AWS Security Token Service
amazonaws · Cloud
Security Token Service Security Token Service (STS) enables you to request temporary, limited-privilege credentials for Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more information about using this service, see Temporary Security Credentials .
Authentication
Sample Requests
Returns a set of temporary security credentials that you can use to access Amazon Web Services resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.
Hover any highlighted part to learn what it does
curl -X GET "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole?Tags=example&Action=AssumeRole&Policy=example&RoleArn=example&Version=2011-06-15&TokenCode=example&ExternalId=example&PolicyArns=example&SerialNumber=example&SourceIdentity=example&DurationSeconds=1&RoleSessionName=example&TransitiveTagKeys=example"
import requests
params = {
"Tags": "example",
"Action": "AssumeRole",
"Policy": "example",
"RoleArn": "example",
"Version": "2011-06-15",
"TokenCode": "example",
"ExternalId": "example",
"PolicyArns": "example",
"SerialNumber": "example",
"SourceIdentity": "example",
"DurationSeconds": "1",
"RoleSessionName": "example",
"TransitiveTagKeys": "example"
}
response = requests.get(
"https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole",
params=params,
)
print(response.json())const url = new URL('https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole');
url.searchParams.set('Tags', 'example');
url.searchParams.set('Action', 'AssumeRole');
url.searchParams.set('Policy', 'example');
url.searchParams.set('RoleArn', 'example');
url.searchParams.set('Version', '2011-06-15');
url.searchParams.set('TokenCode', 'example');
url.searchParams.set('ExternalId', 'example');
url.searchParams.set('PolicyArns', 'example');
url.searchParams.set('SerialNumber', 'example');
url.searchParams.set('SourceIdentity', 'example');
url.searchParams.set('DurationSeconds', '1');
url.searchParams.set('RoleSessionName', 'example');
url.searchParams.set('TransitiveTagKeys', 'example');
const response = await fetch(url);
const data = await response.json();
console.log(data);package main
import (
"fmt"
"io"
"net/http"
"net/url"
)
func main() {
baseURL, _ := url.Parse("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole")
q := baseURL.Query()
q.Set("Tags", "example")
q.Set("Action", "AssumeRole")
q.Set("Policy", "example")
q.Set("RoleArn", "example")
q.Set("Version", "2011-06-15")
q.Set("TokenCode", "example")
q.Set("ExternalId", "example")
q.Set("PolicyArns", "example")
q.Set("SerialNumber", "example")
q.Set("SourceIdentity", "example")
q.Set("DurationSeconds", "1")
q.Set("RoleSessionName", "example")
q.Set("TransitiveTagKeys", "example")
baseURL.RawQuery = q.Encode()
targetURL := baseURL.String()
req, _ := http.NewRequest("GET", targetURL, nil)
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}require "net/http"
require "json"
uri = URI("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole")
uri.query = URI.encode_www_form({
"Tags" => "example",
"Action" => "AssumeRole",
"Policy" => "example",
"RoleArn" => "example",
"Version" => "2011-06-15",
"TokenCode" => "example",
"ExternalId" => "example",
"PolicyArns" => "example",
"SerialNumber" => "example",
"SourceIdentity" => "example",
"DurationSeconds" => "1",
"RoleSessionName" => "example",
"TransitiveTagKeys" => "example"
})
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"
req = Net::HTTP::Get.new(uri)
res = http.request(req)
puts JSON.parse(res.body)<?php
$url = "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRole?" . http_build_query([
"Tags" => "example",
"Action" => "AssumeRole",
"Policy" => "example",
"RoleArn" => "example",
"Version" => "2011-06-15",
"TokenCode" => "example",
"ExternalId" => "example",
"PolicyArns" => "example",
"SerialNumber" => "example",
"SourceIdentity" => "example",
"DurationSeconds" => "1",
"RoleSessionName" => "example",
"TransitiveTagKeys" => "example"
]);
$opts = ["http" => [
"method" => "GET",
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configura
Hover any highlighted part to learn what it does
curl -X GET "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML?Action=AssumeRoleWithSAML&Policy=example&RoleArn=example&Version=2011-06-15&PolicyArns=example&PrincipalArn=example&SAMLAssertion=example&DurationSeconds=1"
import requests
params = {
"Action": "AssumeRoleWithSAML",
"Policy": "example",
"RoleArn": "example",
"Version": "2011-06-15",
"PolicyArns": "example",
"PrincipalArn": "example",
"SAMLAssertion": "example",
"DurationSeconds": "1"
}
response = requests.get(
"https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML",
params=params,
)
print(response.json())const url = new URL('https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML');
url.searchParams.set('Action', 'AssumeRoleWithSAML');
url.searchParams.set('Policy', 'example');
url.searchParams.set('RoleArn', 'example');
url.searchParams.set('Version', '2011-06-15');
url.searchParams.set('PolicyArns', 'example');
url.searchParams.set('PrincipalArn', 'example');
url.searchParams.set('SAMLAssertion', 'example');
url.searchParams.set('DurationSeconds', '1');
const response = await fetch(url);
const data = await response.json();
console.log(data);package main
import (
