API

Identity and Access Management concepts

To understand this API's various URL resources and the data they exchange, you need to familiarize yourself with these concepts:

  • Group. Groups are organizational containers for the objects you use in Control Center. Groups can contain other groups, primary objects like properties, and secondary objects like edge hostnames or CP codes. Groups are organized as a nested tree structure that cascade permissions. You can move a nested group to another position within the tree structure, but that may affect users' access to objects it contains due to cascading permissions.

  • Asset. A term combining properties or includes created in Property Manager.

    • Property. A configuration file specifying how Akamai serves your web content. The Property Manager API (PAPI) allows you to manage property configurations and assign them to groups when you first create them.
    • Blocked Property. Administrators can block a user's access to any property, overriding any available role already assigned to a user to further restrict access.
    • Includes. They are snippets of a property configuration that let you reuse common settings in different properties or delegate the management of a portion of business rules to responsible application teams. To learn more, see Includes and Manage access to properties and includes.

  • Users. A user is a person with access to Control Center.

  • Profile. A profile refers to a user's information such as address and personal phone number. Users can edit their own profiles, but only administrators can edit profiles belonging to other users. Users can't disable their two-factor authentication (TFA) settings if the account they belong to has TFA enabled by default.

  • API client. The API client is the representation of a specific set of actions included in your role and tokens that grant access to a particular API for a specific area of your services on ​Control Center​. Clients contain the credentials and authorizations. You can create many clients, each different from the others in the APIs they're allowed to access and the scopes of their authorizations, the actions they're authorized to perform with regard to those APIs such as read-write, and read only.

  • Administrators. Administrators are a subset of users with additional permissions. They can have different levels of access, like API provisioning, moving groups or properties, or creating new users or modify existing ones. Response data may be redacted based on your access rights if you're a lower-level administrator.

  • Common Resources. This refers to commonly accessible read-only information that may apply across all users on an account. It includes locale, security policies, and the set of available products. The API provides a different set of common resource operations for access by administrators and for other users.

  • Notification. Users configure email notifications for reminders to rotate passwords, or to learn about maintenance issues for each product.

  • Role. Roles provide a user with a specific level of access to a group. You can assign to a user one role per group.
    Roles exist at the account level and are constrained by your contract type. If you create a role under one contract type, you can't apply that role to groups belonging to a different contract type, even if they're in the same account. To see your contract types, run the Property Manager API List contracts operation. To learn more, see Contracts API concepts and About groups and contracts in the Identity and Access UI documentation .

    • Grantable Role or Granted Role (used interchangeably). Akamai-defined set of roles available to be assigned to a user. The list of grantable roles and their scope depends on the products associated with your contract. Use the Contract API for information on the products associated with your contract.
    • Custom Role. The combination of Akamai-defined grantable roles. Because you can assign only one role per group, you may need to combine different grantable roles into a custom role to grant the user needed level of access to the group.