SAVE AS PDF
Lyve Cloud Object Storage API User Guide 
Lyve Cloud Object Storage API User Guide 

Was this content helpful?

OPEN MENU CLOSE MENU

Credentials Management (STS)

The STS endpoint (https://sts.example.lyve.seagate.com) allows managing temporary user tokens and performing login with username and password. Requests to the STS endpoint must be signed specifying "sts" as service.

AssumeRole

Get a set of temporary keys for a user with access/secret keys:

POST /?Action=AssumeRole

POST Parameters

Parameter Description
Action must be set to AssumeRole
Version must be set to 2011-06-15
DurationSeconds token validity in seconds, between 15 minutes and 12 hours. Defaults to 15 minutes
RoleSessionName required but ignored
RoleArn required but ignored

Example Request

    POST / HTTP/1.1
    Host: sts.example.rstorcloud.io
    Content-Length: 80
    Content-Type: application/x-www-form-urlencoded; charset=utf-8
    Authorization: [...]
    X-Amz-Date: [...]

    Action=AssumeRole&RoleArn=Required1&RoleSessionName=Required2&Version=2011-06-15

Response

On success, an XML document containing the requested credentials at AssumeRoleResult/Credentials is returned. An error status code is returned otherwise.

    <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
    <AssumeRoleResult>
        <Credentials>
            <SessionToken>42</SessionToken>
            <SecretAccessKey>EXAMPLESECRETACCESSKEYXXXXXXXXXXXXXXXXXXXXXXXXI6GGPQ</SecretAccessKey>
            <Expiration>2019-02-25T14:40:05.410Z</Expiration>
            <AccessKeyId>AWS4XXXEXAMPLEACCESSKEYID4UYJN3RQWFVFXBOP7FMOQLIXYZXYZ</AccessKeyId>
        </Credentials>
        <AssumedRoleUser>
            <Arn>arn:aws:sts::42:assumed-role/demo/Test</Arn>
            <AssumeRoleId>AWS4XXXEXAMPLEACCESSKEYID4UYJN3RQWFVFXBOP7FMOQLIDNXYZXYZ:Jim</AssumeRoleId>
        </AssumedRoleUser>
        <PackedPolicySize>42</PackedPolicySize>
    </AssumeRoleResult>
    <ResponseMetadata>
        <RequestId>42</RequestId>
    </ResponseMetadata>
</AssumeRoleResponse>

RSLogin

Perform a login retrieving the credential and the user details.

Parameter Description
Customer the name of the customer
UserName the username (can be the email) of the user
Password the current user password
OTP a valid One Time Password (if needed)
DurationSeconds specify the duration of the session (the validity time for the key)

Extra headers used to authenticate the request when whitelisting is enabled:

Header Description
x-rstor-customer specify the customer name

Example request

    POST / HTTP/1.1
    Host: sts.lyve.seagate.com
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0
    Accept: application/json, text/plain, */*
    Accept-Language: en,it-IT;q=0.8,it;q=0.5,en-US;q=0.3
    Accept-Encoding: gzip, deflate, br
    Content-Type: application/x-www-form-urlencoded;charset=UTF-8
    Content-Length: 123
    Connection: keep-alive
    Pragma: no-cache
    Cache-Control: no-cache
    x-lyve-customer: fastvideo

    Action=RSLogin&Version=2011-06-15&DurationSeconds=300&Customer=fastvideo&UserName=super@fastvideo.com&Password=Hg27TxBBfOzZntb&OTP=

Example response

{
    "RequestId":"050517212914402dd8aedfc50bb0dad0",
    "Credentials": {
        "SessionToken":"",
        "SecretAccessKey":"I/Ki9fZqmLkdWrAgIrKVdp6amEu9Q40CoRPVNpSeKVS",
        "Expiration":"2019-10-14T14:13:03.500533224Z",
        "AccessKeyId":"STX09VFCSKU9OZJY5Y4PLWD9"
    },
    "UserInfo": {
        "Id":"100000000209",
        "Name":"super@fastvideo.com",
        "PwdMustChange":false,
        "Email":"super@fastvideo.com",
        "Firstname":"Clark",
        "Lastname":"Kent",
        "Type":"user",
        "CreatedOn":"2019-10-03T15:37:52.635Z",
        "LastAccess":"2019-10-14T13:13:03.500533224Z",
        "Path":"",
        "Root":"lyve:fastvideo",
        "TFAEnabled":false
    }
}

RSAssumeCustomerRole

Retrieve credential to manage a Customer with AssumeRole enabled. In order to perform this action a specific account is used for security reason. Only a reseller account can perform this action.

Parameter Description
Customer the name of the customer
DurationSeconds specify the duration of the session (the validity time for the key)

Example request

    POST / HTTP/1.1
    Host: sts.lyve.seagate.com
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0
    Accept: application/json, text/plain, */*
    Accept-Language: en,it-IT;q=0.8,it;q=0.5,en-US;q=0.3
    Accept-Encoding: gzip, deflate, br
    Content-Type: application/x-www-form-urlencoded;charset=UTF-8
    Content-Length: 83
    Connection: keep-alive
    Pragma: no-cache
    Cache-Control: no-cache

    Action=RSAssumeCustomerRole&Version=2011-06-15&Customer=newcorp&DurationSeconds=300

Example response

{
    "Ok":true,
    "AccessKeyId":"STX06MSKQJCRTS4SJHHQJWOP",
    "SecretAccessKey":"RQTcszgc4xkZkmYXRJJLYR7adksTn8SBIalTP7rrpKa",
    "Expiration":"2019-10-14T14:29:43.919Z"
}