Authentication methods in Selectel products
Authentication is required when working with Selectel products:
- via the control panel;
- using the API and tools.
Authentication in the control panel
Two independent factors are used to sign in to the control panel:
- the first factor is an email address and a user password;
- the second factor — a two-step authentication code, which can be retrieved from your list of backup codes, from an authenticator app, or via email.
Two-step authentication is enabled by default for all users. If you are an Account Owner, you can disable two-step authentication for your account and sign in using only the first factor. Other users cannot disable two-step authentication; they can only choose how to receive the second factor.
Authentication for API and tools
To authenticate requests to the Selectel product API, depending on the API and user type, you can use:
- IAM token (X-Auth-Token) for an account or project — generated on demand at the time of authentication, has a limited lifetime, and is supported in the API of most Selectel products;
- or a static token (X-Token, API key) — has no lifetime limit and is designed for working with APIs that do not yet support IAM tokens.
You can see which tokens are supported for each API and how to issue a token in the Request authentication section of the API documentation. If an API supports both an IAM token and a static token, we recommend using the IAM token.
In some cases, to authenticate when accessing third-party APIs and using automation tools, you can use:
- S3 key (EC2 key) — a pair of Access Key and Secret Key values, used for signing requests when working with AWS-based products: S3 and the Logs service. You can add an S3 key for yourself or issue one to another user;
- or a service user name and password – used for managing OpenStack and Terraform resources. To create them, use the Add a service user subsection of the Add a user guide.