이 섹션의 다중 페이지 출력 화면임. 여기를 클릭하여 프린트.

STS

1: APIs

1.1: Acquire temporary role credential

1.1.1: 1.0

1.2: Acquire temporary role credential from SAML Assertion

1.2.1: 1.0

1.3: Create new Signature based on Session Token

1.3.1: 1.0

2: Models

2.1: StsAssumedRoleUser
2.2: StsAssumeRoleRequest
2.3: StsAssumeRoleResponse
2.4: StsAssumeRoleWithSAMLRequest
2.5: StsAssumeRoleWithSAMLResponse
2.6: StsCredentials
2.7: StsObjectStoreAuthRequest
2.8: StsObjectStoreAuthResponse

Overview

SCP에서 제공하는 IaaS/PaaS 상품을 프로그램적으로 이용할 수 있도록 지원하는 응용 프로그램 인터페이스(Application Programming Interface, API)를 제공합니다.

본 가이드는 STS 서비스에 대한 간략한 설명 및 API를 호출하는 방법을 제공합니다. API는 RESTful API 방식으로 제공되며, JSON 형식으로 응답합니다.

Version

Version	Status	Supported Until
1.0	CURRENT	-

OpenAPI URL

https://sts.{environment}.samsungsdscloud.com

Environment and Region List

environment	region
s	kr-west1
s	kr-east1
g	kr-south1
g	kr-south2
g	kr-south3
e	kr-west1
e	kr-east1

1 - APIs

1.1 - Acquire temporary role credential

1.1.1 - 1.0

post /v1/assume-role

Description

Acquire temporary role credential

상태 ACTIVE (CURRENT)

버전	최소 지원 보장일
1.0	-

Parameters

Type	Name	Description	Schema	Default
body	body required		StsAssumeRoleRequest

Responses

HTTP Code	Description	Schema
200	OK	StsAssumeRoleResponse
400	Bad Request	None
401	Unauthorized	None
404	Not Found	None

Example HTTP request

Request path

/v1/assume-role

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = ko-KR",
"Scp-Api-Version = sts 1.0"

Request body

{
    "duration_seconds": "",
    "role_indicator": "",
    "role_session_name": ""
}

Example HTTP response

Response 200

{
    "assumed_role_user": {
        "assumed_role_id": "",
        "srn": ""
    },
    "credentials": {
        "access_key_id": "",
        "expiration": "2026-02-11T06:44:31.709Z",
        "secret_access_key": "",
        "session_token": ""
    }
}

1.2 - Acquire temporary role credential from SAML Assertion

1.2.1 - 1.0

post /v1/assume-role-with-saml

Description

Acquire temporary role credential from SAML Assertion

상태 ACTIVE (CURRENT)

버전	최소 지원 보장일
1.0	-

Parameters

Type	Name	Description	Schema	Default
body	body required		StsAssumeRoleWithSAMLRequest

Responses

HTTP Code	Description	Schema
200	OK	StsAssumeRoleWithSAMLResponse
401	Unauthorized	None
403	Forbidden	None

Example HTTP request

Request path

/v1/assume-role-with-saml

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = ko-KR",
"Scp-Api-Version = sts 1.0"

Request body

{
    "duration_seconds": "",
    "principal_indicator": "",
    "role_indicator": "",
    "saml_assertion": ""
}

Example HTTP response

Response 200

{
    "assumed_role_user": {
        "assumed_role_id": "",
        "srn": ""
    },
    "audience": "",
    "credentials": {
        "access_key_id": "",
        "expiration": "2026-02-11T06:44:31.709Z",
        "secret_access_key": "",
        "session_token": ""
    },
    "issuer": "",
    "subject": "",
    "subject_type": ""
}

1.3 - Create new Signature based on Session Token

1.3.1 - 1.0

post /v1/object-store-authorization

Description

Create new Signature based on Session Token

상태 ACTIVE (CURRENT)

버전	최소 지원 보장일
1.0	-

Parameters

Type	Name	Description	Schema	Default
body	body required		StsObjectStoreAuthRequest

Responses

HTTP Code	Description	Schema
200	OK	StsObjectStoreAuthResponse
401	Unauthorized	None
403	Forbidden	None

Example HTTP request

Request path

/v1/object-store-authorization

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = ko-KR",
"Scp-Api-Version = sts 1.0"

Request body

{
    "method": "",
    "region": "us-east-1",
    "service": "s3",
    "url": "",
    "x_amz_content_sha256": "",
    "x_amz_date": ""
}

Example HTTP response

Response 200

{
    "Authorization": ""
}

2 - Models

2.1 - StsAssumedRoleUser

Name	Description	Schema	Default
assumed_role_id required	Unique identifier that contains role ID and role session name Example :	string
srn required	SRN of temporary security credentials Example :	string

2.2 - StsAssumeRoleRequest

Name	Description	Schema
duration_seconds optional	Duration of seconds of the role session Example :	integer
role_indicator required	Identifier of the role to assume. [offering:account_id:role_name] Example :	string
role_session_name required	Identifier for the assumed role session Example :	string

2.3 - StsAssumeRoleResponse

Name	Description	Schema	Default
assumed_role_user required	SRN and assumed role ID	StsAssumedRoleUser
credentials required	Temporary security credentials	StsCredentials

2.4 - StsAssumeRoleWithSAMLRequest

Name	Description	Schema
duration_seconds optional	Duration of seconds of the role session Example :	integer
principal_indicator required	Identifier of the SAML provider in IAM. [offering:account_id:provider_name] Example :	string
role_indicator required	Identifier of the role to assume. [offering:account_id:role_name] Example :	string
saml_assertion required	BASE64 encoded SAML response Example :	string

2.5 - StsAssumeRoleWithSAMLResponse

Name	Description	Schema
assumed_role_user required	SRN and assumed role ID	StsAssumedRoleUser
audience required	Value of Recipient attribute of SubjectConfirmationData element of SAML Example :	string
credentials required	Temporary security credentials	StsCredentials
issuer required	Value of Issuer element of SAML Example :	string
subject required	Value of NameID element in the Subject element of SAML Example :	string
subject_type required	Format of nameID Example :	string

2.6 - StsCredentials

Name	Description	Schema
access_key_id required	Access key ID that identifies temporary security credentials Example :	string
expiration required	Date on which credential expire Example : `2026-02-11T06:44:31.709Z`	string (date-time)
secret_access_key required	Secret access key that signs requests Example :	string
session_token required	Token that user must pass to use temporary credentials Example :	string

2.7 - StsObjectStoreAuthRequest

Name	Description	Schema	Default
method required	HTTP method used in the request Example :	string
region optional	Region where the request is made Example : `us-east-1`	string	us-east-1
service optional	Service to which the request is made Example : `s3`	string	s3
url required	The URL of the request Example :	string
x_amz_content_sha256 required	SHA256 hash of the request body Example :	string
x_amz_date required	Date and time at which the request is signed Example :	string

2.8 - StsObjectStoreAuthResponse

Name	Description	Schema	Default
Authorization required	Authorization header for object store authentication Example :	string