Updated on 2024-11-18 GMT+08:00

Creating a Permanent Access Key

Function

This API can be used by the administrator to create a permanent access key for an IAM user or used by an IAM user to create a permanent access key.

Access keys are identity credentials for using development tools (APIs, CLI, and SDKs) to access Huawei Cloud. Access keys cannot be used to log in to the console. AK is used in conjunction with an SK to sign requests cryptographically, ensuring that the requests are secret, complete, and correct. For details about how to create an access key on the console, see Access Keys.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

Debugging

You can debug this API in API Explorer.

URI

POST /v3.0/OS-CREDENTIAL/credentials

Request Parameters

Table 1 Parameters in the request header

Parameter

Mandatory

Type

Description

Content-Type

Yes

String

Fill application/json;charset=utf8 in this field.

X-Auth-Token

Yes

String

If an administrator is requesting to create a permanent access key for an IAM user, see Actions. If an IAM user is requesting to create a permanent access key, the user token (no special permission requirements) of the user is required.

Table 2 Parameters in the request body

Parameter

Mandatory

Type

Description

credential

Yes

Object

Authentication information.

Table 3 credential

Parameter

Mandatory

Type

Description

user_id

Yes

String

ID of the IAM user who is requesting to create an access key. For details about how to obtain the user ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

description

No

String

Description of the access key.

Response Parameters

Table 4 Parameters in the response body

Parameter

Type

Description

credential

Object

Authentication result.

Table 5 credential

Parameter

Type

Description

create_time

String

Time when the access key was created.

NOTE:

The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601.

access

String

AK.

secret

String

SK.

status

String

Status of the access key.

Options:

  • active: Enabled
  • inactive: Disabled

user_id

String

IAM user ID.

description

String

Description of the access key.

Example Request

Request for creating a permanent access key for an IAM user whose ID is 07609fb9358010e21f7bc003751c....

POST https://iam.myhuaweicloud.com/v3.0/OS-CREDENTIAL/credentials
{
    "credential": {
        "description": "IAMDescription",
        "user_id": "07609fb9358010e21f7bc003751c...."
    }
}

Example Response

Status code: 201

The permanent access key is created successfully.

{
    "credential": {
        "access": "P83EVBZJMXCYTMUII...",
        "create_time": "2020-01-08T06:25:19.014028Z",
        "user_id": "07609fb9358010e21f7bc003751...",
        "description": "IAMDescription",
        "secret": "TTqAHPbhWorg9ozx8Dv9MUyzYnOKDppxzHt...",
        "status": "active"
    }
}

Status code: 400

Invalid parameters. (The number of access keys has reached the maximum allowed limit.)

{
    "error": {
        "message": "akSkNumExceed",
        "code": 400,
        "title": "Bad Request",
        "error_msg": null,
        "error_code": null
    }
}

Status Codes

Status Code

Description

201

The permanent access key is created successfully.

400

Invalid parameters, or the number of access keys has reached the maximum allowed limit.

401

Authentication failed.

403

Access denied.

500

Internal server error.

Error Codes

None