Skip to main content

Get Server Token

POST 
/auth/v1/token/clientCredential

Authentication Scenario Description

1. SecretId/SecretKey Authentication

Input requirements:

  • Authorization: Pass Basic authentication in the request header, in the format: Basic ${base64(SecretId:SecretKey)}
  • grant_type: Fixed value is client_credentials

Prerequisites:

  • You need to obtain SecretId and SecretKey from theTencent Cloud Console
  • SecretKey must be stored securely to prevent leakage

SecretId/SecretKey authentication request example

POST /auth/v1/token/clientCredential
Authorization: Basic c2VjcmV0OmNvbS1zaWduYXR1cmU=
Content-Type: application/json
{
  "grant_type": "client_credentials"
}

SecretId/SecretKey authentication response example

{
  "token_type": "Bearer",
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ",
  "expires_in": 432000
}

2. Tencent Cloud v3 Signature Authentication

Input requirements:

  • Authorization: Pass TC3-HMAC-SHA256 signature in the request header, in the format TC3-HMAC-SHA256 xxx
  • grant_type: Fixed value is client_credentials

Prerequisites:

Tencent Cloud v3 signature authentication request example

POST /auth/v1/token/clientCredential
Authorization: TC3-HMAC-SHA256 Credential=AKIDEXAMPLE/20231127/tcb/tc3_request, SignedHeaders=content-type;host, Signature=9c3e5bfe6d8a2b1c4f7e9a3d6b8c2e1f5a7d9b3c6e8f2a4d7b9c1e5f3a8b6d
Content-Type: application/json
{
  "grant_type": "client_credentials"
}

Tencent Cloud v3 signature authentication response example

{
  "token_type": "Bearer",
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ",
  "expires_in": 432000
}

Key Characteristics:

  • access_token validity: 432000 seconds (5 days). The client should cache it appropriately and avoid calling this API too frequently to obtain tokens, otherwise it may be rate-limited.
  • No refresh_token is returned, and token refresh is not supported.
  • Super administrator permissions are granted automatically.

Security Best Practices:

  • SecretKey must be stored in a secure medium.
  • The caller must run in a trusted server-side environment.
  • Avoid hard-coding SecretKey in client-side code.

Request

Header Parameters

    Authorization stringrequired
    • If it is secretId and secretKey, the format is Basic ${base64(SecretId:SecretKey)}
    • If using Tencent Cloud v3 signature to generate token, the value is the generated Tencent Cloud v3 signature value
    Example: - Authorization: Basic c2VjcmV0OmNvbS1zaWduYXR1cmU= - Authorization: TC3-HMAC-SHA256 xxx

Body

    grant_type string

    Grant type, fixed to client_credentials

Responses

Response Headers
    Schema
      token_type Access token type (string)

      Uniformly return Bearer

      access_token User's access token (string)

      Token used to access Cloud Development HTTP API, length within 4096 bits

      refresh_token User's refresh token (string)

      access_token can be refreshed to get a new access_token when it expires through refresh_token, expiration time defaults to 31 days. Length within 128 bits

      expires_in int32

      Expiration time of access_token, in seconds

      scope Authorization scope (string)
      sub User's unique ID (string)
      groups string[]
    Loading...