Generate AWS STS token
POST {{baseUrl}}/generateAccessToken
Allows users to request temporary, limited-privilege AWS credentials to get read-only or write-only access on the URI returned in the response.
* Read permission will always be on the root level.
* Path field is optional for READ permission - If value for path is not provided then it will be considered on root level (/
).
* Ensure to enable write access on the path before requesting token with write permission.
* Write access can be enabled using POST /accessTokenPermissions endpoint.
* An access token requested for a given path also automatically gives access to all subpaths of the path. For example, if an access token is requested for path /a and there are subpaths /a/b and /a/b/c, the token allows to access those too.
* An access token with write permissions can only be requested for the paths defined by resource accessTokenPermissions. An acecss token with read permissions can only be requested for the root path /.
Request Body
{"subtenantId"=>"<string>", "path"=>"/", "durationSeconds"=>3600, "permission"=>"READ"}
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"credentials":{"secretAccessKey":"AbCdEfGhIjKlMnOpQrStUvWxYz","accessKeyId":"AbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrStUvWxYz","sessionToken":"AbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrStUvWxYz"},"storageAccount":"dlbucketname","storagePath":"data/ten=tenantname OR data/sub=subtenantId","subtenantId":"204a896c-a23a-11e9-a2a3-2a2ae2dbcce4","durationSeconds":900,"permission":"WRITE"}