{
  "name": "sts",
  "display_name": "安全凭证服务",
  "description": "腾讯云STS（Security Token Service）是腾讯云提供的一种临时访问权限管理服务。CAM提供CAM用户和CAM角色两种身份。其中，CAM角色不具备永久身份凭证，而只能通过STS获取可以自定义时效和访问权限的临时身份凭证，即安全令牌（STS Token）。",
  "domain": "other",
  "api_version": "2018-08-13",
  "endpoint": "sts.tencentcloudapi.com",
  "actions": [
    {
      "name": "AssumeRole",
      "description": "**使用说明** 1. 申请扮演某个角色的临时访问凭证，返回临时身份的token和能够扮演该角色的临时密钥； 2. 角色策略组成 （1）角色载体：指定谁可以扮演该角色； （2）角色权限：指定扮演角色后可以执行哪些操作，操作哪些资源。 3. 角色可被扮演的条件 （1）给该用户绑定包含AssumeRole的策略； （2）将该用户配置为角色载体的主体。 4. 此接口可以支持永久密钥或临时密钥调\ufffd...",
      "status": "online",
      "parameters": [
        {
          "name": "RoleArn",
          "type": "string",
          "required": true,
          "description": "角色的资源描述，可在[访问管理](https://console.cloud.tencent.com/cam/role)，点击角色名获取。 普通角色： qcs::cam::uin/12345678:role/4611686018427397919、qcs::cam::uin/12345678:roleName/testRoleName 服务角色： qcs::cam::uin/12345678:role/tencentcloudServiceRole/4611686018427397920、qcs::cam::uin/12345678:role/tencentcloudServiceRoleName/testServiceRoleName",
          "example": "qcs::cam::uin/10001:roleName/readOnlyRole"
        },
        {
          "name": "RoleSessionName",
          "type": "string",
          "required": true,
          "description": "临时会话名称，由用户自定义名称。 长度在2到128之间，可包含大小写字符，数字以及特殊字符：=,.@_-。 正则为：[\\w+=,.@_-]*",
          "example": "cts"
        },
        {
          "name": "DurationSeconds",
          "type": "integer",
          "required": false,
          "description": "指定临时访问凭证的有效期，单位：秒，默认 7200 秒，最长可设定有效期为 43200 秒",
          "example": "1800"
        },
        {
          "name": "Policy",
          "type": "string",
          "required": false,
          "description": "策略描述 注意： 1、该参数需要做urlencode，服务端会对该字段做urldecode， 并按处理后Policy授予临时访问凭证权限，请按规范传入参数。（如果通过 GET 方法请求云 API，发送请求前，所有参数都需要按照[云 API 规范](https://cloud.tencent.com/document/api/598/33159#1.-.E6.8B.BC.E6.8E.A5.E8.A7.84.E8.8C.83.E8.AF.B7.E6.B1.82.E4.B8.B2)再 urlencode 一次）。 2、策略语法参照[ CAM 策略语法](https://cloud.tencent.com/documen...",
          "example": "%7B%22version%22%3A%222.0%22%2C%22statement%22%3A%5B%7B%22effect%22%3A%22allow%22%2C%22action%22%3A%5B%22cam%3AGetUser%22%5D%2C%22resource%22%3A%5B%22*%22%5D%7D%5D%7D%22%7D%7D%7D"
        },
        {
          "name": "ExternalId",
          "type": "string",
          "required": false,
          "description": "角色外部ID，可在[访问管理](https://console.cloud.tencent.com/cam/role)，点击角色名获取。 长度在2到128之间，可包含大小写字符，数字以及特殊字符：=,.@:/-。 正则为：[\\w+=,.@:\\/-]*",
          "example": "role-external-id"
        },
        {
          "name": "Tags",
          "type": "array",
          "required": false,
          "description": "会话标签列表。最多可以传递 50 个会话标签，不支持包含相同标签键。",
          "example": "无",
          "item_type": "object",
          "children": [
            {
              "name": "Key",
              "type": "string",
              "required": true,
              "description": "标签键，最长128个字符，区分大小写。",
              "example": "department"
            },
            {
              "name": "Value",
              "type": "string",
              "required": true,
              "description": "标签值，最长256个字符，区分大小写。",
              "example": "engineering"
            }
          ]
        },
        {
          "name": "SourceIdentity",
          "type": "string",
          "required": false,
          "description": "调用者身份uin",
          "example": "1000001"
        },
        {
          "name": "SerialNumber",
          "type": "string",
          "required": false,
          "description": "MFA序列号，与进行调用的CAM用户关联的MFA设备的标识号。格式qcs::cam:uin/${ownerUin}::mfa/${mfaType}。mfaType支持softToken（软token）",
          "example": "qcs::cam:uin/10001::mfa/softToken"
        },
        {
          "name": "TokenCode",
          "type": "string",
          "required": false,
          "description": "mfa身份验证码。",
          "example": "482724"
        }
      ],
      "required": [
        "RoleArn",
        "RoleSessionName"
      ]
    },
    {
      "name": "AssumeRoleWithSAML",
      "description": "本接口（AssumeRoleWithSAML）用于根据 SAML 断言申请角色临时访问凭证。 注意：当使用签名方法 V3 调用本接口时，请求头无须传入 X-TC-Token, 但 Authorization 需要传入值 SKIP。",
      "status": "online",
      "parameters": [
        {
          "name": "SAMLAssertion",
          "type": "string",
          "required": true,
          "description": "base64 编码的 SAML 断言信息",
          "example": "c2FtbC***Rpb24="
        },
        {
          "name": "PrincipalArn",
          "type": "string",
          "required": true,
          "description": "扮演者访问描述名",
          "example": "qcs::cam::uin/7989***:saml-provider/OneLogin"
        },
        {
          "name": "RoleArn",
          "type": "string",
          "required": true,
          "description": "角色访问描述名",
