Manage access keys
Learn how to use the Storage Access API to manage access keys for InsuranceSuite applications.
To manage access keys, you need to authenticate with Guidewire Hub and obtain an access token with the following scopes:
storage.accesskeys.write, tenant.{tenantId}storage.accesskeys.read, tenant.{tenantId}
Users with the write scope have the read scope granted automatically.
All sample requests in this guide include the following path parameters:
| Parameter name | Description |
|---|---|
tenantId | Your tenant ID. |
projectId | ID of the star system (physical star system) for which you modify user access keys. |
userType | Type of a user: - CDA for Cloud Data Access users. - IS for InsuranceSuite users. |
keyId | ID of the requested access key. |
withUsageData | When set to true, the last usage data is fetched, which may result in longer request time. |
Get IAM access keys details
To get the list of IAM access keys, along with their ID, creation date, and status, use the following GET request:
curl -X 'GET' \
'{baseUrl}/api/v2/tenants/{tenantId}/projects/{projectId}/users/{userType}/keys?withUsageData={withUsageData}' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {access_token}'
Response contains a JSON object with a list of access keys, for example:
[
{
"id": "AKIA1XAATLZ6PARE2IXS",
"creationDate": "2023-12-20T17:05:01Z",
"status": "Active"
}
]
Create an access key
You must create at least one access key for each IAM user. You can create a maximum of 2 keys at a time. An access key is valid for 350 days.
To create an access key, send the following POST request without a request body:
curl -X 'POST' \
'{baseUrl}/api/v2/tenants/{tenantId}/projects/{projectId}/users/{userType}/keys' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {access_token}'
Response contains a JSON object with a created access key, for example:
{
"id": "AKIA1XAATLZ6PARE2IXS",
"secret": "i+yysH3/mXsAShhZiMHEy2yS/7445jjYYc99ee",
"creationDate": "2024-01-03T20:36:41Z",
"status": "Active"
}
Update an access key status
To update access key status, send the following PATCH request:
curl -X 'PATCH' \
'{baseUrl}/api/v2/tenants/{tenantId}/projects/{projectId}/users/{userType}/keys/{keyId}' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {access_token}' \
-d '{body}'
Where {body} contains the enabled parameter which sets the key status to Active or Inactive.
For example, to enable an access key, use the following:
{
"enabled": "true"
}
For a successful request, you'll receive the 204 status code.
Delete an access key
To delete an access key, send the following DELETE request without a request body:
curl -X 'DELETE' \
'{baseUrl}/api/v2/tenants/{tenantId}/projects/{projectId}/users/{userType}/keys/{keyId}' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {access_token}'
For a successful request, you'll receive the 204 status code.