About Your API Access Policy

Your API access policy provides you with additional security options to simplify, in some use cases, the authentication to the OUTSCALE services.

General Information

Your API access policy enables you to:

  • Require the use of expiration dates for your access keys.

  • If you use API access rules with Certificate Authorities (CAs), activate a trusted session to simplify the authentication process.

    Like API access rules, a trusted session applies to all APIs as well as the interfaces and tools based on them, with the exception of the OUTSCALE Object Storage (OOS) API.

Maximum Possible Lifetime for Access Keys

By default, your access keys have infinite lifetimes and thus do not need to be renewed. To set the expiration date of an access key, see Creating an Access Key or Modifying an Access Key.

You can use your API access policy to make the use of expiration dates mandatory, therefore increasing the security of your account. For more information, see Managing Your API Access Policy.

Trusted Session

If you have defined Certificate Authorities (CAs) in your API access rules, you must systematically provide a certificate in each of your requests to OUTSCALE services. For more information about CAs and certificates, see About API Access Rules.

In that situation, however, you can use your API access policy to activate a trusted session. A trusted session enables you to bypass the requirement of systematically providing a certificate. Instead, you only provide the certificate when activating the trusted session itself.

Cockpit v2-beta can simulate a trusted session for you. For more information, see Logging In and Out of a Trusted Session.

To activate a trusted session, you must meet the following requirements:

  • All your access keys must have expiration dates.

  • All your API access rules must specify a CA.

Scope of a Trusted Session

For security reasons, certain API methods are excluded from the scope of a trusted session. The table below presents the authentication factors required to perform actions:

Actions Required authentication with trusted session deactivated Required authentication with trusted session activated

All methods except those managing:

  • Access keys

  • CAs

  • API access rules

  • The API access policy

  • By access keys (AND certificate if required by API access rules)

  • By access keys

Methods managing:

  • Access keys

  • CAs

  • API access rules

  • The API access policy

  • By access keys (AND certificate if required by API access rules)

or

  • By email/password (AND certificate if required by API access rules)

  • By access keys AND certificate

or

  • By email/password AND certificate

In addition to the above, a few methods are public methods that do not require authentication. These are marked by a green banner in the OUTSCALE API documentation.

Related Pages

Corresponding API Methods