Login
      Contents x
      Switch temporary credential roles
        • Print
        • PDF
        Contents

        Switch temporary credential roles

          • Print
          • PDF
          Article summary

          Available in Classic and VPC

          Create temporary credentials with the role switched by granting the switchRole policy.

          Note

          For more information about role switching and the switchRole policy, see Manage policies and roles of the Sub Account user guide.

          Request

          This section describes the request format. The method and URI are as follows:

          MethodURI
          POST/api/v1/switch-role

          Request headers

          For information about the headers common to all Secure Token Service APIs, see Secure Token Service request headers.

          Request body

          The following describes the body.

          FieldTypeRequiredDescription
          roleNrnStringRequiredNRN of the role to switch
          durationSecIntegerOptionalAccess key validity time (second)
          • 600 - 43200 (default: 3600)
          serialNumberStringOptionalSerial number
          • OTP device NRN | MFA serial number
            • Can be checked from the My Page > Manage account > Security settings menu in the NAVER Cloud Platform portal
          tokenCodeIntegerOptionalOTP verification code

          Request example

          The request example is as follows:

          curl --location --request POST 'https://sts.apigw.ntruss.com/api/v1/switch-role' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--data '{
	"roleNrn": "nrn:PUB:IAM::*****:Role/******************"
}'

          Response

          This section describes the response format.

          Response body

          The response body includes the following data:

          FieldTypeRequiredDescription
          switchedRoleString-NRN of the switched role
          credentialsObject-Role switch results
          credentials.accessKeyString-Access key
          credentials.keySecretString-Secret key
          credentials.createTimeString-Creation date
          • ISO 8601 format
          credentials.expireTimeString-Expiration date
          • ISO 8601 format
          credentials.useMfaBoolean-MFA authentication status
          • true | false
            • true: authenticated
            • false: not authenticated

          Response status codes

          For information about the HTTP status codes common to all Secure Token Service APIs, see Secure Token Service response status codes.

          Response example

          The response example is as follows:

          {
  "switchedRole": "nrn:PUB:IAM::*****:Role/******************",
  "credentials": {
    "accessKey": "ncp_iam_***************",
    "keySecret": "ncp_iam_**********************",
    "createTime": "2024-10-10T16:58:28Z",
    "expireTime": "2024-10-10T17:58:28Z",
    "useMfa": false
  }
}
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout