Find an API

Search public APIs with auth details & Postman guides

← All APIs

AWS Security Token Service

amazonaws · Cloud

Cloud No Auth Free & Open cloud

Security Token Service Security Token Service (STS) enables you to request temporary, limited-privilege credentials for Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more information about using this service, see Temporary Security Credentials .

Authentication

No authentication requiredFree to use with no key needed.

Sample Requests

GET GET_AssumeRole

Returns a set of temporary security credentials that you can use to access Amazon Web Services resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole?Tags=example&Action=AssumeRole&Policy=example&RoleArn=example&Version=2011-06-15&TokenCode=example&ExternalId=example&PolicyArns=example&SerialNumber=example&SourceIdentity=example&DurationSeconds=1&RoleSessionName=example&TransitiveTagKeys=example

Hover any highlighted part to learn what it does

curl -X GET "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole?Tags=example&Action=AssumeRole&Policy=example&RoleArn=example&Version=2011-06-15&TokenCode=example&ExternalId=example&PolicyArns=example&SerialNumber=example&SourceIdentity=example&DurationSeconds=1&RoleSessionName=example&TransitiveTagKeys=example"
import requests
params = {
    "Tags": "example",
    "Action": "AssumeRole",
    "Policy": "example",
    "RoleArn": "example",
    "Version": "2011-06-15",
    "TokenCode": "example",
    "ExternalId": "example",
    "PolicyArns": "example",
    "SerialNumber": "example",
    "SourceIdentity": "example",
    "DurationSeconds": "1",
    "RoleSessionName": "example",
    "TransitiveTagKeys": "example"
}
response = requests.get(
    "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole",
    params=params,
)
print(response.json())
const url = new URL('https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole');
url.searchParams.set('Tags', 'example');
url.searchParams.set('Action', 'AssumeRole');
url.searchParams.set('Policy', 'example');
url.searchParams.set('RoleArn', 'example');
url.searchParams.set('Version', '2011-06-15');
url.searchParams.set('TokenCode', 'example');
url.searchParams.set('ExternalId', 'example');
url.searchParams.set('PolicyArns', 'example');
url.searchParams.set('SerialNumber', 'example');
url.searchParams.set('SourceIdentity', 'example');
url.searchParams.set('DurationSeconds', '1');
url.searchParams.set('RoleSessionName', 'example');
url.searchParams.set('TransitiveTagKeys', 'example');

const response = await fetch(url); 
const data = await response.json();
console.log(data);
package main

import (
	"fmt"
	"io"
	"net/http"
	"net/url"
)

func main() {
	baseURL, _ := url.Parse("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole")
	q := baseURL.Query()
	q.Set("Tags", "example")
	q.Set("Action", "AssumeRole")
	q.Set("Policy", "example")
	q.Set("RoleArn", "example")
	q.Set("Version", "2011-06-15")
	q.Set("TokenCode", "example")
	q.Set("ExternalId", "example")
	q.Set("PolicyArns", "example")
	q.Set("SerialNumber", "example")
	q.Set("SourceIdentity", "example")
	q.Set("DurationSeconds", "1")
	q.Set("RoleSessionName", "example")
	q.Set("TransitiveTagKeys", "example")
	baseURL.RawQuery = q.Encode()
	targetURL := baseURL.String()
	req, _ := http.NewRequest("GET", targetURL, nil)

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	fmt.Println(string(body))
}
require "net/http"
require "json"

uri = URI("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole")
uri.query = URI.encode_www_form({
  "Tags" => "example",
  "Action" => "AssumeRole",
  "Policy" => "example",
  "RoleArn" => "example",
  "Version" => "2011-06-15",
  "TokenCode" => "example",
  "ExternalId" => "example",
  "PolicyArns" => "example",
  "SerialNumber" => "example",
  "SourceIdentity" => "example",
  "DurationSeconds" => "1",
  "RoleSessionName" => "example",
  "TransitiveTagKeys" => "example"
})

