An access control list (ACL) displays all endpoints, resources, and methods associated with your collection's access control group. Within an ACL you can specify private endpoints, resources, and methods accessible to API consumers who identify with keys from a collection. Private endpoints and resources require API key authentication. You define endpoint and resource privacy settings in the API Definitions application.

To access an ACL, select the Access control list tab on the main key collection page.

The Enabled endpoints and resources section displays public and private endpoints and their associated resources across all versions. The endpoints and resources only show up on the ACL if they are registered under the same ACG as the key collection you are in. API keys are only required to access private endpoints and resources. Public elements are on the list just for informational purposes.

Each endpoint and resource is associated with a lock icon indicating its privacy status:

• A private endpoint or resource.

• A private endpoint that contains at least one public resource.

• A purely public endpoint or resource.

You can choose to show only private endpoints and resources by selecting the Hide public endpoints and resources check box.

The Path column shows either a base path on which your API serves content for endpoints or a combination of a base path followed by a resource path for resources.

The Status column shows the current status of each endpoint and resource on staging and production networks:

• or An endpoint or resource is being activated or deactivated on the network.

• or An endpoint or resource is active on the network.

The Methods column shows the methods enabled for the resource.

• A method is available to the resource, but not enabled.

• A method is enabled for the resource.

When you select or deselect an entry in an ACL, a pending icon () appears next to the entry until the requested change is propagated to the ​Akamai​ network. Under the Selected column, you can see how many of each endpoint's available resources are currently selected.

Edit an access control list

You can associate key collections with specific APIs by editing their access control lists (ACL). An ACL provides information about public and private endpoints, resources, and methods accessible to API consumers that identify with keys from a particular key collection.
Note that collections that share keys cannot be assigned to the same endpoint in the ACL.

📘

API

You can also complete this task by using the API Keys and Traffic Management API. Run the Edit an ACL operation.

1. In API Keys and Traffic Management, from the key collections list, select the collection to edit the access control list in.

2. In the collection panel, select the Access control list tab.

3. Click Edit ACL.
   The Edit access control for <collection_name> window opens.

4. Optionally, select filters to narrow down results:

   • Show only Active
   • Hide public endpoints and resources
   • Show only selected

5. In the Endpoint/Resource column, select the endpoints and resources that you want to make accessible to API consumers who identify with keys from this collection. Click Update ACL.
   When you select an endpoint, the system automatically selects all resources and methods associated with the endpoint.

6. In the Methods column, select the methods that you want to enable for the resource.
   When you select a resource, the system automatically selects all methods associated with the resource.

📘

You may select Hide public endpoints and resources to display only private elements. Public endpoints and resources do not require API key authentication. You may also select Show only active to display only endpoints and resources that are active on the staging or production network.

While the changes are being propagated to the ​Akamai​ network, you can track progress
by monitoring the pending icon () next to affected endpoints and resources. When the icon disappears, your changes are in place.