Create a user in IAM for the person or system who will be calling the API, and put that user in at least one IAM group with any desired permissions. See Adding Users. You can skip this if the user exists already.
If you're using one of the Oracle SDKs or tools, supply the required credentials listed above in either a configuration file or a config object in the code. See SDK and CLI Configuration File. If you're instead building your own client, see Request Signatures.
This key pair is not the SSH key that you use to access compute instances. See Security Credentials.
Both the private key and public key must be in PEM format (not SSH-RSA format). The public key in PEM format looks something like this:
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
How to Generate an API Signing Key
You can use the following OpenSSL commands to generate the key pair in the required PEM format. If you're using Windows, you'll need to install Git Bash for Windows and run the commands with that tool.
If you haven't already, create a .oci directory to store the credentials:
Generate the private key with one of the following commands.
Recommended: To generate the key, encrypted with a passphrase you provide when prompted:
Note: For Windows, if you generated the private key with a passphrase, you may need to insert -passin stdin to be prompted for the passphrase. The prompt will just be the blinking cursor, with no text.
View the details for the user who will be calling the API with the key pair:
If you're signed in as this user, click your username in the top-right corner of the Console, and then click User Settings.
If you're an administrator doing this for another user, instead click Identity, click Users, and then select the user from the list.
Click Add Public Key.
Paste the contents of the PEM public key in the dialog box and click Add.
The key's fingerprint is displayed (for example, 12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:cd:ef).
Notice that after you've uploaded your first public key, you can also use the UploadApiKey API operation to upload additional keys. You can have up to three API key pairs per user. In an API request, you specify the key's fingerprint to indicate which key you're using to sign the request.