GetAuthorizationToken
Generates a temporary authorization token for accessing repositories in the domain.
This API requires the codeartifact:GetAuthorizationToken
and sts:GetServiceBearerToken
permissions.
For more information about authorization tokens, see
AWS CodeArtifact authentication and tokens.
Note
CodeArtifact authorization tokens are valid for a period of 12 hours when created with the login
command.
You can call login
periodically to refresh the token. When
you create an authorization token with the GetAuthorizationToken
API, you can set a custom authorization period,
up to a maximum of 12 hours, with the durationSeconds
parameter.
The authorization period begins after login
or GetAuthorizationToken
is called. If login
or GetAuthorizationToken
is called while
assuming a role, the token lifetime is independent of the maximum session duration
of the role. For example, if you call sts assume-role
and specify a session duration of 15 minutes, then
generate a CodeArtifact authorization token, the token will be valid for the full authorization period
even though this is longer than the 15-minute session duration.
See Using IAM Roles for more information on controlling session duration.
Request Syntax
POST /v1/authorization-token?domain=domain
&domain-owner=domainOwner
&duration=durationSeconds
HTTP/1.1
URI Request Parameters
The request uses the following URI parameters.
- domain
-
The name of the domain that is in scope for the generated authorization token.
Length Constraints: Minimum length of 2. Maximum length of 50.
Pattern:
[a-z][a-z0-9\-]{0,48}[a-z0-9]
Required: Yes
- domainOwner
-
The 12-digit account number of the AWS account that owns the domain. It does not include dashes or spaces.
Length Constraints: Fixed length of 12.
Pattern:
[0-9]{12}
- durationSeconds
-
The time, in seconds, that the generated authorization token is valid. Valid values are
0
and any number between900
(15 minutes) and43200
(12 hours). A value of0
will set the expiration of the authorization token to the same expiration of the user's role's temporary credentials.Valid Range: Minimum value of 0. Maximum value of 43200.
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"authorizationToken": "string",
"expiration": number
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
-
The returned authentication token.
Type: String
- expiration
-
A timestamp that specifies the date and time the authorization token expires.
Type: Timestamp
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
The operation did not succeed because of an unauthorized access attempt.
HTTP Status Code: 403
- InternalServerException
-
The operation did not succeed because of an error that occurred inside AWS CodeArtifact.
HTTP Status Code: 500
- ResourceNotFoundException
-
The operation did not succeed because the resource requested is not found in the service.
HTTP Status Code: 404
- ThrottlingException
-
The operation did not succeed because too many requests are sent to the service.
HTTP Status Code: 429
- ValidationException
-
The operation did not succeed because a parameter in the request was sent with an invalid value.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: