Updated on 2025-02-19 GMT+08:00

AK/SK Authentication

This section describes how to use AK and SK to sign requests.

  • AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
  • SK: secret access key used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.

Generating an AK and SK Pair

If an AK/SK pair has already been generated, skip this step. Find the downloaded AK/SK file, which is usually named credentials.csv.

As shown in the following figure, the file contains the username, access key ID, and secret access key.

Figure 1 Content of the credential.csv file

Note:

  1. You can create a maximum of two access keys with identical permissions and unlimited validity and cannot increase the quota. Each access key can be downloaded only once when created. Keep your access keys secure and change them periodically for security purposes. To change an access key, delete it and create a new one.
  2. Federated users can only create temporary access credentials (temporary AK/SKs and security tokens). .
  3. If you are an administrator, you can view the AK of an IAM user on the user details page. The SK is kept by the user.

Perform the following procedure to generate an AK/SK pair:

  1. Log in to the .
  1. Hover the cursor on the username and choose My Credentials from the drop-down list.

  1. Click the Access Keys tab.
  2. Click Create Access Key.

    Each user can create a maximum of two access keys. The quota cannot be increased.

    • To change an access key, delete it and create a new one.

  3. Enter a description, and click OK.
  4. In the displayed dialog box, click Download to save the access key.

    You can obtain the AK from the access key list and SK from the downloaded CSV file.

    • For details about how to obtain a temporary AK/SK, see the Identity and Access Management API Reference.
    • Keep the CSV file properly. You can only download the file right after the access key is created. However, if you cannot find the file to obtain the key information, you can create a key.
    • Open the CSV file in the lower left corner, or choose Downloads in the browser and open the CSV file.
    • For security purposes, keep your access keys secure and change them periodically.

Generating a Signature

Generate a signature in the same way as in App authentication mode. Replace AppKey with AK and replace AppSecret with SK to complete the signing and request processing. You can sign requests to access APIs by using Java, Go, Python, C#, JavaScript, PHP, C++, C, and Android.

  • The local time on the client must be synchronized with the clock server to avoid a large error in the value of the X-Sdk-Date request header.
  • APIG (API Management) checks the time format and compares the time with the time when APIG (API Management) receives the request. If the time difference exceeds 15 minutes, APIG will reject the request.