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"

req = Net::HTTP::Get.new(uri)

res = http.request(req)
puts JSON.parse(res.body)
<?php
$url = "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole?" . http_build_query([
    "Tags" => "example",
    "Action" => "AssumeRole",
    "Policy" => "example",
    "RoleArn" => "example",
    "Version" => "2011-06-15",
    "TokenCode" => "example",
    "ExternalId" => "example",
    "PolicyArns" => "example",
    "SerialNumber" => "example",
    "SourceIdentity" => "example",
    "DurationSeconds" => "1",
    "RoleSessionName" => "example",
    "TransitiveTagKeys" => "example"
]);
$opts = ["http" => [
    "method" => "GET",
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));
GET GET_AssumeRoleWithSAML

Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configura

https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML?Action=AssumeRoleWithSAML&Policy=example&RoleArn=example&Version=2011-06-15&PolicyArns=example&PrincipalArn=example&SAMLAssertion=example&DurationSeconds=1

Hover any highlighted part to learn what it does

curl -X GET "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML?Action=AssumeRoleWithSAML&Policy=example&RoleArn=example&Version=2011-06-15&PolicyArns=example&PrincipalArn=example&SAMLAssertion=example&DurationSeconds=1"
import requests
params = {
    "Action": "AssumeRoleWithSAML",
    "Policy": "example",
    "RoleArn": "example",
    "Version": "2011-06-15",
    "PolicyArns": "example",
    "PrincipalArn": "example",
    "SAMLAssertion": "example",
    "DurationSeconds": "1"
}
response = requests.get(
    "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML",
    params=params,
)
print(response.json())
const url = new URL('https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML');
url.searchParams.set('Action', 'AssumeRoleWithSAML');
url.searchParams.set('Policy', 'example');
url.searchParams.set('RoleArn', 'example');
url.searchParams.set('Version', '2011-06-15');
url.searchParams.set('PolicyArns', 'example');
url.searchParams.set('PrincipalArn', 'example');
url.searchParams.set('SAMLAssertion', 'example');
url.searchParams.set('DurationSeconds', '1');

const response = await fetch(url); 
const data = await response.json();
console.log(data);
package main

import (
	"fmt"
	"io"
	"net/http"
	"net/url"
)

func main() {
	baseURL, _ := url.Parse("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML")
	q := baseURL.Query()
	q.Set("Action", "AssumeRoleWithSAML")
	q.Set("Policy", "example")
	q.Set("RoleArn", "example")
	q.Set("Version", "2011-06-15")
	q.Set("PolicyArns", "example")
	q.Set("PrincipalArn", "example")
	q.Set("SAMLAssertion", "example")
	q.Set("DurationSeconds", "1")
	baseURL.RawQuery = q.Encode()
	targetURL := baseURL.String()
	req, _ := http.NewRequest("GET", targetURL, nil)

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	fmt.Println(string(body))
}
require "net/http"
require "json"

uri = URI("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML")
uri.query = URI.encode_www_form({
  "Action" => "AssumeRoleWithSAML",
  "Policy" => "example",
  "RoleArn" => "example",
  "Version" => "2011-06-15",
  "PolicyArns" => "example",
  "PrincipalArn" => "example",
  "SAMLAssertion" => "example",
  "DurationSeconds" => "1"
})

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"

req = Net::HTTP::Get.new(uri)

res = http.request(req)
puts JSON.parse(res.body)
<?php
$url = "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML?" . http_build_query([
    "Action" => "AssumeRoleWithSAML",
    "Policy" => "example",
    "RoleArn" => "example",
    "Version" => "2011-06-15",
    "PolicyArns" => "example",
    "PrincipalArn" => "example",
    "SAMLAssertion" => "example",
    "DurationSeconds" => "1"
]);
$opts = ["http" => [
    "method" => "GET",
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));
GET GET_AssumeRoleWithWebIdentity

Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID Connect-compatible identity provider such as Google or

https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity?Action=AssumeRoleWithWebIdentity&Policy=example&RoleArn=example&Version=2011-06-15&PolicyArns=example&ProviderId=example&DurationSeconds=1&RoleSessionName=example&WebIdentityToken=example

Hover any highlighted part to learn what it does

curl -X GET "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity?Action=AssumeRoleWithWebIdentity&Policy=example&RoleArn=example&Version=2011-06-15&PolicyArns=example&ProviderId=example&DurationSeconds=1&RoleSessionName=example&WebIdentityToken=example"
import requests
params = {
    "Action": "AssumeRoleWithWebIdentity",
    "Policy": "example",
    "RoleArn": "example",
    "Version": "2011-06-15",
    "PolicyArns": "example",
    "ProviderId": "example",
    "DurationSeconds": "1",
    "RoleSessionName": "example",
    "WebIdentityToken": "example"
}
response = requests.get(
    "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity",
    params=params,
)
print(response.json())
const url = new URL('https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity');
url.searchParams.set('Action', 'AssumeRoleWithWebIdentity');
url.searchParams.set('Policy', 'example');
url.searchParams.set('RoleArn', 'example');
url.searchParams.set('Version', '2011-06-15');
url.searchParams.set('PolicyArns', 'example');
url.searchParams.set('ProviderId', 'example');
url.searchParams.set('DurationSeconds', '1');
url.searchParams.set('RoleSessionName', 'example');
url.searchParams.set('WebIdentityToken', 'example');

const response = await fetch(url); 
const data = await response.json();
console.log(data);
package main

import (
	"fmt"
	"io"
	"net/http"
	"net/url"
)

func main() {
	baseURL, _ := url.Parse("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity")
	q := baseURL.Query()
	q.Set("Action", "AssumeRoleWithWebIdentity")
	q.Set("Policy", "example")
	q.Set("RoleArn", "example")
	q.Set("Version", "2011-06-15")
	q.Set("PolicyArns", "example")
	q.Set("ProviderId", "example")
	q.Set("DurationSeconds", "1")
	q.Set("RoleSessionName", "example")
	q.Set("WebIdentityToken", "example")
	baseURL.RawQuery = q.Encode()
	targetURL := baseURL.String()
	req, _ := http.NewRequest("GET", targetURL, nil)

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	fmt.Println(string(body))
}
require "net/http"
require "json"

uri = URI("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity")
uri.query = URI.encode_www_form({
  "Action" => "AssumeRoleWithWebIdentity",
  "Policy" => "example",
  "RoleArn" => "example",
  "Version" => "2011-06-15",
  "PolicyArns" => "example",
  "ProviderId" => "example",
  "DurationSeconds" => "1",
  "RoleSessionName" => "example",
  "WebIdentityToken" => "example"
})

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"

req = Net::HTTP::Get.new(uri)

res = http.request(req)
puts JSON.parse(res.body)
<?php
$url = "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity?" . http_build_query([
    "Action" => "AssumeRoleWithWebIdentity",
    "Policy" => "example",
    "RoleArn" => "example",
    "Version" => "2011-06-15",
    "PolicyArns" => "example",
    "ProviderId" => "example",
    "DurationSeconds" => "1",
    "RoleSessionName" => "example",
    "WebIdentityToken" => "example"
]);
$opts = ["http" => [
    "method" => "GET",
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));

Postman Setup Guide

Get Postman ↗
  1. See official documentation for authentication and setup.

What can you build with AWS Security Token Service?

AWS Security Token Service is a Cloud API. Developers commonly use cloud APIs for:

  • provisioning and managing cloud infrastructure
  • automating deployments and container orchestration
  • monitoring uptime and performance metrics
  • managing storage buckets and databases
  • setting up auto-scaling and load balancing

No authentication required. This API is open — no signup or key needed. Ideal for quick prototypes and public-facing features. AWS Security Token Service is free to use, making it a low-risk choice to experiment with.

New to APIs? Read our beginner's guide · Learn about API keys · What is REST?

Open documentation ↗