Getting an IAM token for a federated account
Note
The IAM token lifetime cannot exceed 12 hours and is limited by the cookie lifetime for the federation.
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
-
Get an IAM token:
yc iam create-tokenResult:
t1.9euelZrLop7Uz8up********The value you get is an IAM token. You can copy it, save it to a file, or write it into a variable:
export IAM_TOKEN=`<IAM_token>`
Specify the received IAM token when accessing Yandex Cloud resources via the API. Provide the IAM token in the Authorization header in the following format:
Authorization: Bearer <IAM_token>
If you have saved your IAM token to a variable, use the latter:
Authorization: Bearer ${IAM_TOKEN}
Examples
Using an IAM token obtained via the CLI
Sending a request to get a list of clouds using an IAM token:
-
Get an IAM token and write it to the variable:
export IAM_TOKEN=`yc iam create-token` -
Send a request to get a list of clouds:
curl \ --request GET \ --header "Authorization: Bearer ${IAM_TOKEN}" \ https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds -
Result:
{ "clouds": [ { "id": "b1gia87mbaom********", "createdAt": "2019-08-19T06:15:54Z", "name": "my-cloud-1", "organizationId": "my-organization" }, { "id": "b1gue7m154kt********", "createdAt": "2022-08-29T13:27:03Z", "name": "my-cloud-2", "organizationId": "my-organization" } ] }
-
Get an IAM token and write it to the variable:
$IAM_TOKEN=yc iam create-token -
Send a request to get a list of clouds:
curl.exe ` --request GET ` --header "Authorization: Bearer $IAM_TOKEN" ` https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds -
Result:
{ "clouds": [ { "id": "b1gia87mbaom********", "createdAt": "2019-08-19T06:15:54Z", "name": "my-cloud-1", "organizationId": "my-organization" }, { "id": "b1gue7m154kt********", "createdAt": "2022-08-29T13:27:03Z", "name": "my-cloud-2", "organizationId": "my-organization" } ] }