Guide

Use the CLI to generate and manage access tokens

Suggest Edits

As an alternative to using the EdgeKV administrative API, you can use the EdgeKV CLI to generate, list, and retrieve access tokens.

Review the Generate and retrieve EdgeKV access tokens section for information about how the access tokens work and the fields that need to be specified.

Refer to the CLI documentation for more information about how to install and use the EdgeKV CLI.

Generate an EdgeKV access token

An EdgeKV-specific access token is required to access each namespace in your data model from an EdgeWorkers function. You should record the name of each access token that you generate so you can retrieve it later.

If you’re experimenting you can use the default namespace created when you initialized your EdgeKV database. For this example, we'll use the default namespace to create our access token. When deploying your EdgeKV database in production please use a new namespace.
For more information, including a description of the required fields when creating an access token, see Generate and retrieve EdgeKV access tokens.

  1. To generate a new EdgeKV Access Token for a specific namespace use this CLI command syntax:
akamai edgekv create token <token_name> --save_path=<edgeworker_bundle_path> --overwrite --staging={allow|deny} --production={allow|deny} --ewids={all|<comma_separated_list_of_ewids> --namespace=<namespace_id>+permissions,<namespace_id>+permissions
  1. Here is a sample request to create a token for the default namespace with read/write/delete permissions and read-only permissions for the “marketing” namespace:
akamai edgekv create token token1 --save_path=/tmp --overwrite --staging=allow --production=deny --ewids=all --namespace=default+rwd,test1+r

📘

This CLI example automatically updates the existing edgekv_tokens.js file in the specified save_path with the newly-created access token assuming the .tgz bundle tarball file is specified in the save_path, for example, “/tmp/helloworld.tgz”. The tarball will also be updated with the latest edgekv_tokens.js file.

Here is an example response:

----------------------------------------------------------------
--- Token in /tmp/edgekv_tokens.js was successfully updated. ---
----------------------------------------------------------------
Token Name:           token1
Token UUID:           aa62bfaa-xxxx-xxxx-xxxx-7e909463a650
Issue date:           Wed, 28 Aug 2024
Expiry date:          INDEFINITE
Activation status:    IN_PROGRESS
Latest refresh date:  N/A
Next scheduled refresh date:  Mon, 28 Oct 2024
CpCode used:          1377366
Valid for EWIDs:      all
Valid on Production:  false
Valid on Staging:     true
Namespace Permissions:
  default:  [READ,DELETE,WRITE]
  test1:  [READ]

If you skipped specifying a path, the token output will show as:

----------------------------------------------------------------------------------------------------------------------------------------------
--- Add the token value in edgekv_tokens.js file and place it in your bundle. Use --save_path option to save the token file to your bundle ---
----------------------------------------------------------------------------------------------------------------------------------------------
Token Name:           token1
Token UUID:           aa62bfaa-xxxx-xxxx-xxxx-7e909463a650
Issue date:           Wed, 28 Aug 2024
Expiry date:          INDEFINITE
Activation status:    IN_PROGRESS
Latest refresh date:  N/A
Next scheduled refresh date:  Mon, 28 Oct 2024
CpCode used:          1377366
Valid for EWIDs:      all
Valid on Production:  false
Valid on Staging:     true
Namespace Permissions:
  default:  [READ,DELETE,WRITE]
  test1:  [READ]
  1. If you did not use the --save_path option, you can retrieve the token and save it in the same location as your EdgeWorkers code bundle. For more information refer to Retrieve an EdgeKV access token.

List EdgeKV access tokens

You can get a list of EdgeKV access tokens that you have permission to view from your account. This is useful to see how many tokens you have created and to view the expiry date of these tokens.

  1. To get a list of EdgeKV access tokens that you have permission to view from your account, use this CLI command:
akamai edgekv list tokens

You can add --include-expired to this command to include expired tokens in the response. Expired tokens count towards your account's token limit.

  1. Here is an example response
--------------------------------------------------------------
--- The following tokens are available for you to download ---
--------------------------------------------------------------
TokenName                        TokenActivationStatus  IssueDate          LatestRefreshDate  NextScheduledRefreshDate 
-------------------------------  ---------------------  -----------------  -----------------  ------------------------
marketing_token                  COMPLETE               Tue, 13 Aug 2024   N/A                Sun, 13 Oct 2024        
test_userfavorites-001           COMPLETE               Tue, 2 Jul 2024    Wed, 21 Aug 2024   Mon, 21 Oct 2024        
token1                           COMPLETE               Wed, 28 Aug 2024   N/A                Mon, 28 Oct 2024        
token2                           IN_PROGRESS            Wed, 28 Aug 2024   N/A                Mon, 28 Oct 2024

Retrieve an EdgeKV access token

To retrieve a single token you need the token name. Ask your Administrator if you don’t have the name. You can also use this command to save the token in the same location as your EdgeWorkers code bundle.

  1. To retrieve an EdgeKV access token use this CLI command syntax:
akamai edgekv download token <tokenName> --save_path=<path> --overwrite
  1. Here is a sample request to retrieve the Marketing token and save it in the tmp folder:
akamai edgekv download token token1 --save_path=/tmp --overwrite
  1. Here is an example response:
----------------------------------------------------------------
--- Token in /tmp/edgekv_tokens.js was successfully updated. ---
----------------------------------------------------------------
Token Name:           token1
Token UUID:           aa62bfaa-xxxx-xxxx-xxxx-7e909463a650
Issue date:           Wed, 28 Aug 2024
Expiry date:          INDEFINITE
Activation status:    COMPLETE
Latest refresh date:  N/A
Next scheduled refresh date:  Mon, 28 Oct 2024
CpCode used:          1377366
Valid for EWIDs:      all
Valid on Production:  false
Valid on Staging:     true
Namespace Permissions:
  default:  [READ,DELETE,WRITE]
  test1:  [READ]

Refresh an access token

Follow these steps to trigger a manual token refresh instead of waiting for the scheduled automatic token refresh to occur.

  1. To refresh an EdgeKV access token use this CLI command syntax:
akamai edgekv refresh token <tokenName>
  1. Here is a sample request:
akamai edgekv refresh token token1
  1. Here is an example response:
-----------------------------------------
--- Token "token1" has been refreshed ---
-----------------------------------------
Token Name:           token1
Token UUID:           aa62bfaa-xxxx-xxxx-xxxx-7e909463a650
Issue date:           Wed, 28 Aug 2024
Expiry date:          INDEFINITE
Activation status:    IN_PROGRESS
Latest refresh date:  Wed, 28 Aug 2024
Next scheduled refresh date:  Mon, 28 Oct 2024
CpCode used:          1377366
Valid for EWIDs:      all
Valid on Production:  false
Valid on Staging:     true
Namespace Permissions:
  default:  [READ,DELETE,WRITE]
  test1:  [READ]

Updated 8 months ago