Best practices

Consider these points when authenticating via a third-party cloud provider.

We recommend the following:

  • Use only a property that has an akamaized hostname with third-party cloud authentication to either retrieve objects from the origin, or for read-only bucket operations.
  • Use two separate sets of cloud provider Access Keys, with one dedicated to GET operations and another intended for POST, PUT or DELETE operations. All GET operations should be set up to use a property via Property Manager. For POST, PUT and DELETE operations, you should use the APIs/SDKs offered by the associated cloud provider.
  • Regularly rotate the cloud provider Access Keys. This reduces the likelihood of unauthorized diversion of confidential information.
  • Currently, only the Authorization header is supported. This means that if you're using query string parameters with this authentication, each query parameter in the incoming client request must be sorted alphabetically, and URL encoded.