Skip to main content

Authorization

Follow this guide to create a new Fastly credential that will allow Nexla to authenticate to and exchange data with your Fastly account.
fastly_api_auth.png

Fastly

Prerequisites

To connect Nexla to Fastly, you need a Fastly API token with appropriate scopes. Fastly uses token-based authentication for all API requests — tokens are passed in the Fastly-Key HTTP header with each request.

Fastly Account Requirements

  • An active Fastly account. Sign up at fastly.com if you do not already have one.
  • A Fastly user role of Engineer or higher is required to create personal API tokens. Superuser role is required to create automation tokens.

Create a Fastly API Token

Fastly supports two types of API tokens:

  • Personal tokens — Created by individual users and tied to their account permissions. Suitable for development and testing.
  • Automation tokens — Service accounts intended for non-human clients such as CI/CD pipelines and integrations. Can only be created by superusers.

For production Nexla integrations, an automation token is recommended. For initial setup and testing, a personal token is sufficient.

Create a Personal API Token

  1. Sign in to the Fastly control panel.

  2. Click your username in the upper right corner, then select Account from the dropdown menu.

  3. In the left navigation, click API tokens, then select Personal tokens.

  4. Click the Create token button.

  5. When prompted, re-enter your password to confirm your identity.

  6. In the Name field, enter a descriptive name that identifies the token's purpose (for example, Nexla Integration).

  7. Under Scope, select the appropriate access level for the integration:

    • global — Full read/write access to all account resources (default). Required for Nexla flows that both read and write data.
    • global:read — Read-only access to account information, configuration, and statistics. Suitable for Nexla data source flows only.
    • purge_all — Allows purging all cached objects for a service. Required for purge destination flows.
    • purge_select — Allows purging by URL or surrogate key. Required for targeted cache invalidation flows.

  8. Optionally, under Service access, restrict the token to specific services. If left unrestricted, the token will have access to all services in your account.

  9. Optionally, set a token expiration date under Expiry to enforce credential rotation policies.

  10. Click Create Token.

Important

After the token is created, it will be displayed only once. Copy the token string immediately and store it in a secure location such as a password manager or secrets vault. You will not be able to view the token value again.

For complete information about Fastly API token types, scopes, and best practices, refer to the Fastly API token documentation.

Create an Automation Token (Superuser Required)

Automation tokens are recommended for production integrations because they are not tied to a specific user account and remain valid even if a team member leaves.

  1. Sign in to the Fastly control panel with a superuser account.

  2. Navigate to Account > API tokens > Automation tokens.

  3. Click Create token and enter your password when prompted.

  4. Enter a descriptive Name for the token (for example, Nexla Automation).

  5. Configure the Scope and Service access as described in the personal token steps above.

  6. Click Create Token, and copy the token string immediately.

Create a Fastly Credential

  • To create a new Fastly credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

API Key

  1. Enter your Fastly API token in the API Key Value field. This is the token string you copied when creating the token in the Fastly control panel. The token is passed as the Fastly-Key HTTP header with every API request Nexla makes to Fastly on your behalf.

    Ensure that the API token has the scopes required for the operations you intend to perform. Read-only flows (data sources) require at minimum the global:read scope, while write operations (destinations, purging) require the global or operation-specific scopes such as purge_all or purge_select.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.