API key

The API key is a secret key used for simplified authorization in the Yandex Cloud API. API keys are only used for service account authorization.

API keys do not expire. This means that this authentication method is simpler, but less secure. Use it if you can't automatically request an IAM token.

It is the user's responsibility to store the API key. Yandex Cloud provides access to an API key only during its creation. If the key is lost or damaged, you cannot restore it. In which case you can reissue the key or create a new one.

To ensure security and control over access to resources, monitor cases of unauthorized use of keys, and delete unused keys without the risk of disrupting Yandex Cloud services, you can track the dates of last use of service account access keys. You can find this info on the service account page in the management console or in the last_used_at field when using the API to invoke access key management methods.

API keys with scope and validity limitsAPI keys with scope and validity limits

You can create API keys with a limited scope and an expiration date. This will reduce the risk of unauthorized use of your keys.

Using an API keyUsing an API key

Enter your API key when accessing Yandex Cloud resources via the API. Provide the API key in the Authorization header in the following format:

Authorization: Api-Key <API_key>

Services that support this authentication methodServices that support this authentication method

The following services support authentication based on API keys:

• Yandex Cloud Functions
• Yandex DataSphere
• Yandex Search API
• Yandex SpeechKit
• Yandex SpeechSense
• Yandex Translate
• Yandex Vision OCR

See alsoSee also

• Creating API keys
• IAM token
• Authorization and authentication in Yandex Cloud