Access tokens

Why is there a limit on the token expiration date?

To comply with security best practices, the maximum expiration date for all tokens is six months from its creation date. This reduces the impact of tokens that are created but left unused for a long period of time.

Can I modify an access token?

EdgeKV access tokens cannot be modified due to their immutable security properties. If a token is created in error, it can be revoked or left to expire naturally. Modifying a token is of limited value since you still need to update the EdgeWorkers code bundles that use them. The access token value is explicitly specified in the code bundle.

What happens to expired tokens?

Any access from EdgeWorkers to EdgeKV using an expired access token is denied. A 401 error is returned to the calling EdgeWorkers function and the EdgeKV library passes the error into your EdgeWorker code. Expired tokens must be replaced with new tokens in any EdgeWorkers code bundle that uses them to avoid this error.

Expired tokens may persist for up to a month after expiry. Both the EdgeKV API and CLI commands provide a way to list expired tokens that are still present in storage. You cannot retrieve these expired tokens, but they do count towards the maximum number of tokens allowed in your account. If you are near this limit, you can contact Akamai to remove your expired tokens.

Can someone else use a leaked access token?

No one can use your EdgeKV access token from outside your account even if you accidentally leak it for example, in a public GitHub repo.

Can information found in the token be exploited?

None of the information contained in the token is considered private or confidential. As a precaution, we recommend against using namespace names that expose any private or confidential information about your organization.

Why do I need to revoke an access token?

You may want to revoke an EdgeKV access token to prevent it from being used by unauthorized persons within your organization in case they were leaked across your intra-organizational boundaries. You may also have to revoke any leaked tokens to comply with your corporate security policies.

Can I delete an access token?

No, you cannot directly delete an EdgeKV access token. You can, however, revoke a token which prevents it from from being used in an EdgeWorkers code bundle to enable access to EdgeKV. It is your responsibility to ensure that a revoked token is not in use in any EdgeWorker IDs. Requests to EdgeKV from an EdgeWorkers function using a revoked token will encounter a 401 error.

A revoked token cannot be retrieved and is not included when you list the access tokens created for EdgeKV.

Why is my ​Akamai​ token not working from my code bundle?

There are two sets of credentials that can be used for EdgeKV. The token created in ​Akamai Control Center​ (“EdgeGrid”) is only used for making calls against the Administrative API. The other token, the EdgeKV access token, is included in the EdgeWorkers code bundle to control access to an EdgeKV namespace.