          "example": "qcs::cam::uin/7989***:roleName/OneLogin-Role"
        },
        {
          "name": "RoleSessionName",
          "type": "string",
          "required": true,
          "description": "会话名称",
          "example": "readOnlySession"
        },
        {
          "name": "DurationSeconds",
          "type": "integer",
          "required": false,
          "description": "指定临时访问凭证的有效期，单位：秒，默认 7200 秒，最长可设定有效期为 43200 秒",
          "example": "1800"
        }
      ],
      "required": [
        "SAMLAssertion",
        "PrincipalArn",
        "RoleArn",
        "RoleSessionName"
      ]
    },
    {
      "name": "AssumeRoleWithWebIdentity",
      "description": "申请OIDC角色临时访问凭证。 注意：当使用签名方法 V3 调用本接口时，请求头无须传入 X-TC-Token, 但 Authorization 需要传入值 SKIP。",
      "status": "online",
      "parameters": [
        {
          "name": "ProviderId",
          "type": "string",
          "required": true,
          "description": "身份提供商名称",
          "example": "OIDC"
        },
        {
          "name": "WebIdentityToken",
          "type": "string",
          "required": true,
          "description": "IdP签发的OIDC令牌",
          "example": "eyJraWQiOiJkT**********CNOQ"
        },
        {
          "name": "RoleArn",
          "type": "string",
          "required": true,
          "description": "角色访问描述名",
          "example": "qcs::cam::uin/7989***:roleName/OneLogin-Role"
        },
        {
          "name": "RoleSessionName",
          "type": "string",
          "required": true,
          "description": "会话名称",
          "example": "test_OIDC"
        },
        {
          "name": "DurationSeconds",
          "type": "integer",
          "required": false,
          "description": "指定临时访问凭证的有效期，单位：秒，默认 7200 秒，最长可设定有效期为 43200 秒",
          "example": "3600"
        }
      ],
      "required": [
        "ProviderId",
        "WebIdentityToken",
        "RoleArn",
        "RoleSessionName"
      ]
    },
    {
      "name": "GetCallerIdentity",
      "description": "获取当前调用者的身份信息。 接口支持主账号，子账号长期密钥以及AssumeRole，GetFederationToken生成的临时访问凭证身份获取。",
      "status": "online",
      "parameters": [],
      "required": []
    },
    {
      "name": "GetFederationToken",
      "description": "**使用说明** 1. 返回一组临时身份访问凭证，包含token和获取该身份的临时密钥； 2. 当您需要将当前账号下的部分权限和资源临时委托给第三方（如合作伙伴、外包团队），且希望避免下发永久密钥时，调用此接口； 3. 临时身份的权限为：当前调用账号的权限和输入参数 Policy 权限的交集； 4. 此接口仅支持永久密钥调用。 **典型场景** 1. 代理应用程序集中申请临时访问凭证，\ufffd\ufffd...",
      "status": "online",
      "parameters": [
        {
          "name": "Name",
          "type": "string",
          "required": true,
          "description": "您可以自定义调用方英文名称，由字母组成。",
          "example": "readOnly"
        },
        {
          "name": "Policy",
          "type": "string",
          "required": true,
          "description": "注意： 1、策略语法参照[ CAM 策略语法](https://cloud.tencent.com/document/product/598/10603)。 2、策略中不能包含 principal 元素。 3、该参数需要做urlencode，服务端会对该字段做urldecode， 并按处理后Policy授予临时访问凭证权限，请按规范传入参数。",
          "example": "%7B%22version%22%3A%222.0%22%2C%22statement%22%3A%5B%7B%22effect%22%3A%22allow%22%2C%22action%22%3A%22sts%3AAssumeRole%22%2C%22resource%22%3A%22%2A%22%7D%5D%7D"
        },
        {
          "name": "DurationSeconds",
          "type": "integer",
          "required": false,
          "description": "指定临时证书的有效期，单位：秒，默认1800秒，主账号最长可设定有效期为7200秒，子账号最长可设定有效期为129600秒。",
          "example": "1800"
        }
      ],
      "required": [
        "Name",
        "Policy"
      ]
    },
    {
      "name": "GetSessionToken",
      "description": "获取MFA临时证书",
      "status": "online",
      "parameters": [
        {
          "name": "SerialNumber",
          "type": "string",
          "required": true,
          "description": "MFA序列号，与进行调用的CAM用户关联的MFA设备的标识号。格式qcs::cam:uin/${ownerUin}::mfa/${mfaType}。mfaType支持softToken（软token）",
          "example": "qcs::cam:uin/10001::mfa/softToken"
        },
        {
          "name": "TokenCode",
          "type": "string",
          "required": true,
          "description": "mfa身份验证码。",
          "example": "482724"
        },
        {
          "name": "DurationSeconds",
          "type": "integer",
          "required": false,
          "description": "指定临时证书的有效期，单位：秒，默认1800秒，主账号最长可设定有效期为7200秒，子账号最长可设定有效期为129600秒。",
          "example": "1800"
        }
      ],
      "required": [
        "SerialNumber",
        "TokenCode"
      ]
    },
    {
      "name": "QueryApiKey",
      "description": "拉取API密钥列表",
      "status": "online",
      "parameters": [
        {
          "name": "TargetUin",
          "type": "integer",
          "required": false,
          "description": "待查询的账号uin(不填默认查当前账号uin)",
          "example": "100020328651"
        }
      ],
      "required": []
    }
  ]
}