Help Center/ SoftWare Repository for Container/ API Reference (Enterprise Edition)/ API/ Credential Management/ Obtaining a Temporary Access Credential

Updated on 2025-09-26 GMT+08:00

Online Debugging

CLI Examples

View PDF

Obtaining a Temporary Access Credential

Function

This API is used to obtain a temporary access credential.

Constraints

None.

Calling Method

For details, see Calling APIs.

URI

POST /v2/{project_id}/instances/{instance_id}/temp-credential

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.
instance_id	Yes	String	ID of an SWR Enterprise Edition instance.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.

Response Parameters

Status code: 201

**Table 3** Response body parameters
Parameter	Type	Description
auth_token	String	Password of a temporary access credential.
created_at	String	Creation time.
expire_date	String	Expiration time.
token_id	String	ID of a temporary access credential.
user_id	String	User ID of a temporary access credential.

Status code: 400

**Table 4** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	Detailed rejection reason after encryption. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 401

**Table 5** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	Detailed rejection reason after encryption. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 403

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	Detailed rejection reason after encryption. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 404

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	Detailed rejection reason after encryption. You can call the API decode-authorization-message of STS to decrypt the reason.

Status code: 500

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
encoded_authorization_message	String	Detailed rejection reason after encryption. You can call the API decode-authorization-message of STS to decrypt the reason.

Example Requests

POST https://{endpoint}/v2/{project_id}/instances/{instance_id}/temp-credential

Example Responses

Status code: 201

A temporary access credential is obtained successfully.

{
  "auth_token" : "abc123xyz789",
  "created_at" : "2023-10-20T15:30:00Z",
  "expire_date" : "2023-10-21T15:30:00Z",
  "token_id" : "550e8400-e29b-41d4-a716-446655440000",
  "user_id" : "test_user_123"
}

SDK Sample Code

The SDK sample code is as follows.

Java

    
     
       
       
         package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.swr.v2.region.SwrRegion;
import com.huaweicloud.sdk.swr.v2.*;
import com.huaweicloud.sdk.swr.v2.model.*;


public class CreateInstanceTempCredentialSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        SwrClient client = SwrClient.newBuilder()
                .withCredential(auth)
                .withRegion(SwrRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateInstanceTempCredentialRequest request = new CreateInstanceTempCredentialRequest();
        request.withInstanceId("{instance_id}");
        try {
            CreateInstanceTempCredentialResponse response = client.createInstanceTempCredential(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

        

      

    
   

Python

    
     
       
       
         # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkswr.v2.region.swr_region import SwrRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkswr.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = SwrClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SwrRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateInstanceTempCredentialRequest()
        request.instance_id = "{instance_id}"
        response = client.create_instance_temp_credential(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

        

      

    
   

Go

    
     
       
       
         package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    swr "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := swr.NewSwrClient(
        swr.SwrClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateInstanceTempCredentialRequest{}
	request.InstanceId = "{instance_id}"
	response, err := client.CreateInstanceTempCredential(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

        

      

    
   

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
201	A temporary access credential is obtained successfully.
400	Request error.
401	Authentication failed.
403	Access denied.
404	Resource not found.
500	Internal error.

Error Codes

See Error Codes.

Parent topic: Credential Management

Previous topic: Credential Management

Next topic: Creating a Long-Term Access Credential

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot