Every Akamai Developer interface requires authentication through EdgeGrid, which is a custom HTTP request signing protocol. In order to make requests with Akamai APIs, you’ll need to properly authenticate your requests, whether they're made directly to an API endpoint or through any of the tools that wrap the API requests.

# Authentication tokens

The EdgeGrid plugins rely on an `.edgerc` file that needs to be created in your home directory. Each `[section]` can contain a different set of authentication tokens allowing you to store all of your credentials in a single `.edgerc` file.

# Authentication protocol specification

This specification outlines how to implement a custom HTTP request signing function in your client code.

Example HTTP authorization header:

  • **Signing algorithm moniker**. This shows that the algorithm includes EdgeGrid V1, hash message authentication code, SHA–256. For example: `EG1-HMAC-SHA256`

  • **Client token**. The value of the `client_token` from the `.edgerc` file.

  • **Access token**. The value of the `access_token` from the `.edgerc` file.

  • **Timestamp**. The UTC time when the request is signed. The timestamp is in this format: `yyyyMMddTHH:mm:ss+0000`

  • **Nonce**. A nonce, or number used once, must be assigned for the request. This is a random string used to detect replayed request messages.

  • **Signature**. The signature is the base64-encoding of the SHA–256 HMAC of the data to sign with the signing key. The signing key is computed as the base64 encoding of the SHA–256 HMAC of the timestamp string with the `client secret` as the key.

EdgeGrid authentication relies on a set of active tokens, tied to your Akamai account. First is a unique hostname that will receive your API request. The Akamai [CLIs](🔗) and [Terraform](🔗) Provider act as wrappers for the Akamai API libraries and will send your request to this unique hostname. You'll find the `host` in the `.edgerc` file, a unique string followed by `luna.akamaiapis.net`.

Whenever you issue an API call, you need to include the authorization in the request body, then an authentication header, based on your `client secret`, `access token`, `client token`, and current `timestamp`, is generated and sent with each request.

Example HTTP GET request:

For security reasons, Akamai EdgeGrid uses the current timestamp of the machine sending the API request. Ensure that the time is synced with [NTP](🔗) or the request may fail. Refer to this [knowledge base article](🔗) for more information.

# EdgeGrid libraries

If you're automating Akamai processes, you can use EdgeGrid libraries to handle the authentication. This table shows how you can reference the tokens in your `.edgerc` file for some popular programming languages. Check the linked GitHub pages for complete code syntax and usage instructions.

GitHub linkDescriptionCode syntax
[edgegrid-python](🔗)An EdgeGrid Authentication scheme handler for the [Python](🔗) Requests library.`import requests from akamai.edgegrid import EdgeGridAuth`
[edgegrid-node](🔗)An EdgeGrid authentication handler for [Node.js](🔗).`const EdgeGrid = require('edgegrid')`
[edgegrid-java](🔗)Provides a client independent implement as well as concrete implementations for [REST-assured](🔗) and [Google HTTP Client Library for Java](🔗) integration.`String authHeader = new EdgeGridV1Signer().getSignature(request, credential);`
[edgegrid-curl](🔗)An EdgeGrid Authentication wrapper around `cURL` that lets you make API calls from the command line.`egcurl ---header 'Authorization: EG1-HMAC-SHA256 client_token={CLIENT_TOKEN};access_token={ACCESS_TOKEN};timestamp={CURRENT_TIME};nonce={RANDOM_NONCE};signature={GENERATED_SIGNATURE}'`
[httpie-edgegrid](🔗)An [httpie](🔗) plugin for EdgeGrid authentication. A command line utility for making calls to Akamai APIs.`http --auth-type=edgegrid -a default: :{akamai_api-endpoint}`

For additional libraries, go to [Akamai EdgeGrid repositories](🔗).

You need to [create authentication credentials](🔗) before you can make calls to Akamai APIs, use the CLIs, or any other developer interface.