Service Accounts
Service accounts are for programmatic API access (CI/CD, integrations, etc.). They authenticate with API keys instead of passwords.
Overview
A Service Account is a non-human actor that can:
- Access the API programmatically
- Use HMAC-based authentication (more secure than JWT for automation)
- Have the same permission model as users (policies and groups)
Use cases:
- CI/CD pipelines
- Background jobs
- Third-party integrations
- Mobile/web app backends
In This Section
:maxdepth: 1
creating-service-accounts
api-keys
hmac-authentication
best-practices
troubleshooting
Quick Example
from pdaas import Client
# Authenticate as user
client = Client(
base_url="https://api.console.solucao42.com.br",
email="[email protected]",
password="password",
organization_slug="myorg"
)
# Create service account
sa = client.service_accounts.create(
name="CI/CD Bot",
account_id="acc-123",
description="Automated deployment"
)
# Issue API key
key = client.service_accounts.issue_key(
service_account_id=sa["id"],
description="Production key"
)
# Store the secret securely!
print(f"Access Key: {key['access_key']}")
print(f"Secret Key: {key['secret_key']}") # Only shown once!
Key Features
- HMAC Authentication - Cryptographic request signing
- Anti-Replay Protection - Nonce tracking prevents replay attacks
- API Key Management - Issue, list, and revoke keys
- IP Allowlists - Restrict access by IP address
- Same IAM Model - Policies and groups work identically to users
- Audit Logging - Track all service account operations
Common Patterns
Pattern 1: CI/CD Pipeline
import os
from pdaas import Client
# In your CI/CD script
client = Client(
base_url=os.environ['PDAAS_API_URL'],
access_key=os.environ['PDAAS_ACCESS_KEY'],
secret_key=os.environ['PDAAS_SECRET_KEY']
)
# Deploy logic here...
Pattern 2: Background Job
from pdaas import Client
def process_job():
client = Client(
base_url="https://api.console.solucao42.com.br",
access_key="sa_myorg_acc123_xyz",
secret_key="secret_from_env"
)
# Do work with API access
result = client.organizations.get_info()
# ...
Next Steps
- Creating Service Accounts - Step-by-step guide
- API Keys Management - Issue and revoke keys
- HMAC Authentication - Understand the crypto
- Best Practices - Security recommendations