Domain name for API request: sts.intl.tencentcloudapi.com.
This API is used to request temporary access credentials for assuming a role.
This API is used to describe the composition of role policies.
This API is used to specify the role trust policy, which defines who can assume the role.
This API is used to specify the role permission policy, which defines what actions can be performed after assuming the role.
This API is used to describe the conditions under which a role can be assumed.
This API is used to bind a policy that allows a user to call AssumeRole.
This API is used to add a user as a principal in the role trust policy.
A maximum of 600 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: AssumeRole. |
| Version | Yes | String | Common Params. The value used for this API: 2018-08-13. |
| Region | Yes | String | Common Params. For more information, please see the list of regions supported by the product. |
| RoleArn | Yes | String | Resource descriptions of a role, which can be obtained by clicking the role name in the CAM console. General role: qcs::cam::uin/12345678:role/4611686018427397919, qcs::cam::uin/12345678:roleName/testRoleName Service role: qcs::cam::uin/12345678:role/tencentcloudServiceRole/4611686018427397920, qcs::cam::uin/12345678:role/tencentcloudServiceRoleName/testServiceRoleName |
| RoleSessionName | Yes | String | User-defined temporary session name. It can contain 2-128 letters, digits, and symbols (=,.@_-). Regex: [\w+=,.@_-]* |
| DurationSeconds | No | Integer | Specifies the validity period of the temporary access credentials in seconds. Default value: 7,200s. Maximum value: 43,200s. |
| Policy | No | String | Policy description Note: This parameter needs to be URL-encoded. The server will URL-decode this field and grant temporary access credentials based on the processed policy. Please pass the parameter according to the specification. (If you request a TencentCloud API through the GET method, all parameters must be URL-encoded again in accordance with Signature v3 before the request is sent). The policy syntax refers to CAM's Syntax Logic. 3. The policy cannot contain the principal element. |
| ExternalId | No | String | External role ID, which can be obtained by clicking the role name in the CAM console. It can contain 2-128 letters, digits, and symbols (=,.@:/-). Regex: [\w+=,.@:/-]* |
| Tags.N | No | Array of Tag | List of session tags. Up to 50 tags are allowed. The tag keys can not duplicate. |
| SourceIdentity | No | String | UIN of the initiator |
| SerialNumber | No | String | |
| TokenCode | No | String |
| Parameter Name | Type | Description |
|---|---|---|
| Credentials | Credentials | Temporary access credentials |
| ExpiredTime | Integer | Expiration time of the temporary access credentials. A Unix timestamp will be returned which is accurate to the second. |
| Expiration | String | Expiration time of the temporary access credentials in UTC time in ISO 8601 format. |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
This example shows you how to apply for temporary credentials for a role.
POST / HTTP/1.1
Host: sts.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AssumeRole
<Common request parameters>
{
"RoleArn": "qcs::cam::uin/100015158414:roleName/readOnlyRole",
"RoleSessionName": "cts"
}
{
"Response": {
"Credentials": {
"Token": "da1e***",
"TmpSecretId": "AKID***",
"TmpSecretKey": "q95K***"
},
"ExpiredTime": 1543914376,
"Expiration": "2018-12-04T09:06:16Z",
"RequestId": "4daec797-9cd2-4f09-9e7a-7d4c43b2a74c"
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| FailedOperation.CheckMFAError | |
| FailedOperation.MFATypeNotSupported | |
| InternalError.DbError | Database error. |
| InternalError.EncryptError | Encryption failed. |
| InternalError.GetAppIdError | Failed to get the appid. |
| InternalError.GetRoleError | Failed to get the role. |
| InternalError.GetSeedTokenError | Failed to obtain the token. |
| InternalError.IllegalRole | Invalid role. |
| InternalError.PbSerializeError | pb packaging failed. |
| InternalError.SystemError | Internal system error, such as network error. |
| InternalError.UnknownError | Unknown error. |
| InvalidParameter.AccountNotAvaliable | The account does not exist or is unavailable. |
| InvalidParameter.ExtendStrategyOverSize | The extension policy is too large. |
| InvalidParameter.GrantOtherResource | Unauthorized access to the resource. |
| InvalidParameter.OverLimit | Frequency limit exceeded. |
| InvalidParameter.OverTimeError | The expiration time exceeds the threshold. |
| InvalidParameter.ParamError | Invalid parameter. |
| InvalidParameter.PolicyTooLong | The policy is too long. |
| InvalidParameter.ResouceError | Six-segment resource description error. |
| InvalidParameter.StrategyFormatError | Policy syntax error. |
| InvalidParameter.StrategyInvalid | Invalid policy. |
| InvalidParameter.TempCodeNotAvaliable | Invalid temporary code. |
| ResourceNotFound.RoleNotFound | The role corresponding to the account does not exist. |
| UnauthorizedOperation | Unauthorized operation. |
| UnsupportedOperation | Unsupported operation. |
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback