Domain name for API request: sts.tencentcloudapi.com.
This API is used to request for the temporary security credentials of a role.
A maximum of 600 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
Parameter Name | Required | Type | Description |
---|---|---|---|
Action | Yes | String | Common Params. The value used for this API: AssumeRole. |
Version | Yes | String | Common Params. The value used for this API: 2018-08-13. |
Region | Yes | String | Common Params. For more information, please see the list of regions supported by the product. |
RoleArn | Yes | String | Resource descriptions of a role, which can be obtained by clicking the role name in the CAM console. General role: qcs::cam::uin/12345678:role/4611686018427397919, qcs::cam::uin/12345678:roleName/testRoleName Service role: qcs::cam::uin/12345678:role/tencentcloudServiceRole/4611686018427397920, qcs::cam::uin/12345678:role/tencentcloudServiceRoleName/testServiceRoleName |
RoleSessionName | Yes | String | User-defined temporary session name. It can contain 2-128 letters, digits, and symbols (=,.@-). Regex: [\w+=,.@-]* |
DurationSeconds | No | Integer | Specifies the validity period of credentials in seconds. Default value: 7200. Maximum value: 43200 |
Policy | No | String | Policy description Note: 1. The policy needs to be URL-encoded (if you request a TencentCloud API through the GET method, all parameters must be URL-encoded again in accordance with Signature v3 before the request is sent). 2. For the policy syntax, please see CAM's Syntax Logic. 3. The policy cannot contain the principal element. |
ExternalId | No | String | External role ID, which can be obtained by clicking the role name in the CAM console. It can contain 2-128 letters, digits, and symbols (=,.@:/-). Regex: [\w+=,.@:/-]* |
Tags.N | No | Array of Tag | List of session tags. Up to 50 tags are allowed. The tag keys can not duplicate. |
SourceIdentity | No | String | UIN of the initiator |
Parameter Name | Type | Description |
---|---|---|
Credentials | Credentials | Temporary security credentials |
ExpiredTime | Integer | Credentials expiration time. A Unix timestamp will be returned which is accurate to the second |
Expiration | String | Credentials expiration time in UTC time in ISO 8601 format. |
RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
POST / HTTP/1.1
Host: sts.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AssumeRole
<Common request parameters>
{
"RoleArn": "qcs%3A%3Acam%3A%3Auin%2F2385420691%3Arole%2F4611686018427397919",
"RoleSessionName": "cts"
}
{
"Response": {
"Credentials": {
"Token": "da1e9d2ee9d***2dfe340001",
"TmpSecretId": "AKID65zyIP0mpXtaI******WIQVMn1umNH58",
"TmpSecretKey": "q95K84wrzuEGoc*******52boxvp71yoh"
},
"ExpiredTime": 1543914376,
"Expiration": "2018-12-04T09:06:16Z",
"RequestId": "4daec797-9cd2-4f09-9e7a-7d4c43b2a74c"
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
Error Code | Description |
---|---|
InternalError.DbError | Database error. |
InternalError.EncryptError | Encryption failed. |
InternalError.GetAppIdError | Failed to get the appid . |
InternalError.GetRoleError | Failed to get the role. |
InternalError.GetSeedTokenError | Failed to obtain the token. |
InternalError.IllegalRole | Invalid role. |
InternalError.PbSerializeError | pb packaging failed. |
InternalError.SystemError | Internal system error, such as network error. |
InternalError.UnknownError | Unknown error. |
InvalidParameter.AccountNotAvaliable | The account does not exist or is unavailable. |
InvalidParameter.ExtendStrategyOverSize | The extension policy is too large. |
InvalidParameter.GrantOtherResource | Unauthorized access to the resource. |
InvalidParameter.OverLimit | Frequency limit exceeded. |
InvalidParameter.OverTimeError | The expiration time exceeds the threshold. |
InvalidParameter.ParamError | Invalid parameter. |
InvalidParameter.PolicyTooLong | The policy is too long. |
InvalidParameter.ResouceError | Six-segment resource description error. |
InvalidParameter.StrategyFormatError | Policy syntax error. |
InvalidParameter.StrategyInvalid | Invalid policy. |
InvalidParameter.TempCodeNotAvaliable | Invalid temporary code. |
ResourceNotFound.RoleNotFound | The role corresponding to the account does not exist. |
UnauthorizedOperation | Unauthorized operation. |
UnsupportedOperation | Unsupported operation. |
Was this page helpful?