All Products
Search
Document Center

OpenSearch:Manage API keys

Last Updated:Sep 19, 2024

To access OpenSearch LLM-based Conversational Search Edition API or SDK, you must be authorized and authenticated. This topic describes the authorization and authentication methods used by OpenSearch LLM-based Conversational Search Edition and how to manage API keys.

API call authorization

OpenSearch LLM-based Conversational Search Edition uses API keys to authorize API calls. You can create and enable a maximum of 10 API keys for each instance.

Important

Take note of the following items to protect API keys against disclosure:

  • Do not expose API keys in any way to prevent security risks or financial loss due to unauthorized use.

  • Make sure that all API calls are initiated only from servers. Any API calls initiated from a client, such as a browser, app, or mini program, may cause the disclosure of API keys.

  • If suspicious API key disclosure is found, log on to the OpenSearch console to disable and then delete the API key. After an API key is disabled, you cannot call OpenSearch LLM-based Conversational Search Edition API by using the API key.

API call authentication

OpenSearch LLM-based Conversational Search Edition uses AccessKey pairs to authenticate API calls. An AccessKey pair is a permanent credential provided by Alibaba Cloud to users, and consists of an AccessKey ID and an AccessKey secret.

AccessKey pairs are not used to log on to the Alibaba Cloud Management Console. They are used to access Alibaba Cloud services by using development tools such as APIs, CLI, SDKs, and Terraform. For each request, a signature is generated based on the request content that is encrypted by using an AccessKey ID and an AccessKey secret. The signature is used to verify the identity of the caller and the request validity.

We recommend that you create a Resource Access Management (RAM) user for calling API operations, create an AccessKey pair for the RAM user, and grant permissions to the RAM user based on the least privilege principle. Then, the RAM user can call API operations to perform service development. For more information about AccessKey pairs, see Authentication and authorization. For more information about how to create and grant permissions to a RAM user, see Create RAM users and grant permissions.

Procedure

  1. Log on to the OpenSearch console.

  2. In the top navigation bar, select the region in which your instance resides. In the upper-left corner, select OpenSearch LLM-Based Conversational Search Edition.

  3. On the Instance Management page, find the instance that you want to manage and click Manage in the Actions column. In the left-side pane, click API keys.

  4. Click Create API Key. The system generates an API key. Click Copy to save the API key or Download CSV File to download the API key as a CSV file.

  5. After you save the API key, select I have saved my API KEY and click OK.

    0731.png

    • Edit: Add a description for the API key.

    • View: View the API key.

    • Disable or Enable: Disable or enable the API key. An API key that is disabled cannot be used to call OpenSearch LLM-based Conversational Search Edition API.

    • Delete: Delete the API key that is disabled.