To use Watson Machine Learning with the Python client library or the REST API, you must authenticate to secure your work. Learn about the different ways to authenticate and how to apply them to the service of your choosing.
You use IBM Cloud® Identity and Access Management (IAM) to make authenticated requests to public IBM Watson™ services. With IAM access policies, you can assign access to more than one resource from a single key. In addition, a user, service ID,
and service instance can hold multiple API keys.
Security overview
Copy link to section
Refer to the section that describes your security needs.
These terms relate to the security requirements described in this topic.
API keys allow you to easily authenticate when you are using the Python client or APIs and can be used across multiple services. API Keys are considered confidential because they are used to grant access. Treat all API keys
as you would a password because anyone with your API key can access your service.
An IAM token is an authentication token that is required to access IBM Cloud services. You can generate a token by using your API key in the token request. For details on using IAM tokens, refer to Authenticating to Watson Machine Learning API.
To authenticate to a service through its API, pass your credentials to the API. You can pass either a bearer token in an authorization header or an API key.
Generating an API key
Copy link to section
To generate an API key from your IBM Cloud user account, go to Manage access and users - API Keys and create or select an API key for your user account.
You can also generate and rotate API keys from Profile and settings > User API key. For more information, see Managing the user API key.
Authenticate with an IAM token
Copy link to section
IAM tokens are temporary security credentials that are valid for 60 minutes. When a token expires, you generate a new one. Tokens can be useful for temporary access to resources. For more information, see Generating an IBM Cloud IAM token by using an API key.
Getting a service-level token
Copy link to section
You can also authenticate with a service-level token. To generate a service-level token:
Even though you do not explicitly provide an instance_id, it will be picked up from the associated space or project for billing purposes. For details on plans and billing for Watson Machine Learning services, refer to Watson Machine Learning plans and runtime usage.
Refer to sample notebooks for examples of how to authenticate and then score a model by using the Python client.
To use the Watson Machine Learning REST API, you must obtain an IBM Cloud Identity and Access Management (IAM) token. In this example, you would supply your API key in place of the example key.
About cookies on this siteOur websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising.For more information, please review your cookie preferences options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.