This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

STS

1: APIs

1.1: Acquire temporary role credential

1.1.1: 1.0

1.2: Acquire temporary role credential from SAML Assertion

1.2.1: 1.0

1.3: Create new Signature based on Session Token

1.3.1: 1.0

2: Models

2.1: StsAssumedRoleUser
2.2: StsAssumeRoleRequest
2.3: StsAssumeRoleResponse
2.4: StsAssumeRoleWithSAMLRequest
2.5: StsAssumeRoleWithSAMLResponse
2.6: StsCredentials
2.7: StsObjectStoreAuthRequest
2.8: StsObjectStoreAuthResponse

Overview

Provides an Application Programming Interface (API) that supports programmatic use of IaaS/PaaS products provided by SCP.

This guide provides a brief description of STS service and how to call API. The API is provided as a RESTful API, and it responds in JSON format.

Version

Version	Status	Supported Until
1.0	CURRENT	-

OpenAPI URL

https://sts.{environment}.samsungsdscloud.com

Environment and Region List

environment	region
s	kr-west1
s	kr-east1
g	kr-south1
g	kr-south2
g	kr-south3
e	kr-west1
e	kr-east1

1 - APIs

1.1 - Acquire temporary role credential

1.1.1 - 1.0

post /v1/assume-role

Description

Acquire temporary role credential

State ACTIVE (CURRENT)

Version	Supported Until
1.0	-

Parameters

Type	Name	Description	Schema	Default
body	body required		StsAssumeRoleRequest

Responses

HTTP Code	Description	Schema
200	OK	StsAssumeRoleResponse
400	Bad Request	None
401	Unauthorized	None
404	Not Found	None

Example HTTP request

Request path

/v1/assume-role

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = en-US",
"Scp-Api-Version = sts 1.0"

Request body

{
    "duration_seconds": "",
    "role_indicator": "",
    "role_session_name": ""
}

Example HTTP response

Response 200

{
    "assumed_role_user": {
        "assumed_role_id": "",
        "srn": ""
    },
    "credentials": {
        "access_key_id": "",
        "expiration": "2026-02-11T06:44:31.554Z",
        "secret_access_key": "",
        "session_token": ""
    }
}

1.2 - Acquire temporary role credential from SAML Assertion

1.2.1 - 1.0

post /v1/assume-role-with-saml

Description

Acquire temporary role credential from SAML Assertion

State ACTIVE (CURRENT)

Version	Supported Until
1.0	-

Parameters

Type	Name	Description	Schema	Default
body	body required		StsAssumeRoleWithSAMLRequest

Responses

HTTP Code	Description	Schema
200	OK	StsAssumeRoleWithSAMLResponse
401	Unauthorized	None
403	Forbidden	None

Example HTTP request

Request path

/v1/assume-role-with-saml

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = en-US",
"Scp-Api-Version = sts 1.0"

Request body

{
    "duration_seconds": "",
    "principal_indicator": "",
    "role_indicator": "",
    "saml_assertion": ""
}

Example HTTP response

Response 200

{
    "assumed_role_user": {
        "assumed_role_id": "",
        "srn": ""
    },
    "audience": "",
    "credentials": {
        "access_key_id": "",
        "expiration": "2026-02-11T06:44:31.599Z",
        "secret_access_key": "",
        "session_token": ""
    },
    "issuer": "",
    "subject": "",
    "subject_type": ""
}

1.3 - Create new Signature based on Session Token

1.3.1 - 1.0

post /v1/object-store-authorization

Description

Create new Signature based on Session Token

State ACTIVE (CURRENT)

Version	Supported Until
1.0	-

Parameters

Type	Name	Description	Schema	Default
body	body required		StsObjectStoreAuthRequest

Responses

HTTP Code	Description	Schema
200	OK	StsObjectStoreAuthResponse
401	Unauthorized	None
403	Forbidden	None

Example HTTP request

Request path

/v1/object-store-authorization

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = en-US",
"Scp-Api-Version = sts 1.0"

Request body

{
    "method": "",
    "region": "us-east-1",
    "service": "s3",
    "url": "",
    "x_amz_content_sha256": "",
    "x_amz_date": ""
}

Example HTTP response

Response 200

{
    "Authorization": ""
}

2 - Models

2.1 - StsAssumedRoleUser

Name	Description	Schema	Default
assumed_role_id required	Unique identifier that contains role ID and role session name Example :	string
srn required	SRN of temporary security credentials Example :	string

2.2 - StsAssumeRoleRequest

Name	Description	Schema
duration_seconds optional	Duration of seconds of the role session Example :	integer
role_indicator required	Identifier of the role to assume. [offering:account_id:role_name] Example :	string
role_session_name required	Identifier for the assumed role session Example :	string

2.3 - StsAssumeRoleResponse

Name	Description	Schema	Default
assumed_role_user required	SRN and assumed role ID	StsAssumedRoleUser
credentials required	Temporary security credentials	StsCredentials

2.4 - StsAssumeRoleWithSAMLRequest

Name	Description	Schema
duration_seconds optional	Duration of seconds of the role session Example :	integer
principal_indicator required	Identifier of the SAML provider in IAM. [offering:account_id:provider_name] Example :	string
role_indicator required	Identifier of the role to assume. [offering:account_id:role_name] Example :	string
saml_assertion required	BASE64 encoded SAML response Example :	string

2.5 - StsAssumeRoleWithSAMLResponse

Name	Description	Schema
assumed_role_user required	SRN and assumed role ID	StsAssumedRoleUser
audience required	Value of Recipient attribute of SubjectConfirmationData element of SAML Example :	string
credentials required	Temporary security credentials	StsCredentials
issuer required	Value of Issuer element of SAML Example :	string
subject required	Value of NameID element in the Subject element of SAML Example :	string
subject_type required	Format of nameID Example :	string

2.6 - StsCredentials

Name	Description	Schema
access_key_id required	Access key ID that identifies temporary security credentials Example :	string
expiration required	Date on which credential expire Example :	string (date-time)
secret_access_key required	Secret access key that signs requests Example :	string
session_token required	Token that user must pass to use temporary credentials Example :	string

2.7 - StsObjectStoreAuthRequest

Name	Description	Schema	Default
method required	HTTP method used in the request Example :	string
region optional	Region where the request is made Example : `us-east-1`	string	us-east-1
service optional	Service to which the request is made Example : `s3`	string	s3
url required	The URL of the request Example :	string
x_amz_content_sha256 required	SHA256 hash of the request body Example :	string
x_amz_date required	Date and time at which the request is signed Example :	string

2.8 - StsObjectStoreAuthResponse

Name	Description	Schema	Default
Authorization required	Authorization header for object store authentication Example :	string