REST API v2.1 Reference
This is the Identity Federation for AWS REST API v2.1 reference (refer to the Developer Guide for more information).
On this page:
- 1 REST API v2.1 resources (Identity Federation)
- 1.1 /rest/identity-federation-for-aws/2.1/connectors
- 1.2 /rest/identity-federation-for-aws/2.1/connectors/{id}
- 1.3 /rest/identity-federation-for-aws/2.1/connectors/{id}/caller-identity
- 1.4 /rest/identity-federation-for-aws/2.1/connectors/{id}/credentials
- 1.5 /rest/identity-federation-for-aws/2.1/connectors/{id}/console/url
- 1.6 /rest/identity-federation-for-aws/2.1/connectors/{id}/ecr/credentials?region={region}
- 1.7 /rest/identity-federation-for-aws/2.1/connectors/{id}/codeartifact/credentials?region={region}&domain={domain}
- 2 REST API v2.1 resources (complete reference)
- 3 Frequently Asked Questions (FAQ)
REST API v2.1 resources (Identity Federation)
This is the reference of all resources relevant to this apps actual functionality as a token vendor for Identity Federation - refer to the REST API resources (complete reference) if you intent to include this app into administrative automation scenarios (e.g. for scripting).
Resource | URI template | methods | description | permissions | comments |
---|---|---|---|---|---|
Connectors | This is the main resource for retrieving temporary AWS security credentials. | ||||
GET|POST | Get all AWS connectors. | Configurable | GET is the only required method for the token vendor use case, but POST is available for administration purposes. | ||
GET|PUT|DELETE | Get an AWS connector identified by its id. | Configurable | GET is the only required method for the token vendor use case, but DELETE|PUT is available for administration purposes. | ||
GET | Get details about the IAM identity whose credentials are used to call the API. | Configurable | |||
GET | Get temporary AWS security credentials via a AWS connector identified by its id. | Configurable | This is the main resource to use for calling AWS services in turn. | ||
GET | Get the URL for SSO with the AWS Management Console via a AWS connector identified by its id. | Configurable | The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector). | ||
GET | Get temporary Amazon ECR authentication credentials via a AWS connector identified by its id. | Configurable | Refer to Amazon EC2 Container Registry (Amazon ECR) authentication credentials for details.
| ||
| GET | Get temporary AWS CodeArtifact credentials (authentication token) via a AWS connector identified by its id. | Configurable | Refer to AWS CodeArtifact authentication and tokens for details. |
/rest/identity-federation-for-aws/2.1/connectorsMethodsGETRequestGET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors (200) Response HeadersServer: Apache-Coyote/1.1
X-AREQUESTID: 1384x1779x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:04:32 GMT Response Body{
