This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

STS

1: APIs

1.1: Acquire temporary role credential

1.1.1: 1.1
1.1.2: 1.0

1.2: Acquire temporary role credential from SAML Assertion

1.2.1: 1.1
1.2.2: 1.0

1.3: Create new Signature based on Session Token

1.3.1: 1.1
1.3.2: 1.0

2: Models

2.1: StsAssumedRoleUser
2.2: StsAssumeRoleRequest
2.3: StsAssumeRoleResponse
2.4: StsAssumeRoleWithSAMLRequest
2.5: StsAssumeRoleWithSAMLResponse
2.6: StsCredentials
2.7: StsObjectStoreAuthRequest
2.8: StsObjectStoreAuthResponse

Overview

Provides an Application Programming Interface (API) that supports programmatic use of IaaS/PaaS products provided by SCP.

This guide provides a brief description of STS service and how to call API. The API is provided as a RESTful API, and it responds in JSON format.

Version

Deprecated versions with Not Before dates that have arrived or expired are no longer supported. We recommend using the latest version.

Version	Status	Not Before
1.1	CURRENT	-
1.0	DEPRECATED	20260531

OpenAPI URL

https://sts.{environment}.samsungsdscloud.com

Environment and Region List

environment	region
s	kr-west1
s	kr-east1
g	kr-south1
g	kr-south2
g	kr-south3
e	kr-west1
e	kr-east1

1 - APIs

1.1 - Acquire temporary role credential

1.1.1 - 1.1

post /v1/assume-role

Description

Acquire temporary role credential

State ACTIVE (CURRENT)

Version	Not Before
1.1	-

Parameters

Type	Name	Description	Schema	Default
body	body required		StsAssumeRoleRequest

Responses

HTTP Code	Description	Schema
200	OK	StsAssumeRoleResponse
400	Bad Request	None
401	Unauthorized	None
403	Forbidden	None
404	Not Found	None

Example HTTP request

Request path

/v1/assume-role

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = en-US",
"Scp-Api-Version = sts 1.1"

Request body

{
    "duration_seconds": 900,
    "role_indicator": "dev2:afd580f490394896a6bceabf77683c6bd:role_name",
    "role_session_name": ""
}

Example HTTP response

Response 200

{
    "assumed_role_user": {
        "assumed_role_id": "",
        "srn": ""
    },
    "credentials": {
        "access_key_id": "",
        "expiration": "2026-04-14T15:06:19.837Z",
        "secret_access_key": "",
        "session_token": ""
    }
}

1.1.2 - 1.0

post /v1/assume-role

Description

Acquire temporary role credential

State ACTIVE (DEPRECATED)

Deprecated versions with Not Before dates that have arrived or expired are no longer supported. We recommend using the latest version.

Version	Not Before
1.0	20260531

Parameters

Type	Name	Description	Schema	Default
body	body required		StsAssumeRoleRequest

Responses

HTTP Code	Description	Schema
200	OK	StsAssumeRoleResponse
400	Bad Request	None
401	Unauthorized	None
403	Forbidden	None
404	Not Found	None

Example HTTP request

Request path

/v1/assume-role

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = en-US",
"Scp-Api-Version = sts 1.0"

Request body

{
    "duration_seconds": 900,
    "role_indicator": "dev2:afd580f490394896a6bceabf77683c6bd:role_name",
    "role_session_name": ""
}

Example HTTP response

Response 200

{
    "assumed_role_user": {
        "assumed_role_id": "",
        "srn": ""
    },
    "credentials": {
        "access_key_id": "",
        "expiration": "2026-04-14T15:06:19.785Z",
        "secret_access_key": "",
        "session_token": ""
    }
}

1.2 - Acquire temporary role credential from SAML Assertion

1.2.1 - 1.1

post /v1/assume-role-with-saml

Description

Acquire temporary role credential from SAML Assertion

State ACTIVE (CURRENT)

Version	Not Before
1.1	-

Parameters

Type	Name	Description	Schema	Default
body	body required		StsAssumeRoleWithSAMLRequest

Responses

HTTP Code	Description	Schema
200	OK	StsAssumeRoleWithSAMLResponse
400	Bad Request	None
401	Unauthorized	None
403	Forbidden	None
404	Not Found	None

Example HTTP request

Request path

/v1/assume-role-with-saml

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = en-US",
"Scp-Api-Version = sts 1.1"

Request body

{
    "duration_seconds": 900,
    "principal_indicator": "dev2:afd580f490394896a6bceabf77683c6bd:principal_name",
    "role_indicator": "dev2:afd580f490394896a6bceabf77683c6bd:role_name",
    "saml_assertion": ""
}

Example HTTP response

Response 200

{
    "assumed_role_user": {
        "assumed_role_id": "",
        "srn": ""
    },
    "audience": "",
    "credentials": {
        "access_key_id": "",
        "expiration": "2026-04-14T15:06:19.854Z",
        "secret_access_key": "",
        "session_token": ""
    },
    "issuer": "",
    "subject": "",
    "subject_type": ""
}

1.2.2 - 1.0

post /v1/assume-role-with-saml

Description

Acquire temporary role credential from SAML Assertion

State ACTIVE (DEPRECATED)

Deprecated versions with Not Before dates that have arrived or expired are no longer supported. We recommend using the latest version.

Version	Not Before
1.0	20260531

Parameters

Type	Name	Description	Schema	Default
body	body required		StsAssumeRoleWithSAMLRequest

Responses

HTTP Code	Description	Schema
200	OK	StsAssumeRoleWithSAMLResponse
400	Bad Request	None
401	Unauthorized	None
403	Forbidden	None
404	Not Found	None

Example HTTP request

Request path

/v1/assume-role-with-saml

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = en-US",
"Scp-Api-Version = sts 1.0"

Request body

{
    "duration_seconds": 900,
    "principal_indicator": "dev2:afd580f490394896a6bceabf77683c6bd:principal_name",
    "role_indicator": "dev2:afd580f490394896a6bceabf77683c6bd:role_name",
    "saml_assertion": ""
}

Example HTTP response

Response 200

{
    "assumed_role_user": {
        "assumed_role_id": "",
        "srn": ""
    },
    "audience": "",
    "credentials": {
        "access_key_id": "",
        "expiration": "2026-04-14T15:06:19.802Z",
        "secret_access_key": "",
        "session_token": ""
    },
    "issuer": "",
    "subject": "",
    "subject_type": ""
}

1.3 - Create new Signature based on Session Token

1.3.1 - 1.1

post /v1/object-store-authorization

Description

Create new Signature based on Session Token

State ACTIVE (CURRENT)

Version	Not Before
1.1	-

Parameters

Type	Name	Description	Schema	Default
body	body required		StsObjectStoreAuthRequest

Responses

HTTP Code	Description	Schema
200	OK	StsObjectStoreAuthResponse
400	Bad Request	None
401	Unauthorized	None
403	Forbidden	None

Example HTTP request

Request path

/v1/object-store-authorization

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = en-US",
"Scp-Api-Version = sts 1.1"

Request body

{
    "method": "",
    "region": "kr-west1",
    "service": "s3",
    "url": "",
    "x_amz_content_sha256": "",
    "x_amz_date": ""
}

Example HTTP response

Response 200

{
    "Authorization": ""
}

1.3.2 - 1.0

post /v1/object-store-authorization

Description

Create new Signature based on Session Token

State ACTIVE (DEPRECATED)

Deprecated versions with Not Before dates that have arrived or expired are no longer supported. We recommend using the latest version.

Version	Not Before
1.0	20260531

Parameters

Type	Name	Description	Schema	Default
body	body required		StsObjectStoreAuthRequest

Responses

HTTP Code	Description	Schema
200	OK	StsObjectStoreAuthResponse
400	Bad Request	None
401	Unauthorized	None
403	Forbidden	None

Example HTTP request

Request path

/v1/object-store-authorization

Request header

"Scp-Accesskey = 2sd2gg=2agbdSD26svcD",
"Scp-Signature = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=",
"Scp-Timestamp = 1605290625682",
"Scp-ClientType = Openapi",
"Accept-Language = en-US",
"Scp-Api-Version = sts 1.0"

Request body

{
    "method": "",
    "region": "kr-west1",
    "service": "s3",
    "url": "",
    "x_amz_content_sha256": "",
    "x_amz_date": ""
}

Example HTTP response

Response 200

{
    "Authorization": ""
}

2 - Models

2.1 - StsAssumedRoleUser

Name	Description	Schema	Default
assumed_role_id required	Assumed Role ID Example :	string
srn required	Temporary Credentials SRN Example :	string

2.2 - StsAssumeRoleRequest

Name	Description	Schema	Default
duration_seconds optional	Duration of seconds of the role session Example : `900`	integer	900
role_indicator required	Identifier of the role to assume. [offering:account_id:role_name] Example : `dev2:afd580f490394896a6bceabf77683c6bd:role_name` Pattern : `^[^:]+:[^:]+:[^:]+$` Minimum length : `32`	string
role_session_name required	Role Session Name Example : Minimum length : `1` Maximum length : `64`	string

2.3 - StsAssumeRoleResponse

Name	Description	Schema	Default
assumed_role_user required	Assumed Role ID	StsAssumedRoleUser
credentials required	Temporary Credentials	StsCredentials

2.4 - StsAssumeRoleWithSAMLRequest

Name	Description	Schema	Default
duration_seconds optional	Duration of seconds of the role session Example : `900`	integer	900
principal_indicator required	SAML Provider Indicator Example : `dev2:afd580f490394896a6bceabf77683c6bd:principal_name` Pattern : `^[^:]+:[^:]+:[^:]+$` Minimum length : `32`	string
role_indicator required	Identifier of the role to assume. [offering:account_id:role_name] Example : `dev2:afd580f490394896a6bceabf77683c6bd:role_name` Pattern : `^[^:]+:[^:]+:[^:]+$` Minimum length : `32`	string
saml_assertion required	SAML Assertion Example : Minimum length : `1`	string

2.5 - StsAssumeRoleWithSAMLResponse

Name	Description	Schema
assumed_role_user required	Assumed Role ID	StsAssumedRoleUser
audience required	Recipient Value Example :	string
credentials required	Temporary Credentials	StsCredentials
issuer required	Issuer Value Example :	string
subject required	Name ID Value Example :	string
subject_type required	Name ID Format Example :	string

2.6 - StsCredentials

Name	Description	Schema
access_key_id required	Temporary Access Key ID Example :	string
expiration required	Temporary Credentials Expiration Example :	string (date-time)
secret_access_key required	Secret Access Key Example :	string
session_token required	Token that user must pass to use temporary credentials Example :	string

2.7 - StsObjectStoreAuthRequest

Name	Description	Schema	Default
method required	HTTP Method Example : Minimum length : `1`	string
region optional	Region Example : `kr-west1`	string	kr-west1
service optional	Service Example : `s3`	string	s3
url required	The URL of the request Example : Minimum length : `1`	string
x_amz_content_sha256 required	AMZ Content SHA256 Example : Minimum length : `1`	string
x_amz_date required	AMZ Date Example : Minimum length : `1`	string

2.8 - StsObjectStoreAuthResponse

Name	Description	Schema	Default
Authorization required	Authorization Header Example :	string