Identity and Access Management (IAM) User Authentication Options for OCI API Endpoints

BE.

The two authentication options that can be used to create an IAM user that can authenticate to OCI API endpoints but cannot log into the OCI console are:

B. API signing key E. Auth token.

API signing key is a security mechanism that uses a pair of public and private keys to sign and authenticate API requests. When an IAM user wants to access an API endpoint, they use their private key to sign the request. The API endpoint can then verify the signature using the public key to ensure that the request came from the expected source. This authentication mechanism provides secure access to the API endpoints without the need for the IAM user to log in to the OCI console.

Auth token is a short-lived token that can be used to authenticate to OCI API endpoints. It can be generated using the OCI Console or the OCI API. An IAM user can use the auth token to make API requests without the need for a username and password or other credentials. The auth token is valid only for a limited time, and it can be revoked at any time. This authentication mechanism provides secure access to the API endpoints without the need for the IAM user to log in to the OCI console.

A. SSL certificate is not a valid authentication option because it is used to secure network communications and does not provide user authentication.

C. SSH key pair is not a valid authentication option because it is used for remote access to servers and does not provide user authentication.

D. PEM Certificate file is not a valid authentication option because it is used to secure network communications and does not provide user authentication.