Skip to navigationSkip to main contentSkip to footerScaleway DocsAsk our AI
Ask our AI
Log inSign up

How to migrate from JWT to IAM authentication for private containers

Important
  • February 16, 2026: Creating new JWT tokens will no longer be possible
  • The authentication method with existing tokens remains available. Only the creation of new tokens will no longer be supported

Scaleway Serverless Containers used to rely on legacy JWT authentication tokens to access private resources.

This feature is now deprecated, you must therefore use Scaleway IAM to access your private containers using an API key. This change allows for a better Scaleway ecosystem integration. Read the documentation on advanced access control with IAM conditions for more information.

  1. Set up IAM authentication by creating an IAM application bearing an API key, and grant it the ContainersPrivateAccess via an IAM policy.

  2. Delete the existing JWT for your Serverless Containers to revoke legacy authentication.

  3. Pass the secret key of your IAM application's API key via the X-Auth-Token header to call your private container:

curl -H "X-Auth-Token: <YOUR_SECRET_KEY>" <YOUR_CONTAINER_ENDPOINT>
Note
  • Existing tokens will continue to work
  • Reading (GET/LIST) and deleting (DELETE) JWT tokens will remain available until February 2026
  • No application code changes are required, only header value updates
See Also
How to manage authentication for private containersHow to secure a container
Still need help?

Create a support ticket
No Results