How to manage authentication for private containers

Reviewed on November 19, 2025

Important

Scaleway Serverless Containers used to rely on JWT authentication tokens to access private resources. This feature is now deprecated, you must therefore use Scaleway IAM to access your private containers using an API key.

This page shows you how to manage authentication for private containers from the Scaleway console.

Before you start

To complete the actions presented below, you must have:

A Scaleway account logged into the console
Owner status or IAM permissions allowing you to perform actions in the intended Organization
Created a containers namespace
Deployed a container

Managing authentication from the Scaleway console

Serverless Containers used to rely on a legacy token-based authentication to call private containers. Scaleway IAM now offers a modern way to access private resources using API keys.

Calling private containers

To call a private container, you have to add the secret key of the previously created API key to a X-Auth-Token header.

A private container observes this behavior:

If a call is made without the X-Auth-Token header, the call is rejected (status code 403)
If the X-Auth-Token header is provided, the token is validated using the IAM API public key corresponding to the private key provided.

For example, to execute a private container by providing a secret key using curl, run the following command:

curl -H "X-Auth-Token: <API_SECRET_KEY>" <YOUR_CONTAINER_ENDPOINT>

Before you start

Managing authentication from the Scaleway console

Calling private containers

Revoking authentication