Skip to main content

Service accounts

Service accounts are specialized identities designed to represent non-human entities, such as automated processes, servers, IoT devices, and more, that need to communicate with MARCO.

Authenticating these accounts securely is crucial, and this is achieved using service account keys.

Authentication methods

MARCO offers multiple methods for user authentication.

API key authentication

With API key authentication, a unique API key is generated for a specific service account.

This key acts as a digital signature, allowing the service account to make authorized requests to an API.


While this method can be used to authenticate Service accounts, it's advisable to utilize the key file for production purposes.

To create an API token, see API Key authentication.

Key file authentication

Key file authentication is a robust method that uses a private key to sign JWTs, ensuring the integrity and authenticity of the token.

This method is particularly suitable for server-to-server interactions where high security is paramount.

The key file approach offers enhanced security because it relies on private cryptographic keys that are less susceptible to common vulnerabilities, ensuring a more robust and secure authentication process.

To create a key file for your service account, see Key file authentication.

Identity permissions

To understand how to manage permissions for service account keys, refer to the IAM privileges section.

See also