To interact with the OpenSearch Developer Console service via API/SDK, identity authentication or authorization is required. This document outlines the available methods for verifying and granting access to user identities.
API call authentication (recommended)
The OpenSearch Developer Console offers API Key-based authentication for API/SDK calls.
Access the OpenSearch Developer Console to create and manage API Keys within a designated workspace. To allow other RAM users to utilize an API Key in a given workspace, first assign the necessary API Key to the RAM user.
API Keys are workspace-specific in the OpenSearch Developer Console. A RAM user with an enabled API Key for a workspace can invoke all services within that workspace via API/SDK without additional authorization.
To prevent API Key exposure:
Avoid disclosing the API Key to mitigate security threats and potential financial losses from unauthorized use.
Initiate API calls exclusively from the server side. Client-side calls from browsers, apps, or miniapps risk exposing the API Key.
If an API Key leak is suspected, disable and delete it via the OpenSearch Developer Console. A disabled API Key cannot be used for API calls.
API call authorization
Alibaba Cloud provides a permanent access credential, AccessKey (AK), for API/SDK call authorization, which includes an AccessKey ID and AccessKey Secret key pair.
While AKs are not for console logins, they are essential for accessing Alibaba Cloud services through development tools such as API, CLI, SDK, and Terraform. Requests must include the AccessKey ID and a signature, which is generated by encrypting the request content with the AccessKey Secret, to authenticate identity and verify request integrity.
It is advisable to create a RAM user specifically for API access and generate the corresponding AK. After assigning the minimum necessary permissions, use this AK to call the Developer Console service via API.
To reduce security risks associated with embedding AKs in code, manage AccessKeys using environment variables. For more information, see configure environment variables in Linux, macOS, and Windows systems.