Mechanical Turk is pleased to announce an improvement to the Mechanical Turk API. You can now use the Mechanical Turk API without using your root AWS account credentials to authenticate requests. This is made possible with AWS Identity Access Management (IAM). To get started, please review our Getting Started Guide.

IAM allows you to securely control access to AWS resources. Once you’ve created an IAM user, you use the AWS Management Console to grant permission to access the Mechanical Turk API. The IAM user credentials can then be used instead of your root AWS account credentials to authenticate your Mechanical Turk API calls.

A user with access to root AWS account credentials has access to all AWS resources; using IAM user credentials to authenticate your Mechanical Turk API requests allows you to better secure access to AWS resources within your organization. For example, an IAM user can be given permission to use the Mechanical Turk API but not EC2.

The type of access an IAM user has to the Mechanical Turk API can also be controlled; IAM users can be granted full access to all API methods, read-only access, or access limited to specified API methods. Please note, however, that IAM user credentials cannot be used to log into the Requester website.

Learn more about using IAM credentials with the Amazon Mechanical Turk API in our Getting Started Guide.