Shared keys

You can create a key to share with partners and enable authentication between the Origin Shield and the Adaptive Media Delivery (AMD) configuration.

​Akamai​ protects live origins through the Origin Shield technology, a mid-tier caching layer strategically placed close to your origin. The Origin Shield sits between the ​Akamai​ Intelligent Platform and your origin to protect your origin from request overload.

  • Although you can share a single shared key with multiple accounts, ​Akamai​ recommends that you only share each key with a single account.

  • You can generate a maximum of 10 keys for each Media Services Live origin.

  • To rotate one or two keys, keep a placeholder because rotation adds a new key and then deletes the old key.

  • After you create a shared key and the origin configuration is active, ensure that you share the key securely with the AMD configuration user. ​Akamai​ is not responsible for the security of this transmission.

  • You must share your origin hostname with other ​Akamai​ accounts to configure AMD.

  • The user on the delivery configuration side receives the origin key information from the publisher or origin configuration user and copies the key.

  • On the AMD side, you must manually enter the shared key details along with the other details, such as the origin hostname, to complete the configuration.

Revoke or delete a shared key

To revoke or delete a shared key:

  1. Edit the existing origin configuration and select a specific shared key to delete.

  2. Notify the delivery account customers that they need to stop using the deleted shared key.

  3. Once the configuration is active, the origin will not accept the deleted key.


    Deleting a specific key will affect the delivery configuration using the deleted key. Don't delete the old key before you generate and distribute the new key to the delivery account users. Once a shared key is deleted, you cannot recover it.

Rotate a shared key

To rotate an existing shared key:

  1. Add or create a new key.

  2. Once the configuration is active, share the new key details with delivery accounts.


    Configuration usually takes two hours.

  3. Edit the configuration to delete the old key, after the deliver configuration is active with the new key.


Until the old key is deleted, both the keys will continue to exist. You can maintain a maximum number of 10 concurrent keys. To rotate a key, your current number of keys should not exceed 9 in order to use the 10th slot for the new rotating key.