# Service endpoints for Amazon Keyspaces
<a name="programmatic.endpoints"></a>

**Topics**
+ [Ports and protocols](#ports)
+ [China Regions endpoints](#china_endpoints)

## Ports and protocols
<a name="ports"></a>

You can access Amazon Keyspaces programmatically by running a `cqlsh` client, with an Apache 2.0 licensed Cassandra driver, or by using the Amazon CLI and the Amazon SDK. 

The following table shows the ports and protocols for the different access mechanisms.


| Programmatic Access | Port | Protocol | 
| --- | --- | --- | 
| CQLSH | 9142 | TLS | 
| Cassandra Driver | 9142 | TLS | 
| Amazon CLI | 443 | HTTPS | 
| Amazon SDK | 443 | HTTPS | 

 For TLS connections, Amazon Keyspaces uses certificates issued under Amazon Trust Services (Amazon Root CAs 1–4) to authenticate against the server. For more information, see [How to manually configure `cqlsh` connections for TLS](programmatic.cqlsh.md#encrypt_using_tls) or the [Before you begin](using_java_driver.md#using_java_driver.BeforeYouBegin) section of your driver in the [Using a Cassandra client driver to access Amazon Keyspaces programmatically](programmatic.drivers.md) chapter.

## China Regions endpoints
<a name="china_endpoints"></a>

Amazon Keyspaces supports IPv4 endpoints in the Amazon China Regions. 

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/keyspaces/latest/devguide/programmatic.endpoints.html)