Use the CLI to generate and manage access tokens

As an alternative to using the EdgeKV administrative API, you can use the EdgeKV CLI to generate, list, and retrieve access tokens.

Review the Generate and retrieve EdgeKV access tokens section for information about how the access tokens work and the fields that need to be specified.

Refer to the CLI documentation for more information about how to install and use the EdgeKV CLI.

Generate an EdgeKV access token

An EdgeKV-specific access token is required to access each namespace in your data model from an EdgeWorkers function. You should record the name of each access token that you generate so you can retrieve it later.

If you’re experimenting you can use the default namespace created when you initialized your EdgeKV database. For this example, we'll use the default namespace to create our access token. When deploying your EdgeKV database in production please use a new namespace.
For more information, including a description of the required fields when creating an access token, see Generate and retrieve EdgeKV access tokens.

  1. To generate a new EdgeKV Access Token for a specific namespace use this CLI command syntax:
akamai edgekv create token <token_name> --save_path=<edgeworker_bundle_path> --overwrite --staging={allow|deny} --production={allow|deny} --expiry=<date> --ewids={all|<comma_separated_list_of_ewids> --namespace=<namespace_id>+permissions,<namespace_id>+permissions
  1. Here is a sample request to create a token for the default namespace with read/write/delete permissions and read-only permissions for the “marketing” namespace:
akamai edgekv create token token1 --save_path=/tmp/ --overwrite --staging=allow --production=deny --ewids=all --namespace=default+rwd,marketing+r --expiry=2021-06-30

📘

This CLI example automatically updates the existing edgekv_tokens.js file in the specified save_path with the newly-created access token assuming the .tgz bundle tarball file is specified in the save_path, for example, “/tmp/helloworld.tgz”. The tarball will also be updated with the latest edgekv_tokens.js file.

Here is an example response:

-----------------------------------------------------------------
--- Token in /tmp/edgekv_tokens.js was successfully updated. ---
-----------------------------------------------------------------
Token Name:         token1
CpCode used:        123456
Valid for EWIDs:    all
Valid on Production:  false
Valid on Staging:   true
Expiry date:        Tue,29 Jun 2021
Issue date:         Wed,24 Feb 2021
Namespace Permissions:
  default:  [READ,DELETE,WRITE]
  marketing:  [READ]

If you skipped specifying a path, the token output will show as:

----------------------------------------------------------------------------------------------------------------------------------------------
--- Add the token value in edgekv_tokens.js file and place it in your bundle. Use --save_path option to save the token file to your bundle ---
----------------------------------------------------------------------------------------------------------------------------------------------
Token Name:         token1
CpCode used:        123456
Valid for EWIDs:    all
Valid on Production:  false
Valid on Staging:   true
Expiry date:        Tue,29 Jun 2021
Issue date:         Wed,24 Feb 2021
value:  <token_value>
Namespace Permissions:
  default:  [READ,DELETE,WRITE]
  marketing:  [READ]
  1. If you did not use the --save_path option, you can retrieve the token and save it in the same location as your EdgeWorkers code bundle. For more information refer to Retrieve an EdgeKV access token.

List EdgeKV access tokens

You can get a list of EdgeKV access tokens that you have permission to view from your account. This is useful to see how many tokens you have created and to view the expiry date of these tokens.

  1. To get a list of EdgeKV access tokens that you have permission to view from your account, use this CLI command:
akamai edgekv list tokens

You can add --include-expired to this command to include expired tokens in the response. Expired tokens count towards your account's token limit.

  1. Here is an example response
--------------------------------------------------------------
--- The following tokens are available for you to download ---
--------------------------------------------------------------
TokenName               ExpiryDate       Warning                         
----------------------  ---------------  --------------------------------
test_userfavorites-02   Sun,19 Sep 2021  -                               
test_userfavorites-001  Sun,25 Apr 2021  Will EXPIRE in less than 19 days
token5                  Tue,30 Mar 2021  Token already expired           
default_token           Tue,31 Aug 2021  -                               
mktg_and_def_token      Sun,19 Sep 2021  -                                        
token2                  Tue,30 Mar 2021  Token already expired           
test_userfavorites-01   Sun,19 Sep 2021  -                               
token1                  Tue,30 Mar 2021  Token already expired           
marketing_token         Sun,19 Sep 2021  -

👍

The response includes the expiry date of the token. You should take note of this date and make sure that you generate a new token before the existing one expires. Your EdgeKV calls will fail if an expired token is not replaced.

Retrieve an EdgeKV access token

To retrieve a single token you need the token name. Ask your Administrator if you don’t have the name. You can also use this command to save the token in the same location as your EdgeWorkers code bundle.

  1. To retrieve an EdgeKV access token use this CLI command syntax:
akamai edgekv download token <tokenName> --save_path=<path> --overwrite
  1. Here is a sample request to retrieve the Marketing token and save it in the tmp folder:
akamai edgekv download token marketing_token --save_path=/tmp/ --overwrite
  1. Here is an example response:
-----------------------------------------------------------------
--- Token in /tmp/edgekv_tokens.js was successfully updated. ---
-----------------------------------------------------------------
Token Name:         Marketing
CpCode used:        123456
Valid for EWIDs:    all
Valid on Production:  false
Valid on Staging:   true
Expiry date:        Tue,29 Jun 2021
Issue date:         Wed,24 Feb 2021
Namespace Permissions:
  default:  [READ,DELETE,WRITE]
  marketing:  [READ]

Did this page help you?