Create an API client with custom permissions

Create a custom API client that limits access to a subset of the endpoints available to your account.

  1. Launch Identity and Access Management. In Control Center, select > ACCOUNT ADMIN > Identity & access.

  2. Under Users and API Clients, click Create API client.


    If you don't have access to the Identity and Access Management tool, contact your local Akamai Control Center admin or your Akamai account team for assistance.

  3. Click Advanced.

  4. In the Details section, review the client’s name, description, and notification list. You can change this information at any time.

  5. Select a level of access for your API client.

    • Select APIs. This option lets you change the access level of the API services you choose for the client. You can choose READ-WRITE or READ-ONLY and add up to 99 different API services.
    • Restrict Groups. Select this option to change which groups you can use with this client.
    • Let this client manage multiple accounts. Select this option to let the client make calls to one or more of the accounts you manage. For details, see Manage many accounts with one API client. This option is only visible if you can manage multiple accounts.
    • Purge selections. Shows the current purge method for the CCU APIs. To select or change the purge methods for your client, click Manage purge options, make your selections, then click Submit. This option is only visible if you have access to the CCU APIs.
  6. Click Create API client.
    The credential for the APIs you use and your client token appear in the Credentials section. The credential includes the client token and client secret you need to authenticate Akamai API requests.

  7. Download or copy and paste this information into a text file for all automated programs.
    The client secret is unique to the request and available once. The client token, base URL, and access token remain visible in the client details. To get another client secret, click Create credential.

  8. To configure your API client credentials and make API calls on Akamai's network, see Add credential to .edgerc file.


You can add credentials to your .edgerc file, if you need different permissions for multiple APIs. This is optional. If you do this, you'll need to separate each set of credentials with a [header] as shown. Refer to the EdgeGrid libraries for code syntax to specify the section in each programming language.

client_secret = abcdEcSnaAt123FNkBxy456z25qx9Yp5CPUxlEfQeTDkfh4QA=I 
host = 
access_token = akab-zyx987xa6osbli4k-e7jf5ikib5jknes3
client_token = akab-nomoflavjuc4422-fa2xznerxrm3teg7

client_secret = M9XGZP/D2JedcbABC4Td8XSnHfKKIV4N5n28cj2y6zE=
host = 
access_token = akab-abc77fxa6zyxi4k-e7jf5ikib5jknes3 
client_token = akab-moo22awk8765-s2yw5zqfrx4jp57f