Create a short-lived bearer token for a parent user on a child account, using the euuid of that child account. In the context of the API, a parent user on a child account is referred to as a "proxy user." When Akamai provisions your parent-child account environment, a proxy user is automatically set in the child account. It follows a specific naming convention:
<Parent account `company` name>_<SHA256 hash of parent `company` name and child account `euuid`>
Note. The variables above use only the first 15 and 16 characters of these values, respectively.
The token lets a parent account run API operations through the proxy user, as if they are a child user in the child account.
These points apply to the use of this operation:
-
To create a token, a parent account user needs the
child_account_accessgrant. This lets them use the proxy user on the child account. You can run List a user's grants on a parent account user to check itschild_account_accesssetting. To add this access, you can update the parent account user. -
The created token inherits the permissions of the proxy user. It will never have less.
-
The API returns the raw token in the response. You can't get it again, so be sure to store it.
Example workflow:
- List child accounts and store the
euuidfor the applicable one. - Run this operation and store the
tokenthat's created for the proxy user. - As a parent account user with access to the proxy user in the child account, use this
tokento authenticate API operations, as if you were a child user.
linode-cli child-account create A1BC2DEF-34GH-567I-J890KLMN12O34P56
<https://www.linode.com/docs/products/tools/cli/get-started/>
child_account:read_write
<https://techdocs.akamai.com/linode-api/reference/get-started#oauth>