"values": [
{
"id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
"name": "Development Team A",
"type": "FEDERATION_TOKEN",
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "",
"externalId": "",
"iamPolicy": "",
"groups": []
},
{
"id": "1f2d5aee-839e-49ae-8a5b-e9ae27a2f2d8",
"name": "Development Team B",
"type": "SESSION_TOKEN",
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "",
"externalId": "",
"iamPolicy": "",
"groups": []
},
{
"id": "997a2479-a27c-46fc-9397-9a6bff91b7dd",
"name": "Operations Team",
"type": "ASSUME_ROLE"
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "arn:aws:iam::123456789012:role/S3Access",
"externalId": "",
"iamPolicy": "",
"groups": []
}
],
"size": 3
} |
/rest/identity-federation-for-aws/2.1/connectors/{id}MethodsGETRequestGET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3 (200) Response HeadersServer: Apache-Coyote/1.1
X-AREQUESTID: 1390x1780x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:10:08 GMT Response Body{
"id": "1521fbf0-fa97-4c4a-9877-9f0c5e9982d3",
"name": "Development Team A",
"type": "FEDERATION_TOKEN",
"scope": "SYSTEM",
"partition": "aws",
"accountId": "afe1e1ca-60e6-471c-aab6-fe1ced186def",
"roleArn": "",
"externalId": "",
"iamPolicy": "",
"groups": []
} |
/rest/identity-federation-for-aws/2.1/connectors/{id}/caller-identityMethodsGETRequestGET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/caller-identity (200) Response HeadersServer: Apache-Coyote/1.1
X-Seraph-LoginReason: OK
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 22 Jul 2016 09:58:31 GMT Response Body{
"account": "248163264128",
"arn": "arn:aws:sts::248163264128:federated-user/admin",
"userId": "248163264128:admin"
} |
/rest/identity-federation-for-aws/2.1/connectors/{id}/credentialsMethodsGETRequestGET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/credentials (200) Response HeadersServer: Apache-Coyote/1.1
X-AREQUESTID: 1390x1782x1
X-ASESSIONID: 1dteqyw
X-Seraph-LoginReason: OK
X-AUSERNAME: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 21:10:56 GMT Response Body{
"accessKeyId": "ASIJATLAS2XBO2MQ77VQ",
"secretAccessKey": "FeJioaEdLa0RJsVCSBYAtLaskADEzkq1VFriuJla",
"sessionToken": "AQoDYXdzEN7//////////wEa8AEmChyr2gLDNxQATlASOWNkI0ORBVCkbPuMdTPQxpQR7NrqxjBo+O13lg2KjKdsxoXfR3fzCG/L0g9k2YQOMWVZjQLkd6cS4F3NL3qa/dtheXaYmcCeUXwJoznMWsXvGV3OQyizKD7hHcQbrYDzJWr1hcoksx03NazuG1xx6uWn8uwcktsyMCwATlasC8tqw6ffozllgQr2eZK1lBPyXWQy7Jwx3EyXLP/rulAhEBE9mrAUzp0xq0Yiekc7I06dSAQT7fBsuHzWoNQ0O8zmX4S35AL+pP+kBzAJZ75qvviNZYmoqXCBcSEOmWLFnyAuCSUg5a+5jQU=",
"expiration": 1370423461000,
"partition": "aws"
} |
/rest/identity-federation-for-aws/2.1/connectors/{id}/console/urlMethodsGETRequestGET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/console/url (200) Response HeadersServer: Apache-Coyote/1.1
X-AREQUESTID: 764x100x1
X-asessionid: 1ycp90k
X-Seraph-LoginReason: OK
X-ausername: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 24 Aug 2015 10:44:11 GMT Response Body{
"url":"http://host:port/context/plugins/servlet/identity-federation-for-aws/aws-console-login/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3"
} |
/rest/identity-federation-for-aws/2.1/connectors/{id}/ecr/credentials?region={region}MethodsGETRequestGET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/ecr/credentials?region=us-east-1 (200) Response HeadersServer: Apache-Coyote/1.1
X-AREQUESTID: 764x100x1
X-asessionid: 1ycp90k
X-Seraph-LoginReason: OK
X-ausername: admin
Cache-Control: no-cache, no-store, no-transform
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 16 Feb 2016 16:55:39 GMT
Response Body{
"values": [
{
"authorizationToken": "QVdTOkNpQndtMFlhSVNKZVJ0Sm01bjFHNnVxZWVrWHVvWFhQATlASmNlOVJxOC8xNHhLU0J3RUJBZ0I0Y0p0R0dpRWlYa2JTWnVaOVJ1cnFubnBGN3FGMXozdVZCWEh2VWF2UDllTUFBQU5wTUlJRFpRWUpLb1pJaHZjTkFRY0dvSUlEVmpDQ0ExSUNBUUF3Z2dOTEJna3Foa2lHOXcwQkJ3RXdIZ1lKWUlaSUFXVURCQUV1TUJFRURLOG43TkNtekd0TU9oZzBEUUlCRUlDQ0F4eEMrK2s3MmF2UlZ2cGZVcGl3bU5vSEYxWXZORHdqZnZoUkc5K1VPL3d2NzNCUUlVVVduRS91bmxHREtrdElzNXFuR2FKNUFldTJET3drSVo4b01pb2hjazhrc2JDRkEraVhZMkkxcmNjaDdmV1hEbVNnYm15ZloyY010UmwrOUdDWk15bVhJelpFd3BhOXI5QUN1NVVzTVhYcHhKTFFVWEZOVVgrdWIwSThFMjFDN1BwRWRWQkl2blFUVVE1ZGttalFqVTlEREUzMStLT2w1eC80Y2pMeWZobU10bzBSc1FsOGVQTTlUYkVJcFZKT2NIelk4K05rakpwZkRUY3ZrUUJYZDRCWlFMMmtZUzhCUC9VeTF0bCs2cVY3MGhrSkpnbTBVQnJBWnhNM0FJc09SZ0Q3TUJ5WXUzZklTemlYV1FHL2s1cG1VTzV5bVlYeTJwenJxTnhnMXNFZk5rUDdGTVZLZklOenlaNUVJZjdNc3JKeDlxTlNOelpYNStVNmNJM052T2pHYkhJSjZxM0YxdWQ0aFNENXcyRUQ2bDZiVWtVS0FvR2cxSmMxaW1UUnBKTWVXWlozSjc0ZU1DL0FwZExzNzZZclNScExVYXVwNHZJQjRkRmptZ2Q1bFNMS2p0NEF5Rjd0S2ZYOG82anJSS2dyRkc5dEExZXl6dW1DdXo0MHZTQkRLQW1WNTlwK2dzYmh1aFVzcWlETWdaUHdBNis0WHNJbno1WE9xM01QaFI4cncxckhPYmxhaUtJbG14RnZFSTQ2R213TTFoSWJnc3RqNXE3cW4vcUpPOTQra1NZY0xoMFVNZWdIZmUxd2dvdjhzaDRBa0VDVG0ydkFaM2dsQmtoU3RDYTlUTGxJZGJZNHl5RVBkaGNsS3g4SDV0MGdPMXZRN3dWNjdrZG54U3JSM1pCTDdtL3VPNmdPS05zc0p4NjlyN1E0Z2k2cjhMU0RHTVEvekV4bGQzcEJxcjNoV1F3RWdEeVBBclg3Yk5wblFLQlVFV2tneW1wcUpOWkpPRUhQR0I5Rm1obDN5ZVYwS0ZWTlVBdzJWTE95ekJrU1JMVFd3OWl6VlF1eVlpSE8zcHFyMlRjczdBVVJIb2FvcFBwWGRlOTJDeFB5ZllranBEazFlMjRVVWxuUW5tY1g0cGcyUWh1VHJoWVdOc2h0MVNWU0NnanJkamhEdURwUDh6UmtzTFJFaWErUE1YZlhnRFFPOUNLK1B4cEJOZE5aQzR0ZHhpMzYrVElkVjNnQjlIcHU4YmxWTllONjgzdEpuN3c0SXRSSUhzY0NGWnRiTnY4UTdBL0dadEN4UGt3YVFkTkREZSt2RG1ia25yVGtmUEJhYzhzclNhTEJMRGJOcGZmajc4QUx0c0lISStuT1VxRDV1VGI3OTljV2dnNytyMDFw",
"expirationDate": "20160217T045542Z",
"proxyEndpoint": "https://124816326400.dkr.ecr.us-east-1.amazonaws.com",
"proxyEndpointDomain": "124816326400.dkr.ecr.us-east-1.amazonaws.com",
"username": "AWS",
"password": "CiBwm0YaISJeRtJm5n1G6uqeekXuoXXPe5UFce9Rq8/ATlASBwEBAgB4cJtGGiEiXkbSZuZ9RurqnnpF7qF1z3uVBXHvUavP9eMAAANpMIIDZQYJKoZIhvcNAQcGoIIDVjCCA1ICAQAwggNLBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDK8n7NCmzGtMOhg0DQIBEICCAxxC++k72avRVvpfUpiwmNoHF1YvNDwjfvhRG9+UO/wv73BQIUUWnE/unlGDKktIs5qnGaJ5Aeu2DOwkIZ8oMiohck8ksbCFA+iXY2I1rcch7fWXDmSgbmyfZ2cMtRl+9GCZMymXIzZEwpa9r9ACu5UsMXXpxJLQUXFNUX+ub0I8E21C7PpEdVBIvnQTUQ5dkmjQjU9DDE31+KOl5x/4cjLyfhmMto0RsQl8ePM9TbEIpVJOcHzY8+NkjJpfDTcvkQBXd4BZQL2kYS8BP/Uy1tl+6qV70hkJJgm0UBrAZxM3AIsORgD7MByYu3fISziXWQG/k5pmUO5ymYXy2pzrqNxg1sEfNkP7FMVKfINzyZ5EIf7MsrJx9qNSNzZX5+U6cI3NvOjGbHIJ6q3F1ud4hSD5w2ED6l6bUkUKAoGg1Jc1imTRpJMeWZZ3J74eMC/ApdLs76YrSRpLUaup4vIB4dFjmgd5lSLKjt4AyF7tKfX8o6jrRKgrFG9tA1eyzumCuz40vSBDKAmV59p+gsbhuhUsqiDMgZPwA6+4XsInz5XOq3MPhR8rw1rHOblaiKIlmxFvEI46GmwM1hIbgstj5q7qn/qJO94+kSYcLh0UMegHfe1wgov8sh4AkECTm2vAZ3glBkhStCa9TLlIdbY4yyEPdhclKx8H5t0gO1vQ7wV67kdnxSrR3ZBL7m/uO6gOKNssJx69r7Q4gi6r8LSDGMQ/zExld3pBqr3hWQwEgDyPArX7bNpnQKBUEWkgympqJNZJOEHPGB9Fmhl3yeV0KFVNUAw2VLOyzBkSRLTWw9izVQuyYiHO3pqr2Tcs7AURHoaopPpXde92CxPyfYkjpDk1e24UUlnQnmcX4pg2QhuTrhYWNsht1SVSCgjrdjhDuDpP8zRksLREia+PMXfXgDQO9CK+PxpBNdNZC4tdxi36+TIdV3gB9Hpu8blVNYN683tJn7w4ItRIHscCFZtbNv8Q7A/GZtCxPkwaQdNDDe+vDmbknrTkfPBac8srSaLBLDbNpffj78ALtsIHI+nOUqD5uTb799cWgg7+r01p"
}
],
"size": 1
} |
/rest/identity-federation-for-aws/2.1/connectors/{id}/codeartifact/credentials?region={region}&domain={domain}MethodsGETRequestGET http://host:port/context/rest/identity-federation-for-aws/2.1/connectors/1521fbf0-fa97-4c4a-9877-9f0c5e9982d3/codeartifact/credentials?region=us-east-1&domain=utoolity (200)
Response HeadersHTTP/1.1 200
Content-Type: application/json
Transfer-Encoding: chunked
Date: Thu, 24 Oct 2024 12:57:46 GMT
Response Body{
"authorizationToken": "eyJ2ZXIiOjEsImlzdSI6MTcyOTc3NDU0NywiZW5jIjoiQTEyOEdDTSIsInRhZyI6Im5ocktUNEVsbHVNZjlwaDdxU3hrZkEiLCJleHAiOjE3Mjk4MTc3NDcsImFsZyI6IkExMjhHQ01LVyIsIml2IjoiUjE2VjlscGIydUN4X1FKeCJ9.XWomTIulrEVFPaTxMKQc_Q.XDxGG9z1QOcLlcnQ.akyXvcgXzg2_zXcl-zhQ4qspOPh7dZ2MwYBBJCeGeSLYCnZQP4B7SYOlN0SIIBvIolvNQA8Z8dQ19JwbXa52BfXz5GMNxBU5svhRLmbKHn-8Q-Z__ZsI3nL-u2FPkKnF0mpKQPjF_LQESHFnKPngxj7h48VN0i-GljUN-LS6DwnE8WgmuyQoqXVaYIpD25JnLvx_tLKoDr9wthzEhTN95CtGl4rTRf5U7rIzfrtSUcLGPDtwGKsbHTPXeKR8enN6O14w6fIa9eOiB9HjQcK3uwyfIo8k14h8zCcJnfvxjLx9-yIWyaUq26r7JinCLQNNBsxbsEDz5FuUDGa8tkIETpZdvYgvTkphX573STOi-8PQw8W8oRjFVxUk2_jfva-clnE6gTJSIdWcdKWQS5CI84MEgNw_pF0vBzllq0Ya0_6iIDY8LkkrVEXl17nMdCXY32MWYNXq64lbHt_D_hZ7N7dmlCYuFOCD36_ksxCWmZYdoeg7JbRnRSb1OUnz5ts5j6BYHBDWew6wwlAe6FKUkNXwF21wLNQ8GHwFPwlvxvzkbMzOgNxzFRavuuASAdxGydsWyXH_P3Ci8_tAp_uVy0vqiiHBvh0TgQVmvR49d3kPuQpjrFYwB8OjksEoGw9xuC2QjY78EqMFMGLqZ_8m0LCoYPJr-mOiLmpQ23M1QaCv2LZ03UW-veRceZqn8cN6N4PuO9Wt7lgdiGu4DNR6B7XIEH5YqjU2I4FjPQ5ZVt3C6u0WSQleeXOKqdfrElyH4OSxY3IWtAnfSpNzsYJjX3JjvyYeYETVWmYoqqMBTMFSCZHi4nn8PDOpP2ZqaByyeZJYQjrWM5Xr3aAvuocYwtUFmBOMB53meiaUYfr1MIV3-yLE05_nEzJyRFqkKy1VTOO_JvhNYiUiP6phQomA2Z-TsHH78BLvYIT-_AOUwNW3TwiBTC-LkZ0wanUt81l2BzQbiJXA_cCqpUJj0h4xj1yR__jOpsk4VL4-XL7ebDfcovJFRK4vxlEhLoTIFNWi2lKNLJ4wDFD1oTPDsoKinVn1vQw1ZX_jsA38qu5P-tkle85N2ggTj6z6mTTMRoNr8dVtcBILvF5dhqEKY-1Pczgxi_ODltujHXbIyK6h8siNBGxt4-oeBiquvaAOzquTrPwyieZU0ygQ2SIycxeYXN81MaPVNA.W7ugcFUFb9QVHYijRCW0Dw",
