Login
      Contents x
      Secure Token Service overview
        • Print
        • PDF
        Contents

        Secure Token Service overview

          • Print
          • PDF
          Article summary

          Available in Classic and VPC

          Secure Token Service (STS) is a service that issues temporary credentials (access key, secret key) for sub accounts that can control access to resources in NAVER Cloud Platform. Secure Token Service provides APIs for temporary credentials for sub accounts in RETSTful form.
          Temporary credentials created using the Secure Token Service have the following characteristics.

          • They can be created from sub accounts.
          • They have the same validity as permanent access keys, with some differences.
          • They have an expiration date. Expired access keys are not recognized or allowed access, so they do not need to be replaced or explicitly replaced when they are no longer needed.
          • You don't need to distribute or embed access keys with an indefinite duration into your applications.
          • You can include MFA authentication when generating temporary credentials. NAVER Cloud Platform provides OTP authentication as a means of MFA.

          Common Secure Token Service settings

          The following describes commonly used request and response formats in Secure Token Service APIs.

          Request

          The following describes the common request format.

          API URL

          The request API URL is as follows.

          https://sts.apigw.ntruss.com

          Request headers

          The following describes the request headers.

          FieldRequiredDescription
          x-ncp-apigw-timestampRequiredIt indicates the elapsed time in milliseconds since January 1, 1970 00:00:00 UTC
        • Request is considered invalid if the timestamp differs from the current time by more than 5 minutes
          • x-ncp-iam-access-keyRequiredAccess key issued on NAVER Cloud Platform
        • Issue and check access key: See Create authentication key
        • Issue and check access key for sub account: See Create sub account
          • x-ncp-apigw-signature-v2RequiredBase64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
        • Issue and check secret key: See Create authentication key
        • Create signature: See Create signature
          • Content-typeRequiredRequest data format
        • application/json

          • Response

          The following describes the common response format.

          Response status codes

          The following describes the response status codes.

          HTTP status codeCodeMessageDescription
          400400durationSec is only available in the following ranges
          valid range: 600 - 43200 : [durationSec]          		durationSec range specification error
          401401MultiFactorAuthentication failed with invalid MFA one time pass codeInvalid OTP
          404404Invalid or expired credentialsInvalid credentials
          Note

          For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

          Secure Token Service API

          The following describes the APIs provided by Secure Token Service.

          APIDescription
          Get credential ownerGet access key owner
          Get credentialsGet temporary credentials for sub accounts or permanent access keys for sub accounts and main account
          Create temporary credentialsCreate temporary credentials
          Switch temporary credential rolesCreate role-switched temporary credentials

          NAVER Cloud Platform provides a variety of related resources to help users better understand Secure Token Service APIs.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout