Access key management


  • Two access keys may be held per user for the purpose of renewing access keys without disrupting the customer's application.
  • One access key consists of AccessKeyID (20 characters) and SecretKey (40 characters).
  • The access key must never be exposed to the outside.
  • For security, it is recommended to periodically change the access key.
  • Access key replacement
    1. Create a new key with the CreateAccessKey API.
    2. Update the application to use the new access key.
    3. Call the GetAccessKeyLastUsed API to see if the old access key is still in use.
    4. If it is confirmed by step 3 that the old key is not currently in use, the old key is changed to an “inactive” state with UpdateAccessKey API.
    5. Use only the new access key to verify that the application works.
    6. After waiting for a certain period of time, the DeleteAccessKey API is called to delete the old access key.