Create an API client with custom permissions

If you need to create an API client that restricts which groups and Akamai API services a Control Center user can access, follow these steps.

  1. Launch Identity and Access Management. In Control Center, select > ACCOUNT ADMIN > Identity & access.

  2. Under Users and API Clients, click Create API client.


    If you don't have access to the Identity and Access Management tool, contact your local Akamai Control Center admin or your Akamai account team for assistance.

  3. Click Advanced.

  4. In the Details section, review the client’s name, description, and notification list.
    You can change this information at any time.

  5. Keep the defaults, or select these client options:

    • All APIs. This option is selected by default to grant the API client the same access level (READ-WRITE or READ-ONLY) to the Akamai APIs you use.
    • Select APIs. Select this option to change the access level (READ-WRITE or READ-ONLY) for Akamai APIs this client has access to. You can include multiple APIs per client, but APIs with an access level of Unavailable are not compatible with your group choice in the client creation process. To see unavailable APIs, deselect Hide unavailable.
    • Restrict Groups. Select this option to change which groups you can use with this client.
    • Let this client manage multiple accounts. Select this option to let the client make calls to one or more of the accounts you manage. For details, see Manage many accounts with one API client. This option is only visible if you can manage multiple accounts.
    • Purge selections. Shows the current purge method for the CCU APIs. To select or change the purge methods for your client, click Manage purge options, make your selections, then click Submit. This option is only visible if you have access to the CCU APIs.
  6. Click Create API client.
    The credential for the APIs you use and your client token appear in the Credentials section. The credential includes the client token and client secret you need to authenticate Akamai API requests.

  7. Download or copy and paste this information into a text file for all automated programs.
    The client secret is unique to the request and available once. The client token, base URL, and access token remain visible in the client details. To get another client secret, click Create credential.

  8. To configure your API client credentials and make API calls on Akamai's network, see Add credential to .edgerc file.


You can add credentials to your .edgerc file, if you need different permissions for multiple APIs. This is optional. If you do this, you'll need to separate each set of credentials with a [header] as shown. Refer to the EdgeGrid libraries for code syntax to specify the section in each programming language.

client_secret = abcdEcSnaAt123FNkBxy456z25qx9Yp5CPUxlEfQeTDkfh4QA=I 
host = 
access_token = akab-zyx987xa6osbli4k-e7jf5ikib5jknes3
Client_token = akab-nomoflavjuc4422-fa2xznerxrm3teg7

client_secret = M9XGZP/D2JedcbABC4Td8XSnHfKKIV4N5n28cj2y6zE=
host = 
access_token = akab-abc77fxa6zyxi4k-e7jf5ikib5jknes3 
client_token = akab-moo22awk8765-s2yw5zqfrx4jp57f