Getting Temporary Credentials for a Federated User

Last updated: 2019-04-17 16:41:15

    API Description

    This API (GetFederationToken) is used to obtain the temporary access credentials for a user with federated identity.
    Request domain name:

    sts.api.qcloud.com

    Input Parameters

    The following request parameter list only provides the API request parameters. Other parameters can be found in Common Request Parameters.

    Parameter Name Required Type Description
    name Yes String Nickname of the user with federated identity
    Policy Yes String Policy description.
    Notes:
    1. Policy should be URL-encoded (Before using GET to send an API request, you need to follow the cloud API specification to URL encode all request parameters). See [CAM Policy Syntax] (https://intl.cloud.tencent.com/document/product/598/10603)
    3. Policy should not contain the principal element.
    durationSeconds No Int The validity period of the temporary credentials (in sec). The default is 1,800 seconds. The maximum is 7,200 seconds.

    Output Parameters

    Parameter Name Type Description
    credentials credentials The object contains a triad of token, tmpSecretId and tmpSecretKey.
    expiredTime Int Expiration time of the certificate, expressed in a Unix timestamp with an accuracy down to seconds.

    Credential Data Structures

    Parameter Name Type Description
    token String Token value
    tmpSecretId String Temporary security certificate ID
    tmpSecretKey String Temporary security certificate Key

    Example

    Input

    https://sts.api.qcloud.com/v2/index.php?Action=GetFederationToken&name=nickName&policy=%7b%22version%22%3a%222.0%22%2c%22statement%22%3a%5b%7b%22action%22%3a%5b%22name%2fqcisa%3aGetInfoByFields%22%5d%2c%22resource%22%3a%5b%22qcs%3a%3aqcisa%3a%3auin%2f90000000000%3aqcisa%2fbigCustomerDetail%22%2c%22qcs%3a%3aqcisa%3a%3auin%2f90000000000%3aqcisa%2fuserDetail%22%2c%22qcs%3a%3aqcisa%3a%3auin%2f90000000000%3aqcisa%2fauthDetail%22%5d%2c%22effect%22%3a%22allow%22%7d%5d%7d&durationSeconds=1800&<Common request parameters>

    Output

    {
        "code": 0,
        "message": "",
        "codeDesc": "Success",
        "data": {
            "credentials": {
                "sessionToken": "9586a03c55b6cc088fb63461e88b4d4b5ceaeebf3",
                "tmpSecretId": "AKIDTs591htUbXKwmQryzpTvBF7nHZgdOlvv",
                "tmpSecretKey": "xjJhtujMq8E8tTcfbTFuRq8JMI7pQtHY"
            },
            "expiredTime": 1494309923
        }
    }

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help