tencent cloud



Last updated: 2022-08-16 10:31:45

1. API Description

Domain name for API request: sts.tencentcloudapi.com.

This API is used to request for the temporary security credentials of a role.

A maximum of 600 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: AssumeRole.
Version Yes String Common Params. The value used for this API: 2018-08-13.
Region Yes String Common Params. For more information, please see the list of regions supported by the product.
RoleArn Yes String Resource descriptions of a role, which can be obtained by clicking the role name in the CAM console.
General role:
qcs::cam::uin/12345678:role/4611686018427397919, qcs::cam::uin/12345678:roleName/testRoleName
Service role:
qcs::cam::uin/12345678:role/tencentcloudServiceRole/4611686018427397920, qcs::cam::uin/12345678:role/tencentcloudServiceRoleName/testServiceRoleName
RoleSessionName Yes String User-defined temporary session name.
It can contain 2-128 letters, digits, and symbols (=,.@-). Regex: [\w+=,.@-]*
DurationSeconds No Integer Specifies the validity period of credentials in seconds. Default value: 7200. Maximum value: 43200
Policy No String Policy description
1. The policy needs to be URL-encoded (if you request a TencentCloud API through the GET method, all parameters must be URL-encoded again in accordance with Signature v3 before the request is sent).
2. For the policy syntax, please see CAM's Syntax Logic.
3. The policy cannot contain the principal element.
ExternalId No String External role ID, which can be obtained by clicking the role name in the CAM console.
It can contain 2-128 letters, digits, and symbols (=,.@:/-). Regex: [\w+=,.@:/-]*
Tags.N No Array of Tag List of session tags. Up to 50 tags are allowed. The tag keys can not duplicate.
SourceIdentity No String UIN of the initiator

3. Output Parameters

Parameter Name Type Description
Credentials Credentials Temporary security credentials
ExpiredTime Integer Credentials expiration time. A Unix timestamp will be returned which is accurate to the second
Expiration String Credentials expiration time in UTC time in ISO 8601 format.
RequestId String The unique request ID, which is returned for each request. RequestId is required for locating a problem.

4. Example

Example1 Applying for a role

Input Example

Host: sts.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: AssumeRole
<Common request parameters>

    "RoleArn": "qcs%3A%3Acam%3A%3Auin%2F2385420691%3Arole%2F4611686018427397919",
    "RoleSessionName": "cts"

Output Example

  "Response": {
    "Credentials": {
      "Token": "da1e9d2ee9d***2dfe340001",
      "TmpSecretId": "AKID65zyIP0mpXtaI******WIQVMn1umNH58",
      "TmpSecretKey": "q95K84wrzuEGoc*******52boxvp71yoh"
    "ExpiredTime": 1543914376,
    "Expiration": "2018-12-04T09:06:16Z",
    "RequestId": "4daec797-9cd2-4f09-9e7a-7d4c43b2a74c"

5. Developer Resources


TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

Command Line Interface

6. Error Code

The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

Error Code Description
InternalError.DbError Database error.
InternalError.EncryptError Encryption failed.
InternalError.GetAppIdError Failed to get the appid.
InternalError.GetRoleError Failed to get the role.
InternalError.GetSeedTokenError Failed to obtain the token.
InternalError.IllegalRole Invalid role.
InternalError.PbSerializeError pb packaging failed.
InternalError.SystemError Internal system error, such as network error.
InternalError.UnknownError Unknown error.
InvalidParameter.AccountNotAvaliable The account does not exist or is unavailable.
InvalidParameter.ExtendStrategyOverSize The extension policy is too large.
InvalidParameter.GrantOtherResource Unauthorized access to the resource.
InvalidParameter.OverLimit Frequency limit exceeded.
InvalidParameter.OverTimeError The expiration time exceeds the threshold.
InvalidParameter.ParamError Invalid parameter.
InvalidParameter.PolicyTooLong The policy is too long.
InvalidParameter.ResouceError Six-segment resource description error.
InvalidParameter.StrategyFormatError Policy syntax error.
InvalidParameter.StrategyInvalid Invalid policy.
InvalidParameter.TempCodeNotAvaliable Invalid temporary code.
ResourceNotFound.RoleNotFound The role corresponding to the account does not exist.
UnauthorizedOperation Unauthorized operation.
UnsupportedOperation Unsupported operation.
Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support