1. API Description
Domain name for API request: sts.tencentcloudapi.com.
This API is used to request for the temporary security credentials of a role.
A maximum of 600 requests can be initiated per second for this API.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: AssumeRole. |
| Version | Yes | String | Common Params. The value used for this API: 2018-08-13. |
| Region | Yes | String | Common Params. For more information, please see the list of regions supported by the product. |
| RoleArn | Yes | String | Resource descriptions of a role, which can be obtained by clicking the role name in the CAM console. General role: qcs::cam::uin/12345678:role/4611686018427397919, qcs::cam::uin/12345678:roleName/testRoleName Service role: qcs::cam::uin/12345678:role/tencentcloudServiceRole/4611686018427397920, qcs::cam::uin/12345678:role/tencentcloudServiceRoleName/testServiceRoleName |
| RoleSessionName | Yes | String | User-defined temporary session name. It can contain 2-128 letters, digits, and symbols (=,.@-). Regex: [\w+=,.@-]* |
| DurationSeconds | No | Integer | Specifies the validity period of credentials in seconds. Default value: 7200. Maximum value: 43200 |
| Policy | No | String | Policy description Note: 1. The policy needs to be URL-encoded (if you request a TencentCloud API through the GET method, all parameters must be URL-encoded again in accordance with Signature v3 before the request is sent). 2. For the policy syntax, please see CAM's Syntax Logic. 3. The policy cannot contain the principal element. |
| ExternalId | No | String | External role ID, which can be obtained by clicking the role name in the CAM console. It can contain 2-128 letters, digits, and symbols (=,.@:/-). Regex: [\w+=,.@:/-]* |
| Tags.N | No | Array of Tag | List of session tags. Up to 50 tags are allowed. The tag keys can not duplicate. |
| SourceIdentity | No | String | UIN of the initiator |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| Credentials | Credentials | Temporary security credentials |
| ExpiredTime | Integer | Credentials expiration time. A Unix timestamp will be returned which is accurate to the second |
| Expiration | String | Credentials expiration time in UTC time in ISO 8601 format. |
| RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
4. Example
Example1 Applying for a role
Input Example
POST / HTTP/1.1
Host: sts.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AssumeRole
<Common request parameters>
{
"RoleArn": "qcs%3A%3Acam%3A%3Auin%2F2385420691%3Arole%2F4611686018427397919",
"RoleSessionName": "cts"
}
Output Example
{
"Response": {
"Credentials": {
"Token": "da1e9d2ee9d***2dfe340001",
"TmpSecretId": "AKID65zyIP0mpXtaI******WIQVMn1umNH58",
"TmpSecretKey": "q95K84wrzuEGoc*******52boxvp71yoh"
},
"ExpiredTime": 1543914376,
"Expiration": "2018-12-04T09:06:16Z",
"RequestId": "4daec797-9cd2-4f09-9e7a-7d4c43b2a74c"
}
}
5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for NodeJS
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InternalError.DbError | Database error. |
| InternalError.EncryptError | Encryption failed. |
| InternalError.GetAppIdError | Failed to get the appid. |
| InternalError.GetRoleError | Failed to get the role. |
| InternalError.GetSeedTokenError | Failed to obtain the token. |
| InternalError.IllegalRole | Invalid role. |
| InternalError.PbSerializeError | pb packaging failed. |
| InternalError.SystemError | Internal system error, such as network error. |
| InternalError.UnknownError | Unknown error. |
| InvalidParameter.AccountNotAvaliable | The account does not exist or is unavailable. |
| InvalidParameter.ExtendStrategyOverSize | The extension policy is too large. |
| InvalidParameter.GrantOtherResource | Unauthorized access to the resource. |
| InvalidParameter.OverLimit | Frequency limit exceeded. |
| InvalidParameter.OverTimeError | The expiration time exceeds the threshold. |
| InvalidParameter.ParamError | Invalid parameter. |
| InvalidParameter.PolicyTooLong | The policy is too long. |
| InvalidParameter.ResouceError | Six-segment resource description error. |
| InvalidParameter.StrategyFormatError | Policy syntax error. |
| InvalidParameter.StrategyInvalid | Invalid policy. |
| InvalidParameter.TempCodeNotAvaliable | Invalid temporary code. |
| ResourceNotFound.RoleNotFound | The role corresponding to the account does not exist. |
| UnauthorizedOperation | Unauthorized operation. |
| UnsupportedOperation | Unsupported operation. |
Yes
No
Was this page helpful?