Help Center> Koo Command Line Interface> User Guide> Using KooCLI in Non-configuration Mode> Agency Authentication
Updated on 2023-02-27 GMT+08:00
View PDF

Agency Authentication

By creating an agency, you can delegate another account to manage your resources based on assigned permissions. After a trust relationship is established, the delegated party can use the delegating account name (cli-agency-domain-name)/ID (cli-agency-domain-id), agency name (cli-agency-name), and the delegated party's authentication information (token or AK/SK) to get authenticated when calling APIs to manage and use resources of the delegating party.

To use this authentication mode, the delegating party must create an agency for the delegated party. If you are the delegating party, create an agency on the IAM console by referring to Account Delegation. If you are the delegated party, only you and users in the admin group can manage the delegated resources. To assign a common IAM user to manage the resources, authorize the user by referring to Assigning Permissions to an IAM User (by a Delegated Party).

As the delegated party, when calling APIs to manage and use the cloud services and resources of the delegating party, use an AK/SK (access key or temporary security credentials) or a token for authentication.

  • AK/SK (delegated party's) authentication
    • Access key (permanent AK/SK)
      hcloud ECS NovaListServers --cli-region="eu-west-101" --project_id="4ff018c3******************f31948" --cli-agency-domain-id=13534326******************5cf67b --cli-agency-name=****** --cli-access-key=8NVT************KIOV --cli-secret-key=VHMQjoC**************************lsk3cGf
    • Temporary security credentials (temporary AK/SK and SecurityToken)
      hcloud ECS NovaListServers --cli-region="eu-west-101" --project_id="4ff018c3******************f31948" --cli-agency-domain-id=13534326******************5cf67b --cli-agency-name=****** --cli-access-key=5FSU************607T --cli-secret-key=VoyjgLh**************************qRc8pSq --cli-security-token=******
  • Token (cli-x-auth-token) authentication
    hcloud ECS NovaListServers --cli-region="eu-west-101" --project_id="4ff018c3******************f31948" --cli-agency-domain-id=13534326******************5cf67b --cli-agency-name=****** --cli-x-auth-token=******
  • Account (cli-username, cli-password, and cli-domain) authentication
    hcloud ECS NovaListServers --cli-region="eu-west-101" --project_id="4ff018c3******************f31948" --cli-agency-domain-name=q******2 --cli-agency-name=****** --cli-username=s******1 --cli-password=****** --cli-domain=s******1