- You can only generate API keys for yourself and, if you are the Organization Owner or have IAMManager permissions, for IAM applications. You cannot generate API keys for other IAM users, regardless of your permissions.
- You can attach API keys to your own user to test and access your infrastructure, but we do not recommend this for all use cases.
How to create API keys
API keys are unique identifiers necessary to use the Scaleway API. You can generate API keys for yourself or for an IAM application via the Scaleway console. Each API key is scoped to one Organization only (so if you are part of multiple Organizations, you will need a different API key for each one). Each user and application can have multiple API keys in each Organization.
API keys always inherit the permissions of their bearer (the IAM user or IAM application with which they are associated), giving that bearer the exact rights and permissions that have been defined for them in the Organization via policies.
If you plan to create API keys that will be used for a long period of time, in production for example, we recommend that you use applications as the bearers of these API keys. This way, the API keys are linked to non-human users, and are under no risk of leaving or being removed from the Organization.
Before you start
To complete the actions presented below, you must have:
- A Scaleway account logged into the console
-
Click Identity and Access Management (IAM) on the top-right of your Organization Dashboard in the Scaleway console. You are taken to your Identity and Access Management dashboard.
-
Click the API keys tab.
-
Click + Generate API key. The following screen pops up:
-
Select the bearer of the API key. Choose between yourself (as an IAM user), or an IAM application associated with the Organization.
-
Enter an optional description for the API key.
-
Enter the desired expiration. Choose from:
- Never: the API key will never expire,
- 1 hour / week / month / year: the API key will expire at the end of the selected period,
- Custom: you are prompted to enter a date on which the API key will expire.
-
Select whether the API key will be used for Object Storage. Choose from:
- Yes, set up preferred Project: you are prompted to select a Project that the API key will always use for Object Storage operations.
- No, skip for now: the Project that you are currently navigating in the console (i.e. the one that is selected in your Project dashboard) will be automatically selected as the preferred Project for Object Storage.
NotePreferred Projects for Object Storage - When creating and/or listing Object Storage buckets via the API, there is no available parameter to specify the Project in which you wish to list or create buckets. All buckets you create via the API will therefore be created in the preferred Project you choose when creating the API key. Similarly, when listing buckets, buckets from your preferred Project will be listed. Note that:
- This only applies to the creation and/or listing of Object Storage buckets, and no other products or resources.
- You can still create and/or list buckets in your Project of choice via the Scaleway console. See our dedicated documentation for more information.
-
Click Generate API key. A screen displays showing the access key and secret key for your new API key and reminding you that this is your only chance to securely save the secret key:
-
Ensure you have securely saved the secret key, then close the window. You are returned to the API keys tab, where your new API key now appears in the list.