MENU
      Secure Token Service overview
        • PDF

        Secure Token Service overview

        • PDF

        Article summary

        Available in Classic and VPC

        Secure Token Service (STS) is a service that issues temporary credentials (access key, secret key) for sub accounts that can control access to resources in NAVER Cloud Platform. Secure Token Service provides APIs for temporary credentials for sub accounts in RETSTful form.
        Temporary credentials created using the Secure Token Service have the following characteristics.

        • They can be created from sub accounts.
        • They have the same validity as permanent access keys, with some differences.
        • They have an expiration date. Expired access keys are not recognized or allowed access, so they do not need to be replaced or explicitly replaced when they are no longer needed.
        • You don't need to distribute or embed access keys with an indefinite duration into your applications.
        • You can include MFA authentication when generating temporary credentials. NAVER Cloud Platform provides OTP authentication as a means of MFA.

        Common Secure Token Service settings

        The following describes commonly used request and response formats in Secure Token Service APIs.

        Request

        The following describes the common request format.

        API URL

        The request API URL is as follows.

        https://sts.apigw.ntruss.com
        HTTP

        Request headers

        The following describes the request headers.

        FieldRequiredDescription
        x-ncp-apigw-timestampRequiredIt indicates the elapsed time in milliseconds since January 1, 1970 00:00:00 UTC
      • Request is considered invalid if the timestamp differs from the current time by more than 5 minutes
      • x-ncp-iam-access-keyRequiredAccess key issued on NAVER Cloud Platform
      • Issue and check access key: See Create authentication key
      • Issue and check access key for sub account: See Create sub account
      • x-ncp-apigw-signature-v2RequiredBase64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
      • Issue and check secret key: See Create authentication key
      • Create signature: See Create signature
      • Content-typeRequiredRequest data format
      • application/json
      • Response

        The following describes the common response format.

        Response status codes

        The following describes the response status codes.

        HTTP status codeCodeMessageDescription
        400400durationSec is only available in the following ranges
        valid range: 600 - 43200 : [durationSec]
        durationSec range specification error
        401401MultiFactorAuthentication failed with invalid MFA one time pass codeInvalid OTP
        404404Invalid or expired credentialsInvalid credentials
        Note

        For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

        Secure Token Service API

        The following describes the APIs provided by Secure Token Service.

        APIDescription
        Get credential ownerGet access key owner
        Get credentialsGet temporary credentials for sub accounts or permanent access keys for sub accounts and main account
        Create temporary credentialsCreate temporary credentials
        Switch temporary credential rolesCreate role-switched temporary credentials

        NAVER Cloud Platform provides a variety of related resources to help users better understand Secure Token Service APIs.


        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.