Secure Token Service overview

Prev Next

Available in Classic and VPC

Secure Token Service (STS) is a service that issues temporary credentials (access key, secret key) for sub accounts that can control access to resources in NAVER Cloud Platform. Secure Token Service provides APIs for temporary credentials for sub accounts in RESTful form.
Temporary credentials created using the Secure Token Service have the following characteristics.

  • They can be created from sub accounts.
  • They have the same validity as permanent access keys, with some differences.
  • They have an expiration date. Expired access keys are not recognized or allowed access, so they do not need to be replaced or explicitly replaced when they are no longer needed.
  • You don't need to distribute or embed access keys with an indefinite duration into your applications.
  • You can include MFA authentication when generating temporary credentials. NAVER Cloud Platform provides OTP authentication as a means of MFA.

Common Secure Token Service settings

The following describes commonly used request and response formats in Secure Token Service APIs.

Request

The following describes the common request format.

API URL

The request API URL is as follows:

https://sts.apigw.ntruss.com

Request headers

The following describes the request headers.

Field Required Description
x-ncp-apigw-timestamp Required This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC.
  • Request is considered invalid if the timestamp differs from the current time by more than 5 minutes.
  • x-ncp-iam-access-key Required Access key issued on NAVER Cloud Platform
  • Issue and check access key: See Create authentication key.
  • Issue and check access key for sub account: See Create sub account.
  • x-ncp-apigw-signature-v2 Required Base64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
  • Issue and check secret key: See Create authentication key.
  • Create signature: See Create signature.
  • Content-type Required Request data format
  • application/json
  • Response

    The following describes the common response format.

    Response status codes

    The following describes the response status codes.

    HTTP status code Code Message Description
    400 400 durationSec is only available in the following ranges:
    Valid range: 600-43200: [durationSec]
    durationSec range specification error
    401 401 MultiFactorAuthentication failed with invalid MFA one time pass code Invalid OTP.
    404 404 Invalid or expired credentials Invalid credentials
    Note

    For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

    Secure Token Service API

    The following describes the APIs provided by Secure Token Service.

    API Description
    Get credential owner Get the access key owner.
    Get credentials Get temporary credentials for sub accounts or permanent access keys for sub accounts and main account.
    Create temporary credentials Create temporary credentials.
    Switch temporary credential roles Create temporary credentials with a role switch.

    Secure Token Service related resources

    NAVER Cloud Platform provides a variety of related resources to help users better understand Secure Token Service APIs.