Authentication methods in Servercore products
Authentication is required when working with Servercore products:
- via the control panel;
- using the API and tools.
Authentication in the control panel
Two independent factors are used to sign in to the control panel:
- the first factor is an email address and a user password;
- the second factor — a two-step authentication code, which can be retrieved from your list of backup codes, from an authenticator app, or via email.
Two-factor authentication is enabled by default for all users. If you are an Account Owner, you can disable two-factor authentication for yourself and use only the first factor to sign in. Other users cannot disable two-factor authentication; they can only choose the method for receiving the second factor.
Authentication for API and tools
To authenticate requests to the Servercore product API, depending on the API and user type, you can use:
- IAM token (X-Auth-Token) for an account or project — generated on demand at the time of authentication, has a limited lifetime, and is supported in the API of most Servercore products;
- or a static token (X-Token, API key) — has no lifetime limit and is designed for working with APIs that do not yet support IAM tokens.
To see which tokens are supported for each API and how to issue a token, refer to the Request Authorization instruction in the API documentation. If an API supports both an IAM token and a static token, we recommend using an IAM token.
In some cases, to authenticate when accessing third-party APIs and using automation tools, you can use:
- S3 key (EC2 key) — a pair of Access Key and Secret Key values, used for signing requests when working with AWS-based products: S3 and the Logs service. You can add an S3 key for yourself or issue one to another user;
- or a service user name and password – used for managing OpenStack and Terraform resources. To create them, use the Add a service user subsection of the Add a user guide.