All Products
Search

This Product

    Tablestore:API key management

    Document Center

    Tablestore:API key management

    Last Updated:Jun 22, 2026

    Tablestore supports API key authentication for Knowledge Store and Memory Store. You can create and revoke API keys independently without managing AccessKey pairs. API key access requires HTTPS.

    Authentication methods

    Tablestore supports the following authentication methods:

    Authentication method

    Use case

    Supported APIs

    AccessKey (AK/SK)

    Full access to all features

    All Tablestore APIs

    API key

    AI application integration without managing key pairs

    Knowledge Store and Memory Store APIs only

    Create an API key

    1. Log on to the Tablestore console.

    2. In the left-side navigation pane, click API Key.

    3. On the API Key Management page, click Create API Key.

    4. In the Create API Key dialog box, set Expiration Time.

    5. Click Create.

    Important

    Store the key value in a secure location. The key value is displayed only when the key is created and cannot be retrieved later.

    Use an API key

    You can access Knowledge Store and Memory Store with an API key by using an SDK or curl. API keys support all API operations for both services.

    Note

    API key access requires an HTTPS endpoint.

    SDK

    Python and TypeScript SDKs are available for Knowledge Store and Memory Store. To initialize the client, pass the api_key parameter instead of AccessKey credentials.

    Python

    Install the SDK.

    pip install tablestore-agent-storage

    The following example creates a knowledge base and performs a semantic search by using an API key:

    from tablestore_agent_storage import AgentStorageClient

# Initialize the client with an API key
client = AgentStorageClient(
    api_key="your-api-key",
    ots_endpoint="https://your-instance.cn-beijing.ots.aliyuncs.com",
    ots_instance_name="your-instance-name",
)

# Create a knowledge base
client.create_knowledge_base({"knowledgeBaseName": "product_docs"})

# List knowledge bases
response = client.list_knowledge_base()
for kb in response["data"]["knowledgeBases"]:
    print(kb["knowledgeBaseName"])

# Retrieve from a knowledge base
results = client.retrieve({
    "knowledgeBaseName": "product_docs",
    "retrievalQuery": {"type": "TEXT", "text": "your query"}
})
for item in results["data"]["retrievalResults"]:
    print(item["content"])

    TypeScript

    Install the SDK.

    npm install @tablestore/agent-storage

    The following example creates a knowledge base and performs a semantic search by using an API key:

    import { AgentStorageClient } from '@tablestore/agent-storage';

// Initialize the client with an API key
const client = new AgentStorageClient({
  apiKey: 'your-api-key',
  endpoint: 'https://your-instance.cn-beijing.ots.aliyuncs.com',
  instanceName: 'your-instance-name',
});

// Create a knowledge base
await client.createKnowledgeBase({ knowledgeBaseName: 'product_docs' });

// List knowledge bases
const response = await client.listKnowledgeBase({});
for (const kb of response.data.knowledgeBases) {
  console.log(kb.knowledgeBaseName);
}

// Retrieve from a knowledge base
const results = await client.retrieve({
  knowledgeBaseName: 'product_docs',
  retrievalQuery: { type: 'TEXT', text: 'your query' },
});
for (const item of results.data.retrievalResults) {
  console.log(item.content);
}

    curl

    Include the x-ots-apikey and x-ots-instancename headers in your HTTP requests.

    The following example creates a knowledge base by using curl:

    curl -X POST 'https://your-instance.cn-beijing.ots.aliyuncs.com/CreateKnowledgeBase' \
  -H 'x-ots-instancename: your-instance-name' \
  -H 'x-ots-apikey: your-api-key' \
  -H 'Content-Type: application/json' \
  -d '{"knowledgeBaseName": "product_docs"}'

    The following example lists all knowledge bases by using curl:

    curl -X POST 'https://your-instance.cn-beijing.ots.aliyuncs.com/ListKnowledgeBase' \
  -H 'x-ots-instancename: your-instance-name' \
  -H 'x-ots-apikey: your-api-key' \
  -H 'Content-Type: application/json' \
  -d '{}'

    Limitations

    • API keys only support Knowledge Store and Memory Store APIs. To access other Tablestore APIs, use AccessKey authentication.

    • When you create an API key, a dedicated RAM user is created with the AliyunOTSFullAccess policy attached. The API key inherits the permissions of this RAM user. To adjust permissions, modify the user policy in the RAM console.

    • If the RAM user lacks either the API operation permission or the ots:CallWithBearerToken permission, requests to Knowledge Store and Memory Store through the API key fail.