STS Related Interface
Currently, STS-related interfaces are only available for whitelist, so you need to apply for trail use, please contact Baidu AI Cloud IAM team.
AssumeRole
Interface description
Access the temporary identity credential associated with the specific role.
Permission description
The request initiator needs to have a valid AccessKeyID and SecretAccessKey to initiate a request. Please see Authentication Certification.
Request structure
POST /v1/credential?assumeRole&accountId=dc9b5191440d4f93851ddffb4e942b75&roleName=testRole HTTP/1.1
Content-Type: application/json
Authorization: bce-auth-v1/04795b2a1d12490bbee94511b7b78d7e/2016-11-11T10:34:26Z/1800/host/9e5619677b3a461f5b95d061b88823634e8bbc0e6b46e5b3cecbb75f21906a3d
Host: iam.baidubce-preonline.baidu.com:8586Request header
There are no other special headers except the public headers.
Request parameter
| Parameter name | Type | Description | Parameter position | Required or not |
|---|---|---|---|---|
| durationSeconds | String | The validity period for temporary AK shall not be greater than 2h | Query parameter | No |
| accountId | String | ID of the account where the role is | Query parameter | Yes |
| userId | String | The user ID is not required, and shall not be concerned for normal scenario | Query parameter | No |
| roleName | String | Role name | Query parameter | Yes |
| authorization | String | For calculation method of verification string, please see Generate Verification String. | header | Yes |
| acl | String | permission to be bound for the temporary identity credentials | body | No |
Response header
There are no other special headers except the public headers.
Response parameter
| Parameter name | Type | Description | Parameter position |
|---|---|---|---|
| credential | String | Temporary identity credentials generated | body |
Request example
POST /v1/credential?assumeRole&accountId=dc9b5191440d4f93851ddffb4e942b75&roleName=testRole HTTP/1.1
Content-Type: application/json
Authorization: bce-auth-v1/04795b2a1d12490bbee94511b7b78d7e/2016-11-11T10:34:26Z/1800/host/9e5619677b3a461f5b95d061b88823634e8bbc0e6b46e5b3cecbb75f21906a3d
Host: iam.baidubce-preonline.baidu.com:8586Response example
{
"accessKeyId": "785e811dec6a47308ce6da241b25b501",
"secretAccessKey": "5a57d543676d46b9952e7354e3ac1060",
"sessionToken": "NmViZDI1Nzg1NTM0NGExNmFlYzM2YjJiOGFkNDc2MWZ8AAAAAFgBAAD6a2SBhmOXBRCNraVyOShGIR5/j+CE4V5VLv9zmFM59tIsfxgCHkE7Z4ZKoeJGsDyQ7KjNasYZEenOf87/dVHgfoU7D1WSq00+E4QPqWBdOWj0nYCNQsFnf/TGHSZUAjRcPJmCF0al1Nve0+0AOPlRIYCH6RfphbDRbtCP9A+64ksGAQeQ0TEA20kYgIV3000R21j90cBRZiQjYSMYLYU67cjW0HDR0+Rp+db359Q9AAWwDkV1VGwdQjjf2d0j7QAc5W/sz+4fJKlsVZIfaL34CxQPuHED6g74USOZClWr2GkMJagJo8NI2suYSkBcmHI=",
"createTime": "2016-11-11T10:34:53Z",
"expiration": "2016-11-11T11:34:53Z",
"userId": "dc9b5191440d4f93851ddffb4e942b75",
"roleId": "aed8e56613f24e0e97597c1b0d29fcba"
} GetSessionToken
Interface description
Temporary identity credentials returned to the master account.
Permission description
The request initiator needs to have a valid AccessKeyID and SecretAccessKey to initiate a request. Please see Authentication Certification.
Request structure
POST /v1/sessionToken?durationSeconds=43200 HTTP/1.1
Content-Type: application/json
Authorization: bce-auth-v1/c1b351e39aaa464d9ee9038ff6cea440/2016-12-07T02:56:37Z/1800/host/3a55417c1f94c47829ca935103f5a3686bacfefddd80d18608dcabe4ade1d63e
Host: iam.baidubce-preonline.baidu.com:8586Request header
There are no other special headers except the public headers.
Request parameter
| Parameter name | Type | Description | Parameter position | Required or not |
|---|---|---|---|---|
| durationSeconds | String | The validity period for temporary AK shall not be greater than 36h, with the default to be 43200(12h) | Query parameter | No |
| authorization | String | Authentication string of the master account | header | Yes |
| acl | String | permission to be bound for the temporary identity credentials | body | No |
| attachment | String | Some information bound with credential by business side | body | No |
Response header
There are no other special headers except the public headers.
Response parameter
| Parameter name | Type | Description | Parameter position |
|---|---|---|---|
| credential | String | Temporary identity credentials generated | body |
Request example
POST /v1/sessionToken?durationSeconds=43200 HTTP/1.1
Content-Type: application/json
Authorization: bce-auth-v1/c1b351e39aaa464d9ee9038ff6cea440/2016-12-07T02:56:37Z/1800/host/3a55417c1f94c47829ca935103f5a3686bacfefddd80d18608dcabe4ade1d63e
Host: iam.baidubce-preonline.baidu.com:8586Response example
{
"accessKeyId": "1eccc6374fde485085c127d52a65b15e",
"secretAccessKey": "30839b659fb74f1cbd9c581c07e68e33",
"sessionToken": "NmViZDI1Nzg1NTM0NGExNmFlYzM2YjJiOGFkNDc2MWZ8AAAAADgBAADs/9cMh8x/tKTMErRX40h3MVvz0kaH2PM5rCoVhryOknELA+dSLwaGkTO+h3EoHgan97i0DxCBfplcJhtXkFpjRZmchw4CZbLFR9jEfgMeAkPiHHKovghQWVxQICZ1LB02Qu5QzUHjlREfPnxm5gcdBSt331+iwFwfPQbFYK5K1q5yOTSpngOz4uFCoZyTzfRXPZZMRRpJpI52T44hs67Pq3yVT6600q6EgoLM5y7gQeFS+hCOr8SjNjZ6XKbXYIE=",
"createTime": "2016-12-07T02:58:05Z",
"expiration": "2016-12-07T14:58:05Z",
"userId": "dc9b5191440d4f93851ddffb4e942b75"
}