Get authentication for Akamai API

Authentication credentials for the majority of our API use a hash-based message authentication code or HMAC-SHA-256 created through an API client. Each member of your team use their own client set up locally to prevent accidental exposure of credentials.

If you're using the NetStorage Usage commands, you also need to create NetStorage auth.

API clients

There are different types of API clients that grant access based on your need, role, or how many accounts you manage.

API client typeDescription
BasicAccess to the first 99 API associated with your account without any specific configuration. Individual service read/write permissions are based on your role.
AdvancedConfigurable permissions to limit or narrow down scope of the API associated with your account.
ManagedConfigurable permissions that work for multiple accounts.

Create a basic API client

  1. Navigate to the Identity and Access Management section of Akamai Control Center and click Create API Client.

  2. Click Quick and then Download in the Credentials section.

  3. Open the downloaded file with a text editor and add [default] as a header above all text.

    Alternatively, you can use your credentials as environment variables

    client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
    host =
    access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
    client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj

If you choose to place your resource file in any other location or use a different heading:

  • Add the -EdgeRCFile parameter in the commands and provide the path to its location,
  • Use the -Section parameter and provide a value.


NetStorage usage functions don't use your API client's Edge credentials. Instead, you use your HTTP API key in combination with other storage identifiers.

Each upload account requires its own set of credentials, and just like your Edge resource file, the NetStorage one is set up in sections.

Use the New-NetstorageAuth command with your upload account's ID to create a new NetStorage auth file or update an existing one with a new set.

Default location for a new .nsrc at your root directory. To place the file in a different location, use the -OutputDirectory parameter with a path to the location.

# Default 
$ New-NetstorageAuth -UploadAccountID my-upload-account-id

# Designated location
$ New-NetstorageAuth -UploadAccountID my-upload-account-id -OutputDirectory "~/projects/akamai/netstorage"

Switch accounts

When you're working with more than one account, move between them using an account switch key with an API client enabled to manage multiple accounts.

Use your account's ID or name to get your available switch keys and then add the key to either your .edgerc or use the -AccountSwitchKey parameter when calling your function.

Get-AccountSwitchkey -Search "my account name"    
accountSwitchKey      accountName
-------------------   -----------
A-CCT1234:A-CCT5432   Main Street Corporation
A-CCT1234:A-CCT6789   High Street Company

Environment variables

As an alternative way to pass commonly used or globally used Akamai key-value pairs, you can set up and use environment variables.

We support environment variables for credentials and body size.

When using multiple API clients, add in the section header in all caps after AKAMAI_. For example, if you've got a papi section in your .edgerc file, you'd add in PAPI.

To use environment variables, format your statement with the export command followed by the variable and value as the argument. While the environment variable names are in all caps and are case sensitive, the -Section parameter value is not.

AKAMAI_CLIENT_SECRETString. Your default client secret.
AKAMAI_HOSTString. Your default host.
AKAMAI_ACCESS_TOKENString. Your default access token.
AKAMAI_CLIENT_TOKENString. Your default client token.
AKAMAI_PAPI_CLIENT_SECRETString. Any other credential section heading.
AKAMAI_PAPI_HOSTString. Any other credential section heading.
AKAMAI_PAPI_ACCESS_TOKENString. Any other credential section heading.
AKAMAI_PAPI_CLIENT_TOKENString. Any other credential section heading.
AKAMAI_ACCOUNT_KEYString. An account switch key.
AKAMAI_MAX_BODYInteger. The maximum message body size in bytes. The default is 131072 bytes.
NETSTORAGE_IDString. Your upload account ID
NETSTORAGE_HOSTString. Your domain prefix.
NETSTORAGE_GROUPString. Your storage group ID.
NETSTORAGE_CPCODEString. Your storage group CP code.