X-Auth Token Deprecation FAQs

In November 2022, Megaport released API keys to facilitate generation of authentication tokens for machine to machine communication to the Megaport API, removing the reliance on non-expiring X-Auth tokens. This has improved our security posture giving customer company admins and IT infosec managers additional control over access to Megaport’s API.

The benefits of API keys are a controlled authentication process, no need to embed user names and passwords when accessing the API, and the ability to create a company admin or read only API key.

Megaport will be phasing out the use of X-Auth tokens starting July 2023. Those accounts that have authenticated using X-Auth tokens with existing API integrations will be whitelisted so X-Auth tokens continue to function until 30 September 2023.

All accounts that have not previously accessed the API using X-Auth tokens must use API keys. On 1 October 2023, any existing X-Auth tokens will no longer be able to access the Megaport API. From this date, all customers must use API Keys to authenticate against the Megaport API.

Why is Megaport making a change to the API authentication?

We’re remediating security risks identified in the most recent penetration test conducted by a 3rd party auditor.

How do I know if I’m using X-Auth tokens?

Megaport will notify company admins and technical contacts of accounts we have logged using X-Auth tokens.

When do I need to stop using X-Auth?

If you have authenticated using an X-Auth token previously then it will continue to work until 30 September 2023. If you have never used X-Auth tokens, you must use API keys from now on.

Where can I find more information on API keys?

Information about creating API keys can be found here: Creating an API Key.

When will API keys be mandatory?

From 1 October 2023 all API authentication must use API keys.

What if I haven’t updated my API integrations to use API keys by 1 October?

The Megaport API will block access from X-Auth tokens.

When can I move to API keys?

Immediately. Each company can create up to 5 API keys.

How many API keys can I have on my Megaport account?

Each account has an allocation of 5 API keys. If you require more please contact your Account Manager or Megaport Support. For more information, see Contacting Support.

What permission do API keys have?

API keys can be read only or company admin (full read/write access to all supported functionality).