Menu
Amazon EC2 Container Registry
API Reference (API Version 2015-09-21)

GetAuthorizationToken

Retrieves a token that is valid for a specified registry for 12 hours. This command allows you to use the docker CLI to push and pull images with Amazon ECR. If you do not specify a registry, the default registry is assumed.

The authorizationToken returned for each registry specified is a base64 encoded string that can be decoded and used in a docker login command to authenticate to a registry. The AWS CLI offers an aws ecr get-login command that simplifies the login process.

Request Syntax

Copy
{ "registryIds": [ "string" ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

registryIds

A list of AWS account IDs that are associated with the registries for which to get authorization tokens. If you do not specify a registry, the default registry is assumed.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 10 items.

Pattern: [0-9]{12}

Required: No

Response Syntax

Copy
{ "authorizationData": [ { "authorizationToken": "string", "expiresAt": number, "proxyEndpoint": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

authorizationData

A list of authorization token data objects that correspond to the registryIds values in the request.

Type: Array of AuthorizationData objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidParameterException

The specified parameter is invalid. Review the available parameters for the API request.

HTTP Status Code: 400

ServerException

These errors are usually caused by a server-side issue.

HTTP Status Code: 500

Example

In the following example or examples, the Authorization header contents (AUTHPARAMS) must be replaced with an AWS Signature Version 4 signature. For more information about creating these signatures, see Signature Version 4 Signing Process in the AWS General Reference.

You only need to learn how to sign HTTP requests if you intend to manually create them. When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to make requests to AWS, these tools automatically sign the requests for you with the access key that you specify when you configure the tools. When you use these tools, you don't need to learn how to sign requests yourself.

Example

This example gets an authorization token for your default registry.

Sample Request

Copy
POST / HTTP/1.1 Host: ecr.us-east-1.amazonaws.com Accept-Encoding: identity Content-Length: 2 X-Amz-Target: AmazonEC2ContainerRegistry_V20150921.GetAuthorizationToken X-Amz-Date: 20151129T221940Z User-Agent: aws-cli/1.9.9 Python/2.7.10 Darwin/14.5.0 botocore/1.3.9 Content-Type: application/x-amz-json-1.1 Authorization: AUTHPARAMS {}

Sample Response

Copy
HTTP/1.1 200 OK Server: Server Date: Sun, 29 Nov 2015 22:19:39 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 1590 Connection: keep-alive x-amzn-RequestId: 123a4b56-7c89-01d2-3ef4-example5678f { "authorizationData": [ { "authorizationToken": "QVdTOkNpQzErSHF1ZXZPcUR...", "expiresAt": 1448878779.809, "proxyEndpoint": "https://012345678910.dkr.ecr.us-east-1.amazonaws.com" } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: