An AccessKey is equivalent to a logon password, but they are used in different scenarios. AccessKeys are used to directly call APIs, while logon passwords are used to log on to the console. You must create an AccessKey only if you must call APIs.

You can use the AccessKey to construct an API request (or use the cloud service SDK) for operating resources. An AccessKey is composed of an AccessKeyID and an AccessKeySecret.

  • The AccessKeyID is used to identify the user.
  • The AccessKeySecret is used to verify the user’s key, which is highly confidential.
Warning Do not use the AccessKey of the primary account. If it is disclosed, all your resources may be unsafe. Use the AccessKey of an RAM user account to reduce the risk of AccessKey disclosure.


  1. Log on to the RAM console.
  2. Click User on the left-side navigation pane.
  3. Click a target user to go to the user details page.
  4. Click Create AccessKey in the User AccessKey area.
  5. In the Create User Access Key dialog box, expandAccessKey Details to view the AcessKeyID and AccessKeySecret. Click Save AccessKey Information to download the AccessKey.
    Notice You must save your AccessKey as it is required in future and must keep it confidential.