MENU
      Switch temporary credential roles

        Switch temporary credential roles


        Article summary

        Available in Classic and VPC

        Create temporary credentials with the role switched by granting the switchRole policy.

        Note

        For more information about role switching and the switchRole policy, see Manage policies and roles of the Sub Account user guide.

        Request

        This section describes the request format. The method and URI are as follows:

        MethodURI
        POST/api/v1/switch-role

        Request headers

        For information about the headers common to all Secure Token Service APIs, see Secure Token Service request headers.

        Request body

        The following describes the body.

        FieldTypeRequiredDescription
        roleNrnStringRequiredNRN of the role to switch
        durationSecIntegerOptionalAccess key validity time (second)
        • 600 - 43200 (default: 3600)
        serialNumberStringOptionalSerial number
        • OTP device NRN | MFA serial number
          • Can be checked from the My Page > Manage account > Security settings menu in the NAVER Cloud Platform portal
        tokenCodeIntegerOptionalOTP verification code

        Request example

        The request example is as follows:

        curl --location --request POST 'https://sts.apigw.ntruss.com/api/v1/switch-role' \
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --header 'Content-Type: application/json' \
        --data '{
        	"roleNrn": "nrn:PUB:IAM::*****:Role/******************"
        }'
        Shell

        Response

        This section describes the response format.

        Response body

        The response body includes the following data:

        FieldTypeRequiredDescription
        switchedRoleString-NRN of the switched role
        credentialsObject-Role switch results
        credentials.accessKeyString-Access key
        credentials.keySecretString-Secret key
        credentials.createTimeString-Creation date
        • ISO 8601 format
        credentials.expireTimeString-Expiration date
        • ISO 8601 format
        credentials.useMfaBoolean-MFA authentication status
        • true | false
          • true: authenticated
          • false: not authenticated

        Response status codes

        For information about the HTTP status codes common to all Secure Token Service APIs, see Secure Token Service response status codes.

        Response example

        The response example is as follows:

        {
          "switchedRole": "nrn:PUB:IAM::*****:Role/******************",
          "credentials": {
            "accessKey": "ncp_iam_***************",
            "keySecret": "ncp_iam_**********************",
            "createTime": "2024-10-10T16:58:28Z",
            "expireTime": "2024-10-10T17:58:28Z",
            "useMfa": false
          }
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.