STS-Related Interfaces

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
All documents
menu
No results found, please re-enter

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
  • Document center
  • arrow
  • IAMIAM
  • arrow
  • API Reference
  • arrow
  • STS-Related Interfaces
Table of contents on this page
  • AssumeRole
  • GetSessionToken

STS-Related Interfaces

Updated at:2025-10-27

Currently, STS-related APIs are only available to allow list users. For trial access, please contact the Baidu AI Cloud IAM team.

AssumeRole

API description

Retrieve temporary identity credentials linked to the specified role.

Permission description

The request initiator needs to possess legal AccessKeyID and SecretAccessKey to initiate the request. Please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Request structure

Plain Text 
1POST /v1/credential?assumeRole&accountId=dc9b5191440d4f93851ddffb4e942b75&roleName=testRole HTTP/1.1
2Content-Type: application/json
3Authorization: bce-auth-v1/04795b2a1d12490bbee94511b7b78d7e/2016-11-11T10:34:26Z/1800/host/9e5619677b3a461f5b95d061b88823634e8bbc0e6b46e5b3cecbb75f21906a3d
4Host: sts.bj.baidubce.com

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Description Parameter location Required or not
durationSeconds String The validity period of temporary access key must not exceed 2 hours Query No
accountId String ID of the account to which the role belongs Query Yes
userId String User ID, optional and generally not required for common scenarios Query No
roleName String Role name Query Yes
authorization String For the certification string, please refer to [Generate Certification String](Reference/Authentication mechanism/Generate Authentication String.md) header Yes
accessControlList String Permissions bound to temporary identity credentials body No

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description Parameter location
credential String Generated temporary identity credentials body

Request example

Plain Text 
1POST /v1/credential?assumeRole&accountId=dc9b5191440d4f93851ddffb4e942b75&roleName=testRole HTTP/1.1
2Content-Type: application/json
3Authorization: bce-auth-v1/04795b2a1d12490bbee94511b7b78d7e/2016-11-11T10:34:26Z/1800/host/9e5619677b3a461f5b95d061b88823634e8bbc0e6b46e5b3cecbb75f21906a3d
4Host: sts.bj.baidubce.com

Response example

Plain Text 
1  {
2     "accessKeyId": "785e811dec6a47308ce6da241b25b501",
3     "secretAccessKey": "5a57d543676d46b9952e7354e3ac1060",
4     "sessionToken": "NmViZDI1Nzg1NTM0NGExNmFlYzM2YjJiOGFkNDc2MWZ8AAAAAFgBAAD6a2SBhmOXBRCNraVyOShGIR5/j+CE4V5VLv9zmFM59tIsfxgCHkE7Z4ZKoeJGsDyQ7KjNasYZEenOf87/dVHgfoU7D1WSq00+E4QPqWBdOWj0nYCNQsFnf/TGHSZUAjRcPJmCF0al1Nve0+0AOPlRIYCH6RfphbDRbtCP9A+64ksGAQeQ0TEA20kYgIV3000R21j90cBRZiQjYSMYLYU67cjW0HDR0+Rp+db359Q9AAWwDkV1VGwdQjjf2d0j7QAc5W/sz+4fJKlsVZIfaL34CxQPuHED6g74USOZClWr2GkMJagJo8NI2suYSkBcmHI=",
5     "createTime": "2016-11-11T10:34:53Z",
6     "expiration": "2016-11-11T11:34:53Z",
7     "userId": "dc9b5191440d4f93851ddffb4e942b75",
8     "roleId": "aed8e56613f24e0e97597c1b0d29fcba"
9   }

GetSessionToken

API description

Get temporary identity credentials for the root account.

Permission description

The request initiator needs to have legal AccessKeyID and SecretAccessKey to initiate the request. Please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Request structure

Plain Text 
1POST /v1/sessionToken?durationSeconds=43200 HTTP/1.1
2Content-Type: application/json
3Authorization: bce-auth-v1/c1b351e39aaa464d9ee9038ff6cea440/2016-12-07T02:56:37Z/1800/host/3a55417c1f94c47829ca935103f5a3686bacfefddd80d18608dcabe4ade1d63e
4Host: sts.bj.baidubce.com

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Description Parameter location Required or not
durationSeconds String The validity period of temporary AKs cannot exceed 36h, defaulted as 43,200 (12h) Query No
authorization String Certification string of root account header Yes
accessControlList String Permissions bound to temporary identity credentials body No
attachment String Some information bound to the credential by the service party body No

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description Parameter location
credential String Generated temporary identity credentials body

Request example

Plain Text 
1POST /v1/sessionToken?durationSeconds=43200 HTTP/1.1
2Content-Type: application/json
3Authorization: bce-auth-v1/c1b351e39aaa464d9ee9038ff6cea440/2016-12-07T02:56:37Z/1800/host/3a55417c1f94c47829ca935103f5a3686bacfefddd80d18608dcabe4ade1d63e
4Host: sts.bj.baidubce.com

Response example

Plain Text 
1{
2  “accessKeyId”: “1eccc6374fde485085c127d52a65b15e”,
3  “secretAccessKey”: “30839b659fb74f1cbd9c581c07e68e33”,
4  “sessionToken”: “NmViZDI1Nzg1NTM0NGExNmFlYzM2YjJiOGFkNDc2MWZ8AAAAADgBAADs/9cMh8x/tKTMErRX40h3MVvz0kaH2PM5rCoVhryOknELA+dSLwaGkTO+h3EoHgan97i0DxCBfplcJhtXkFpjRZmchw4CZbLFR9jEfgMeAkPiHHKovghQWVxQICZ1LB02Qu5QzUHjlREfPnxm5gcdBSt331+iwFwfPQbFYK5K1q5yOTSpngOz4uFCoZyTzfRXPZZMRRpJpI52T44hs67Pq3yVT6600q6EgoLM5y7gQeFS+hCOr8SjNjZ6XKbXYIE=”,
5  “createTime”: “2016-12-07T02:58:05Z”,
6  “expiration”: “2016-12-07T14:58:05Z”,
7  “userId”: “dc9b5191440d4f93851ddffb4e942b75”
8}

Previous
Service domain
Next
API Reference_IAM