Switch temporary credential roles

Prev Next

Available in Classic and VPC

Create temporary credentials with the role switched by granting the switchRole policy.

Note

For more information about role switching and the switchRole policy, see Manage policies and roles of the Sub Account user guide.

Request

This section describes the request format. The method and URI are as follows:

Method URI
POST /api/v1/switch-role

Request headers

For information about the headers common to all Secure Token Service APIs, see Secure Token Service request headers.

Request body

The following describes the body.

Field Type Required Description
roleNrn String Required NRN of the role to switch
durationSec Integer Optional Access key validity time (second)
  • 600 - 43200 (default: 3600)
serialNumber String Optional Serial number
  • OTP device NRN | MFA serial number
    • Can be checked from the My Page > Manage account > Security settings menu in the NAVER Cloud Platform portal
tokenCode Integer Optional OTP verification code

Request example

The request example is as follows:

curl --location --request POST 'https://sts.apigw.ntruss.com/api/v1/switch-role' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--data '{
	"roleNrn": "nrn:PUB:IAM::*****:Role/******************"
}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
switchedRole String - NRN of the switched role
credentials Object - Role switch results
credentials.accessKey String - Access key
credentials.keySecret String - Secret key
credentials.createTime String - Creation date
  • ISO 8601 format
credentials.expireTime String - Expiration date
  • ISO 8601 format
credentials.useMfa Boolean - MFA authentication status
  • true | false
    • true: authenticated
    • false: not authenticated

Response status codes

For information about the HTTP status codes common to all Secure Token Service APIs, see Secure Token Service response status codes.

Response example

The response example is as follows:

{
  "switchedRole": "nrn:PUB:IAM::*****:Role/******************",
  "credentials": {
    "accessKey": "ncp_iam_***************",
    "keySecret": "ncp_iam_**********************",
    "createTime": "2024-10-10T16:58:28Z",
    "expireTime": "2024-10-10T17:58:28Z",
    "useMfa": false
  }
}