About Your API Access Policy
Your API access policy provides you with additional security options to simplify, in some use cases, the authentication to the OUTSCALE services.
General Information
Your API access policy enables you to:
-
Require the use of expiration dates for your access keys.
-
If you use API access rules with Certificate Authorities (CAs), activate a trusted session to simplify the authentication process.
Like API access rules, a trusted session applies to all APIs as well as the interfaces and tools based on them, with the exception of the OUTSCALE Object Storage (OOS) API.
Maximum Possible Lifetime for Access Keys
By default, your access keys have infinite lifetimes and thus do not need to be renewed. To set the expiration date of an access key, see Creating an Access Key or Modifying an Access Key.
You can use your API access policy to make the use of expiration dates mandatory, therefore increasing the security of your account. For more information, see Managing Your API Access Policy.
Trusted Session
If you have defined Certificate Authorities (CAs) in your API access rules, you must systematically provide a certificate in each of your requests to OUTSCALE services. For more information about CAs and certificates, see About API Access Rules.
In that situation, however, you can use your API access policy to activate a trusted session. A trusted session enables you to bypass the requirement of systematically providing a certificate. Instead, you only provide the certificate when activating the trusted session itself.
Cockpit v2-beta can simulate a trusted session for you. For more information, see Logging In and Out of a Trusted Session. |
To activate a trusted session, you must meet the following requirements:
-
All your access keys must have expiration dates.
-
All your API access rules must specify a CA.
Scope of a Trusted Session
For security reasons, certain API methods are excluded from the scope of a trusted session. The table below presents the authentication factors required to perform actions:
Actions | Required authentication with trusted session deactivated | Required authentication with trusted session activated |
---|---|---|
All methods except those managing:
|
|
|
Methods managing:
|
or
|
or
|
In addition to the above, a few methods are public methods that do not require authentication. These are marked by a green banner in the OUTSCALE API documentation. |
Related Pages
Corresponding API Methods