Manage many accounts with one API client

Typically, an API client can access only the account in which it's created. The process for setting up the specialized API client that lets you make calls across different APIs and accounts is slightly different from the process for creating a regular API client.

Using this specialized API client requires the accountSwitchKey query parameter when you make your call. An accountSwitchKey indicates the specific account you want your call to apply to. If you make a call without the accountSwitchKey, the call applies to your API client's default account.

Keep in mind that:

  • Credentials on this type of API client expire on the same schedule as your account's password rotation policy. You can't edit the expiration date on these credentials, but you can create new credentials for this client.

  • The credentials, or tokens, work the same for SAML SSO users as they do for non-SAML SSO users.

  • Because this API client uses the same role assignments as the Control Center user the client belongs to, you can follow the same audit trail you normally would and see the API client's activity just like if it was for the Control Center user.

  • You cannot change the owner of these API clients.

  • The API client no longer works once the user's Control Center account is locked or disabled.

To use this type of client with an accountSwitchKey, you'll need to get specific keys from the Identity Management API. Make sure you've provisioned the Identity Management API in your client.

Follow these steps to create one API client to use across multiple accounts.

  1. Launch Identity and Access Management.


    If you don't have access to the Identity and Access Management tool, contact your local Akamai Control Center admin or your Akamai account team for assistance.

  2. Under Users and API Clients, click Create API client to open the Customize API client screen.

  3. Click Advanced to create a client for multiple accounts.

  4. Select Let this client manage multiple accounts.

  5. Use presets or change the client's access level to APIs, permission to groups, and purge methods.
    For details about roles and permissions and level of access, refer to the Identity and Access Management documentation.

  6. Click Create API client.

    • The client's name, description, and notification list populate for you in the Details section. You can change this information at any time.
    • The credential and your client token appear in the Credentials section. The credential includes the client token and client secret you need to authenticate Akamai API requests.
  7. Click Download, then add the credential to the .edgerc file.