Manage many accounts with one API client

Typically, an API client can access only the account in which it's created. The process for setting up the specialized API client that lets you make calls across different APIs and accounts is slightly different from the process for creating a regular API client.

Using this specialized API client requires the accountSwitchKey query parameter when you make your call. An accountSwitchKey indicates the specific account you want your call to apply to. If you make a call without the accountSwitchKey, the call applies to your API client's default account. The accountSwitchKey can have two formats, "1-ABCD", if you have access to only one account context, or "1-ABCD:Z-XYZ", if you have access to multiple account contexts.

Keep in mind that:

  • Credentials on this type of API client expire on the same schedule as your account's password rotation policy. You can't edit the expiration date on these credentials, but you can create new credentials for this client.

  • The credentials, or tokens, work the same for SAML SSO users as they do for non-SAML SSO users.

  • Because this API client uses the same role assignments as the Control Center user the client belongs to, you can follow the same audit trail you normally would and see the API client's activity just like if it was for the Control Center user.

  • You cannot change the owner of these API clients.

  • The API client no longer works once the user's Control Center account is locked or disabled.

To use this type of client with an accountSwitchKey, you'll need to get specific keys from the Identity and Access Management API. Make sure you've provisioned the Identity Management API in your client.

Follow these steps to create one API client to use across multiple accounts.

  1. Launch Identity and Access Management.


    If you don't have access to the Identity and Access Management tool, contact your local Akamai Control Center admin or your Akamai account team for assistance.

  2. Under Users and API Clients, click Create API client to open the Customize API client screen.

  3. Click Advanced to create a client for multiple accounts.

  4. Select Let this client manage multiple accounts.

  5. Use presets or change the access level of the API services you choose for the client. You can choose READ-WRITE or READ-ONLY and add up to 99 different API services.

  6. Set any group restrictions.

  7. Click Create API client.

    • The client's name, description, and notification list populate for you in the Details section. You can change this information at any time.
    • The credential and your client token appear in the Credentials section. The credential includes the client token and client secret you need to authenticate Akamai API requests.
  8. Click Download, then add the credential to the .edgerc file.