API client
akamai_iam_api_client
Create and update an API client. To delete the resource, you can do one of these:
- Run
terraform destroy. This also automatically deactivates the API client's credential. - Deactivate an active credential with this resource by changing the credential's
statustoINACTIVEbefore removing the resource.
resource "akamai_iam_api_client" "my-api-client" {
authorized_users = ["jsmith@email.com"]
client_type = "CLIENT"
client_name = "my-api-client"
credential = {
description = "My API Client Credential"
expires_on = "2027-04-13T14:48:07Z"
}
group_access = {
clone_authorized_user_groups = true
}
api_access = {
all_accessible_apis = true
}
purge_options = {
can_purge_by_cp_code = true
can_purge_by_cache_tag = true
cp_code_access = {
all_current_and_new_cp_codes = false
}
}
}resource "akamai_iam_api_client" "my-api-client" {
authorized_users = ["jsmith@email.com"]
client_type = "CLIENT"
client_name = "my-api-client"
notification_emails = ["jsmith@example.com"]
client_description = "My API Client"
lock = false
credential = {
description = "My API Client Credential"
expires_on = "2027-04-13T14:48:07Z"
status = "ACTIVE"
}
group_access = {
clone_authorized_user_groups = false
groups = [
{
group_id = 12345
role_id = 67890
sub_groups = [
{
group_id = 98765
role_id = 43210
}
]
}
]
}
ip_acl = {
enable = true
cidr = ["123.4.5.6/78"]
}
api_access = {
all_accessible_apis = false
apis = [
{
api_id = 164
access_level = "READ-ONLY"
},
{
api_id = 5640
access_level = "READ-WRITE"
}
]
}
purge_options = {
can_purge_by_cp_code = true
can_purge_by_cache_tag = true
cp_code_access = {
all_current_and_new_cp_codes = false
cp_codes = [12345]
}
}
}Arguments
Pass the minimum required arguments to create or manage your API client.
| Argument | Required | Description |
|---|---|---|
api_access |
✔ | The APIs the API client can access. Includes:
|
client_name |
✔ | A descriptive, human-readable name for the API client. |
client_type |
✔ | The type of the API client's ownership and credential management. Possible values:
|
group_access |
✔ | The API client's group access. Includes:
|
authorized_users |
✔ | The API client's valid users. To get the username, run the Authorized users data source. |
credential |
✔ | The API client's credential. Includes:
|
allow_account_switch |
When set to true, the API client can manage more than one account.Note: It can't be |
|
can_auto_create_credential |
When set to true, the API client can create credentials for a new API client. Defaults to false if not set.Note: Auto-creating credentials is available only if the API client is created for the same user as the actor API client. |
|
client_description |
A human-readable description of the API client. | |
ip_acl |
The API client's IP list restriction. Includes:
|
|
notification_emails |
Email addresses of users who get notified when credentials expire. | |
purge_options |
Configures the API client's access to the Fast Purge API. Includes:
Notes: |
|
lock |
When set to true, this locks the API client. Defaults to false if not set. |
Attributes
If you've not set an output method, the response only provides a success message with your resource's ID.
Setting an output method returns the API client details you provided on create along with these computed attributes.
| Attribute | Description |
|---|---|
client_id | The API client's ID. |
id | The resource's ID, same as the client_id. |
access_token | The part of the client secret that identifies the API client and lets you access applications and resources. |
actions | Actions available on the API client. When set to true, you can perform a given action on the API client. Includes:
|
active_credential_count | The number of credentials active for the API client. When the count is 0, you can delete the API client without interruption. |
base_url | The base URL for the service. |
created_by | The user who created the API client. |
created_date | The ISO 8601 timestamp indicating when the API client was created. |
credential | The API client's credential. Includes:
|
api_access | The APIs the API client can access. Includes:
|
group_access | The API client's group access. Includes:
|
