百度智能云

All Product Document

          Identity and Access Management

          STS Related Interface

          Currently, STS-related interfaces are only available for whitelist, so you need to apply for trail use, please contact Baidu AI Cloud IAM team.

          AssumeRole

          Interface description

          Access the temporary identity credential associated with the specific role.

          Permission description

          The request initiator needs to have a valid AccessKeyID and SecretAccessKey to initiate a request. Please see Authentication Certification.

          Request structure

          POST /v1/credential?assumeRole&accountId=dc9b5191440d4f93851ddffb4e942b75&roleName=testRole HTTP/1.1
          Content-Type: application/json
          Authorization: bce-auth-v1/04795b2a1d12490bbee94511b7b78d7e/2016-11-11T10:34:26Z/1800/host/9e5619677b3a461f5b95d061b88823634e8bbc0e6b46e5b3cecbb75f21906a3d
          Host: iam.baidubce-preonline.baidu.com:8586

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Description Parameter position Required or not
          durationSeconds String The validity period for temporary AK shall not be greater than 2h Query parameter No
          accountId String ID of the account where the role is Query parameter Yes
          userId String The user ID is not required, and shall not be concerned for normal scenario Query parameter No
          roleName String Role name Query parameter Yes
          authorization String For calculation method of verification string, please see Generate Verification String. header Yes
          acl String permission to be bound for the temporary identity credentials body No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          Parameter name Type Description Parameter position
          credential String Temporary identity credentials generated body

          Request example

          POST /v1/credential?assumeRole&accountId=dc9b5191440d4f93851ddffb4e942b75&roleName=testRole HTTP/1.1
          Content-Type: application/json
          Authorization: bce-auth-v1/04795b2a1d12490bbee94511b7b78d7e/2016-11-11T10:34:26Z/1800/host/9e5619677b3a461f5b95d061b88823634e8bbc0e6b46e5b3cecbb75f21906a3d
          Host: iam.baidubce-preonline.baidu.com:8586

          Response example

            {
               "accessKeyId": "785e811dec6a47308ce6da241b25b501",
               "secretAccessKey": "5a57d543676d46b9952e7354e3ac1060",
               "sessionToken": "NmViZDI1Nzg1NTM0NGExNmFlYzM2YjJiOGFkNDc2MWZ8AAAAAFgBAAD6a2SBhmOXBRCNraVyOShGIR5/j+CE4V5VLv9zmFM59tIsfxgCHkE7Z4ZKoeJGsDyQ7KjNasYZEenOf87/dVHgfoU7D1WSq00+E4QPqWBdOWj0nYCNQsFnf/TGHSZUAjRcPJmCF0al1Nve0+0AOPlRIYCH6RfphbDRbtCP9A+64ksGAQeQ0TEA20kYgIV3000R21j90cBRZiQjYSMYLYU67cjW0HDR0+Rp+db359Q9AAWwDkV1VGwdQjjf2d0j7QAc5W/sz+4fJKlsVZIfaL34CxQPuHED6g74USOZClWr2GkMJagJo8NI2suYSkBcmHI=",
               "createTime": "2016-11-11T10:34:53Z",
               "expiration": "2016-11-11T11:34:53Z",
               "userId": "dc9b5191440d4f93851ddffb4e942b75",
               "roleId": "aed8e56613f24e0e97597c1b0d29fcba"
             }        

          GetSessionToken

          Interface description

          Temporary identity credentials returned to the master account.

          Permission description

          The request initiator needs to have a valid AccessKeyID and SecretAccessKey to initiate a request. Please see Authentication Certification.

          Request structure

          POST /v1/sessionToken?durationSeconds=43200 HTTP/1.1
          Content-Type: application/json
          Authorization: bce-auth-v1/c1b351e39aaa464d9ee9038ff6cea440/2016-12-07T02:56:37Z/1800/host/3a55417c1f94c47829ca935103f5a3686bacfefddd80d18608dcabe4ade1d63e
          Host: iam.baidubce-preonline.baidu.com:8586

          Request header

          There are no other special headers except the public headers.

          Request parameter

          Parameter name Type Description Parameter position Required or not
          durationSeconds String The validity period for temporary AK shall not be greater than 36h, with the default to be 43200(12h) Query parameter No
          authorization String Authentication string of the master account header Yes
          acl String permission to be bound for the temporary identity credentials body No
          attachment String Some information bound with credential by business side body No

          Response header

          There are no other special headers except the public headers.

          Response parameter

          Parameter name Type Description Parameter position
          credential String Temporary identity credentials generated body

          Request example

          POST /v1/sessionToken?durationSeconds=43200 HTTP/1.1
          Content-Type: application/json
          Authorization: bce-auth-v1/c1b351e39aaa464d9ee9038ff6cea440/2016-12-07T02:56:37Z/1800/host/3a55417c1f94c47829ca935103f5a3686bacfefddd80d18608dcabe4ade1d63e
          Host: iam.baidubce-preonline.baidu.com:8586

          Response example

          {
            "accessKeyId": "1eccc6374fde485085c127d52a65b15e",
            "secretAccessKey": "30839b659fb74f1cbd9c581c07e68e33",
            "sessionToken": "NmViZDI1Nzg1NTM0NGExNmFlYzM2YjJiOGFkNDc2MWZ8AAAAADgBAADs/9cMh8x/tKTMErRX40h3MVvz0kaH2PM5rCoVhryOknELA+dSLwaGkTO+h3EoHgan97i0DxCBfplcJhtXkFpjRZmchw4CZbLFR9jEfgMeAkPiHHKovghQWVxQICZ1LB02Qu5QzUHjlREfPnxm5gcdBSt331+iwFwfPQbFYK5K1q5yOTSpngOz4uFCoZyTzfRXPZZMRRpJpI52T44hs67Pq3yVT6600q6EgoLM5y7gQeFS+hCOr8SjNjZ6XKbXYIE=",
            "createTime": "2016-12-07T02:58:05Z",
            "expiration": "2016-12-07T14:58:05Z",
            "userId": "dc9b5191440d4f93851ddffb4e942b75"
          }
          Previous
          Error Code
          Next
          Data Type