Getting an IAM token for a federated account
Written by
Updated at March 28, 2025
Note
The IAM token lifetime cannot exceed 12 hours and is limited by the cookie lifetime for the federation.
CLI
If you do not have the Yandex Cloud CLI yet, install and initialize it.
-
Get an IAM token:
yc iam create-token
Specify the received IAM token when accessing Yandex Cloud resources via the API. Provide the IAM token in the Authorization header in the following format:
Authorization: Bearer <IAM_token>
Examples
Using an IAM token obtained via the CLI
Sending a request to get a list of clouds using an IAM token:
Bash
PowerShell
-
Get an IAM token and write it to the variable:
export IAM_TOKEN=`yc iam create-token` -
Send a request to get a list of clouds:
curl \ --request GET \ --header "Authorization: Bearer ${IAM_TOKEN}" \ https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds -
Result:
{ "clouds": [ { "id": "b1gia87mbaom********", "createdAt": "2019-08-19T06:15:54Z", "name": "my-cloud-1", "organizationId": "my-organization" }, { "id": "b1gue7m154kt********", "createdAt": "2022-08-29T13:27:03Z", "name": "my-cloud-2", "organizationId": "my-organization" } ] }
-
Get an IAM token and write it to the variable:
$IAM_TOKEN=yc iam create-token -
Send a request to get a list of clouds:
curl.exe ` --request GET ` --header "Authorization: Bearer $IAM_TOKEN" ` https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds -
Result:
{ "clouds": [ { "id": "b1gia87mbaom********", "createdAt": "2019-08-19T06:15:54Z", "name": "my-cloud-1", "organizationId": "my-organization" }, { "id": "b1gue7m154kt********", "createdAt": "2022-08-29T13:27:03Z", "name": "my-cloud-2", "organizationId": "my-organization" } ] }