API key
The API key is a secret key used for simplified authorization in the Yandex Cloud API. API keys are only used for service account authorization.
API keys do not expire. This means that this authentication method is simpler, but less secure. Use it if you can't automatically request an IAM token.
Alert
If someone might have gotten access to your private key, delete it and create a new one.
It is the user's responsibility to store the API key. Yandex Cloud provides access to an API key only during its creation. If the key is lost or damaged, you cannot restore it. In which case you can reissue the key or create a new one.
To ensure security and control over access to resources, monitor cases of unauthorized use of keys, and delete unused keys without the risk of disrupting Yandex Cloud services, you can track the dates of last use of service account access keys. You can find this info on the service account page in the management consolelast_used_at
field when using the API to invoke access key management methods.
API keys with scope and validity limits
You can create API keys with a limited scope and an expiration date. This will reduce the risk of unauthorized use of your keys.
Using an API key
Enter your API key when accessing Yandex Cloud resources via the API. Provide the API key in the Authorization
header in the following format:
Authorization: Api-Key <API_key>
Services that support this authentication method
The following services support authentication based on API keys:
- Yandex Cloud Functions
- Yandex DataSphere
- Yandex Search API
- Yandex SpeechKit
- Yandex SpeechSense
- Yandex Translate
- Yandex Vision OCR