"expirationDate": "20241025T005547Z"
}
|
REST API v2.1 resources (complete reference)
This is the complete reference of all resources available. You usually won't interact with most of these outside of administrative automation scenarios (e.g. for scripting) - please see the REST API resources (Identity Federation) for this apps actual functionality first.
Resource | URI template | methods | status | description | permissions | comments |
---|---|---|---|---|---|---|
Accounts | You usually only interact with accounts (access keys) for administrative purposes, please see the Connectors resource instead! | |||||
/accounts | GET|POST | PUBLIC | Get all accounts (AWS access keys). | Administrator | ||
/accounts/{id} | GET|DELETE|PUT | PUBLIC | Get an account (AWS access keys) identified by its id. | Administrator | ||
Connectors | This is the main resource for retrieving temporary AWS security credentials. | |||||
/connectors | GET|POST | PUBLIC | Get all AWS connectors. | Configurable | GET is the only required method for the token vendor use case, but POST is available for administration purposes. | |
/connectors/{id} | GET|DELETE|PUT | PUBLIC | Get an AWS connector identified by its id. | Configurable | GET is the only required method for the token vendor use case, but DELETE|PUT is available for administration purposes. | |
/connectors/{id}/caller-identity | GET | PUBLIC | Get details about the IAM identity whose credentials are used to call the API. | Configurable | ||
/connectors/{id}/credentials | GET | PUBLIC | Get the temporary AWS security credentials via an AWS connector identified by its id. | Configurable | This is the main resource to use for calling AWS services in turn. | |
/connectors/{id}/console/url | GET | PUBLIC | Get the URL for SSO with the AWS Management Console via a AWS connector identified by its id. | Configurable | The returned URL is not the final one, rather the one to present to users so that following it will yield the SSO with AWS in turn (provided the executing user has permission to use the connector). | |
/connectors/{id}/ecr/credentials | GET | PUBLIC | Get temporary Amazon ECR authentication credentials via a AWS connector identified by its id. | Configurable | Refer to Amazon EC2 Container Registry (Amazon ECR) authentication credentials for details.
| |
| /connectors/{id}/codeartifact/credentials | GET | PUBLIC | Get temporary AWS CodeArtifact credentials (authentication token) via a AWS connector identified by its id. | Configurable | Refer to AWS CodeArtifact authentication and tokens for details. |
Frequently Asked Questions (FAQ)
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.