To reduce the risk of key exposure, as of November 30, 2023, the function to query SecretKey for all root accounts and sub-accounts will be closed, which can only be kept at the time of creation. Please keep your SecretKey in time.
Operation Scenarios
Access keys, also known as API keys, are the security certificates required for user identity verification when accessing Tencent Cloud APIs. They are composed of both a SecretId and a SecretKey. If a user does not possess an API key, it is necessary to create one within the API key management system, otherwise, they will be unable to invoke the cloud API interface.
This document describes how to create, enable/disable and delete API keys as well as view API key information for sub-users and collaborators.
Note:
SecretId: Used to identify an API caller, similar to a username.
SecretKey: Used to verify the identity of an API caller, similar to a password.
Prerequisites
Log in to the CAM Console and go to User List. Find the sub-user or collaborator that needs to be configured and click Username to enter the user details page.
Directions
Creating an API Key for a Sub-Account
You can create an API key for a sub-user/collaborator. After the API key is created, the sub-user/collaborator can use APIs, SDKs, or other development tools to manage the resources under the root account within the scope of the configured permissions.
1. On the user details page, click API Keys to enter the API key management page.
2. On the API key management page, click Create Key.
3. In the pop-up window of Create SecretKey, the key you've created will be displayed. Please keep your SecretId and SecretKey well. As of November 30, 2023, the created keys will only provide the SecretKey when created, and can not be queried afterward.
Note:
Each sub-user/collaborator can have at most two API keys.
An API key is an important credential for creating TencentCloud API requests. For the security of your assets and services, please keep the keys private, change them regularly, and delete old keys promptly after creating new ones.
Viewing a Sub-Account API Key
You can view and copy the SecretId of a sub-user's/collaborator's API key. The sub-user/collaborator can use APIs, SDKs, or other development tools through SecretId and SecretKey within their permissions to manage resources under the root account.
1. On the user details page, click API Keys to enter the API key management page.
2. On the API key management page, perform the following operations to view and copy the SecretId of the API key. An API key is an important credential for creating Tencent Cloud API requests. For the security of your assets and services, please keep the keys private, change them regularly, and delete old keys promptly after creating new ones.
Note:
SecretId: this can be directly viewed in the Key column. Click
to copy and save it.
SecretKey: click Show in the Key column. You will be able to view it after being authenticated. Click
to copy and save it. (To reduce the risk of key exposure, as of November 30, 2023, the function to query SecretKey for all root accounts and sub-accounts will be closed, which can only be kept at the time of creation. Please keep your SecretKey in time.)
Disabling/Enabling a Sub-Account API Key
You can disable an API key of a sub-user/collaborator. Please do so with caution as Tencent Cloud will block all requests that use the API key after it is disabled.
1. On the user details page, click API Key to enter the API key management page.
2. On the API key management page, click Disable in the Operation column.
3. In the confirmation window that pops up, click Confirm to disable the access key.
Note:
You can click Enable in the Operation column to enable the key. After the key is enabled, the sub-account/collaborator can use APIs, SDKs, or other development tools to manage the resources under the root account within the scope of the configured permissions.
Deleting a Sub-Account API Key
1. On the user details page, click API Key to enter the API key management page.
2. On the API key management page, click Disable in the "Operation" column. If the API key that you want to delete has already been disabled, proceed to step 4.
3. In the confirmation window that pops up, click Confirm.
4. On the API key management page, click Delete in the "Operation" column to delete the API key.
Note:
Please note that an API key cannot be recovered once deleted.
API Key Access Record Description
1. 1. On the API Key Management page, click More Access Records in the operation column, as shown in the following figure:
Note:
More Access Records: displays the latest 20 access records from the past 3 months, including both successful and failed calls. Due to the large volume of data, there may be a delay of about 1 hour.
Access records only log requests to the server. Regardless of whether a call is successful or has the necessary permissions, all attempts are recorded.
2. On the Key Access Records page on the right, view the details of key access records.
Last Access Time: displays the last time the key was used.
Yes
No
Was this page helpful?