EdgeGrid

Authentication credentials for the majority of Akamai APIs use a hash-based message authentication code or HMAC-SHA-256 created through an API client.

Different types of API clients grant access based on your need, role, or how many accounts you manage.

Basic client

1. Navigate to Identity and Access Management in Akamai Control Center and click Create API client.

2. Click Quick and then Download under Credentials. This places an .edgerc file in your root or home directory.

3. Open the file with a text editor and add [default] as a header above all text. Because you can have multiple API clients, the headers identify which credentials to use as you work.

   Shell

   [default]
   client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
   host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
   access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
   client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj
   

4. Save your credentials as an EdgeGrid resource file named .edgerc in your local home or root directory.

Managed client

1. Navigate to Users and API Clients in Akamai Control Center, click Create API client, and choose to create an advanced client.
2. In the client details screen, check the box next to let your client manage multiple accounts.
3. Click Create API client. Choose Download to get your credentials in .edgerc file or Copy to add them to an existing one.
4. Open your .edgerc file, and add a header above your credential set. When you work with multiple accounts, headers identify which credentials to use as you work. Header names must be inside brackets and use lowercase letters. If needed, you can use dashes, underscores, and spaces. For example, [managed] or [my-managed-client].

You can use this set of credentials to work within your own account or add an account switch key to the client to use them with a different account, or both.

Account switch keys

Notes:

• The Brand Protector, Case Management, DataStream 2, and SIEM Integration APIs don't support the accountSwitchKey.
• The account switch key functionality isn't available when using a service account API client.

Credentials are created at an account level. If you have access to and will do work for multiple accounts, you don't need to log in to and make clients in each of the accounts. Instead, you switch between them using a key with your existing managed API client.

1. Navigate to and click into your managed API client in Akamai Control Center.
2. Scroll down to Accounts you can manage from this client, type the name of an account in the search bar, and click search. Copy the value for the corresponding account switch key.
3. Open your .edgerc file and add it to your managed client as the value for an account_key key.

[my-other-account]
client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj
account_key = A-CCT1234:A-CCT5432

When you need to do work for a particular account, use the header to identify which set to use, or if you're using API, add the key value as an accountSwitchKey query parameter.

Advanced client

Navigate to Users and API Clients in Akamai Control Center, click Create API client, and choose to create an advanced client.

In the client details screen, choose the settings which best fit your needs.

• Customize the default set of API assigned to the client.
• Limit the API available to the client to isolate access by product or service.
• Configure read/write permissions for individual API.
• Assign roles to apply a configured set of permission levels.
• Set group access.

Once you're done with your settings, click Create API client. Choose Download to get your credentials in .edgerc file or Copy to add them to an existing one.

Use multiple clients

You can use multiple API clients to set the scope of permissions to reflect the different ways you work.

• Different clients for staging and production.
• Clients with focused access to a product or function.
• Separate clients for each accessible account.

Place all sets of your credentials in the same .edgerc file, separating them with an empty line and giving each set a unique header.

Headers must be inside brackets and use lowercase letters. You can use dashes, underscores, and spaces, if needed.

Tools like Terraform and PowerShell use the header name to identify which set of permissions to use as you work.

[default]
client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj

[sandbox]
client_secret = C113nt53KR3T2ICxIRwsObLi0E67N6N90yVuAg/KboJ3=
host = akab-h05tnam32wl42son7kbob3i3v-nktnlnnx.luna.akamaiapis.net
access_token = akab-acc35t0k3n2odujqunhzp7gtm6ij-nph3w7
client_token = akab-c113ntt0k3n24252bfxxbslyvsdj-qtari

[my-other-account]
client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/F9tQg=
host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj
account_key = A-CCT1234:A-CCT5432

Credentials as environment variables

As an alternative way to pass your credentials, common, or global Akamai key-value pairs, you can set up and use environment variables.

To use multiple API clients as environment variables, add section headers in all caps after AKAMAI_. For example, if you've got a papi section in your .edgerc file, you'd add in PAPI.