Documentation & Tutorials
How to generate an API token
This page will explain you how to generate a Security Token and how you can use it to authenticate against our API.
What is an API Token?
Security information: API tokens are like passwords, they allow total access to your account, do no share them! If you believe one of your tokens was compromised, delete it and create a new one.
API tokens are unique identifiers associated with your Scaleway account and consist of an Access Key (--o or -organisation in the Scaleway CLI) and a Secret Key (--t or -token in the Scaleway CLI). The Secret key is required to authenticate against our API and will only be displayed when you create the token. Make sure to take a note of it and to keep it secret.
What are Access Key and Secret Key?
Before you can start using our API, you need to generate a Security Key and Access Key pair. Consider the Access Key as a login, and the secret key as a password. A token is the pair of those 2 values.
An Access Key can identify a token.
It’s not a sensitive piece of information.
The Secret Key is the value that can be used to authenticate against the API (the value used in X-Auth-Token HTTP-header).
The secret must stay secret and not given to anyone or publish online.
Each Scaleway account can have several tokens (so several pairs of access-key + secret). Several tokens are useful to give different applications access to the same Scaleway account. However, you remain in control and you can revoke access to any application individually.
Tokens that have been generated before the introduction of the Secret Key can be used without restriction. For Security reasons it is recommended to use Secret Keys whenever possible.
How to generate an API Token?
Open the drop-down menu on your account name and click on Credentials.
To generate a new token, click on Generate new token in the Tokens section of the page.
The Access Key and the Secret Key will show on your screen. Take a note of the Secret Key as it will not be recoverable.
Execute a command through our API (e.g. List your servers) with your API Token