BedrockAgentCore / Client / get_resource_payment_token

get_resource_payment_token

BedrockAgentCore.Client.get_resource_payment_token(**kwargs)

Generates authentication tokens for payment providers that use vendor-specific authentication mechanisms.

See also: AWS API Documentation

Request Syntax

response = client.get_resource_payment_token(
    workloadIdentityToken='string',
    resourceCredentialProviderName='string',
    paymentTokenRequest={
        'coinbaseCdpTokenRequest': {
            'requestMethod': 'GET'|'POST'|'PUT'|'DELETE'|'PATCH',
            'requestHost': 'string',
            'requestPath': 'string',
            'includeWalletAuthToken': True|False,
            'requestBody': 'string'
        },
        'stripePrivyTokenRequest': {
            'requestHost': 'string',
            'requestPath': 'string',
            'requestBody': 'string',
            'includeAuthorizationSignature': True|False
        }
    }
)
Parameters:

  • workloadIdentityToken (string) –

    [REQUIRED]

    Workload access token for authorization. Named workloadIdentityToken for consistency with APIKey and OAuth2CredentialProvider.

  • resourceCredentialProviderName (string) –

    [REQUIRED]

    Name of the payment credential provider to use

  • paymentTokenRequest (dict) –

    [REQUIRED]

    Vendor-specific token request input Contains all request parameters in a type-safe, vendor-specific structure

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: coinbaseCdpTokenRequest, stripePrivyTokenRequest.

    • coinbaseCdpTokenRequest (dict) –

      Coinbase CDP token request parameters

      • requestMethod (string) – [REQUIRED]

        The HTTP method for the payment API request.

      • requestHost (string) –

        Optional - defaults to “api.cdp.coinbase.com”

      • requestPath (string) – [REQUIRED]

        The path of the payment API request.

      • includeWalletAuthToken (boolean) –

        Set to true for wallet write operations (requires walletSecret configured)

      • requestBody (string) –

        Request body JSON - used to generate wallet auth JWT

    • stripePrivyTokenRequest (dict) –

      StripePrivy token request parameters

      • requestHost (string) –

        Optional - defaults to “api.privy.io”

      • requestPath (string) – [REQUIRED]

        The path of the Stripe Privy API request.

      • requestBody (string) – [REQUIRED]

        Request body JSON for the Privy API call

      • includeAuthorizationSignature (boolean) –

        Set to true to generate privy-authorization-signature

Return type:

dict

Returns:

Response Syntax

{
    'paymentTokenResponse': {
        'coinbaseCdpTokenResponse': {
            'bearerToken': 'string',
            'walletAuthToken': 'string'
        },
        'stripePrivyTokenResponse': {
            'authorizationSignature': 'string',
            'requestExpiry': 123,
            'appId': 'string',
            'basicAuthToken': 'string'
        }
    }
}

Response Structure

  • (dict) –

    • paymentTokenResponse (dict) –

      Vendor-specific token response output Contains all response data in a type-safe, vendor-specific structure

      Note

      This is a Tagged Union structure. Only one of the following top level keys will be set: coinbaseCdpTokenResponse, stripePrivyTokenResponse. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}

      • coinbaseCdpTokenResponse (dict) –

        Coinbase CDP token response

        • bearerToken (string) –

          Bearer Token for Authorization header

        • walletAuthToken (string) –

          Wallet Auth Token for X-Wallet-Auth header

      • stripePrivyTokenResponse (dict) –

        StripePrivy token response containing appId, basicAuthToken, and optionally authorizationSignature

        • authorizationSignature (string) –

          Base64-encoded ECDSA P-256 authorization signature (only present when includeAuthorizationSignature is true)

        • requestExpiry (integer) –

          Unix timestamp in milliseconds when the authorization signature expires. Set as privy-request-expiry header.

        • appId (string) –

          The Privy app ID for the privy-app-id header

        • basicAuthToken (string) –

          Base64-encoded Basic Auth token (appId:appSecret) for the Authorization header

Exceptions

  • BedrockAgentCore.Client.exceptions.UnauthorizedException

  • BedrockAgentCore.Client.exceptions.ValidationException

  • BedrockAgentCore.Client.exceptions.AccessDeniedException

  • BedrockAgentCore.Client.exceptions.ResourceNotFoundException

  • BedrockAgentCore.Client.exceptions.ThrottlingException

  • BedrockAgentCore.Client.exceptions.InternalServerException