akamai_api-endpoint}

For additional libraries, go to Akamai EdgeGrid repositories.

👍

You need to create authentication credentials before you can make calls to Akamai APIs, use the CLIs, or any other developer interface.


Did this page help you?