"fmt"
"io"
"net/http"
"net/url"
)
func main() {
baseURL, _ := url.Parse("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML")
q := baseURL.Query()
q.Set("Action", "AssumeRoleWithSAML")
q.Set("Policy", "example")
q.Set("RoleArn", "example")
q.Set("Version", "2011-06-15")
q.Set("PolicyArns", "example")
q.Set("PrincipalArn", "example")
q.Set("SAMLAssertion", "example")
q.Set("DurationSeconds", "1")
baseURL.RawQuery = q.Encode()
targetURL := baseURL.String()
req, _ := http.NewRequest("GET", targetURL, nil)
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}require "net/http"
require "json"
uri = URI("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML")
uri.query = URI.encode_www_form({
"Action" => "AssumeRoleWithSAML",
"Policy" => "example",
"RoleArn" => "example",
"Version" => "2011-06-15",
"PolicyArns" => "example",
"PrincipalArn" => "example",
"SAMLAssertion" => "example",
"DurationSeconds" => "1"
})
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"
req = Net::HTTP::Get.new(uri)
res = http.request(req)
puts JSON.parse(res.body)<?php
$url = "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithSAML?" . http_build_query([
"Action" => "AssumeRoleWithSAML",
"Policy" => "example",
"RoleArn" => "example",
"Version" => "2011-06-15",
"PolicyArns" => "example",
"PrincipalArn" => "example",
"SAMLAssertion" => "example",
"DurationSeconds" => "1"
]);
$opts = ["http" => [
"method" => "GET",
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID Connect-compatible identity provider such as Google or
Hover any highlighted part to learn what it does
curl -X GET "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity?Action=AssumeRoleWithWebIdentity&Policy=example&RoleArn=example&Version=2011-06-15&PolicyArns=example&ProviderId=example&DurationSeconds=1&RoleSessionName=example&WebIdentityToken=example"
import requests
params = {
"Action": "AssumeRoleWithWebIdentity",
"Policy": "example",
"RoleArn": "example",
"Version": "2011-06-15",
"PolicyArns": "example",
"ProviderId": "example",
"DurationSeconds": "1",
"RoleSessionName": "example",
"WebIdentityToken": "example"
}
response = requests.get(
"https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity",
params=params,
)
print(response.json())const url = new URL('https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity');
url.searchParams.set('Action', 'AssumeRoleWithWebIdentity');
url.searchParams.set('Policy', 'example');
url.searchParams.set('RoleArn', 'example');
url.searchParams.set('Version', '2011-06-15');
url.searchParams.set('PolicyArns', 'example');
url.searchParams.set('ProviderId', 'example');
url.searchParams.set('DurationSeconds', '1');
url.searchParams.set('RoleSessionName', 'example');
url.searchParams.set('WebIdentityToken', 'example');
const response = await fetch(url);
const data = await response.json();
console.log(data);package main
import (
"fmt"
"io"
"net/http"
"net/url"
)
func main() {
baseURL, _ := url.Parse("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity")
q := baseURL.Query()
q.Set("Action", "AssumeRoleWithWebIdentity")
q.Set("Policy", "example")
q.Set("RoleArn", "example")
q.Set("Version", "2011-06-15")
q.Set("PolicyArns", "example")
q.Set("ProviderId", "example")
q.Set("DurationSeconds", "1")
q.Set("RoleSessionName", "example")
q.Set("WebIdentityToken", "example")
baseURL.RawQuery = q.Encode()
targetURL := baseURL.String()
req, _ := http.NewRequest("GET", targetURL, nil)
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}require "net/http"
require "json"
uri = URI("https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity")
uri.query = URI.encode_www_form({
"Action" => "AssumeRoleWithWebIdentity",
"Policy" => "example",
"RoleArn" => "example",
"Version" => "2011-06-15",
"PolicyArns" => "example",
"ProviderId" => "example",
"DurationSeconds" => "1",
"RoleSessionName" => "example",
"WebIdentityToken" => "example"
})
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"
req = Net::HTTP::Get.new(uri)
res = http.request(req)
puts JSON.parse(res.body)<?php
$url = "https://api.apis.guru/v2/specs/amazonaws.com/sts/2011-06-15/#Action=AssumeRoleWithWebIdentity?" . http_build_query([
"Action" => "AssumeRoleWithWebIdentity",
"Policy" => "example",
"RoleArn" => "example",
"Version" => "2011-06-15",
"PolicyArns" => "example",
"ProviderId" => "example",
"DurationSeconds" => "1",
"RoleSessionName" => "example",
"WebIdentityToken" => "example"
]);
$opts = ["http" => [
"method" => "GET",
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));Postman Setup Guide
- See official documentation for authentication and setup.
What can you build with AWS Security Token Service?
AWS Security Token Service is a Cloud API. Developers commonly use cloud APIs for:
- provisioning and managing cloud infrastructure
- automating deployments and container orchestration
- monitoring uptime and performance metrics
- managing storage buckets and databases
- setting up auto-scaling and load balancing
No authentication required. This API is open — no signup or key needed. Ideal for quick prototypes and public-facing features. AWS Security Token Service is free to use, making it a low-risk choice to experiment with.
New to APIs? Read our beginner's guide · Learn about API keys · What is REST?