GuideReference
TrainingSupportCommunity

Alternative authentication

Set up authorization to best fit the way you work by customizing your credentials.

Use multiple API clients

Having more than one API client lets you set the scope of work at the authentication level.

  • Manage different sets of credentials for staging and production.
  • Set which services a client has access to and to what level, read, write, or both.
  • Differentiate client accounts and contracts.

To use multiple API clients, place all sets of your credentials in the same .edgerc file, separating them with an empty line and under a new header.

Headers must be inside brackets and use lowercase letters. If needed, you can use dashes, underscores, and spaces.

[default]
client_secret = exampleabcdEcSnaAt123FNkBxy456z25qx9Yp5CPUxlEfQeTDk
host = exampleakab-lmn789n2k53w7qrs10cxy-nfkxaa4lf.luna.akamaiapis.net
access_token = exampleakab-zyx987xa6osbli4k-e7jf5ikib
client_token = exampleakab-nomoflavjuc4422-fa2xznerx

[second_section]
client_secret = exampleabcdEcSnaAt123FNkBxy456z25qx9Yp5CPUxlEfQeTD
host = example2akab-lmn789n2k53w7qrs10cx-nfkxaa4lf.luna.akamaiapis.net
access_token = example2akab-zyx987xa6osblik-e7jf5ikib
client_token = example2akab-nomoflavuc4422-fa2xznerx

Use the section header you need as the value for the config_section argument in the provider block of your akamai.tf file.

provider "akamai" {
  edgerc = "~/.edgerc"
  config_section = "second_section"
}

Switch accounts

When you're working with more than one account, move between them using an account switch key with an API client enabled to manage multiple accounts.

If you already have a managed API key, skip to step 3.

  1. Navigate to the Users and API Clients section of Akamai Control Center, click Create API client, and choose to create an advanced client.

  2. At Client options, choose to let your client manage multiple accounts, set the remainder of the permissions to your use case, and click create.

  3. On your API client's details page, enter the account name or ID you want in the accounts you manage field. Copy the account switch key provided and your client's credentials.

  4. Open your .edgerc file and paste in your credentials under a descriptive heading. Add to the bottom of this list an account_key field with your account switch key as the value. Save your changes.

    If you have multiple accounts, you can use the same base set of credentials with different switch keys for each of your accounts.

    [my_managed_account]
    client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
    host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
    access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
    client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj
    account_key = A-CCT1234:A-CCT5432
    
    [base_managed_credentials]
    client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
    host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
    access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
    client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj
    
    [base_managed_creds_plus_acctkey1]
    client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
    host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
    access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
    client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj
    account_key = A-CCT1234:A-CCT5432
    
    [base_managed_creds_plus_acctkey2]
    client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
    host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
    access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
    client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj
    account_key = A-CCT9876:A-CCT7890
    
  5. In your Terraform configuration file, locate the config_section argument. Change the value to your account switch set of credentials to make infrastructure changes for that account.

    All Terraform commands you run use the account switch key to access and configure infrastructure until you change the section value.

    provider "akamai" {
      edgerc = "~/.edgerc"
      config_section = "my_managed_account"
    }
    

See also