跳到主要内容

获取服务端token

POST 
/auth/v1/token/clientCredential

认证场景说明

1. SecretId/SecretKey认证

入参要求:

  • Authorization: 请求头中传入Basic认证,格式为 Basic ${base64(SecretId:SecretKey)}
  • grant_type: 固定为 client_credentials

前置条件:

  • 需要先在腾讯云控制台获取SecretId和SecretKey
  • SecretKey需安全存储,避免泄露

SecretId/SecretKey认证请求示例

POST /auth/v1/token/clientCredential
Authorization: Basic c2VjcmV0OmNvbS1zaWduYXR1cmU=
Content-Type: application/json
{
  "grant_type": "client_credentials"
}

SecretId/SecretKey认证响应示例

{
  "token_type": "Bearer",
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ",
  "expires_in": 432000
}

2. 腾讯云v3签名认证

入参要求:

  • Authorization: 请求头中传入TC3-HMAC-SHA256签名,格式为 TC3-HMAC-SHA256 xxx
  • grant_type: 固定为 client_credentials

前置条件:

腾讯云v3签名认证请求示例

POST /auth/v1/token/clientCredential
Authorization: TC3-HMAC-SHA256 Credential=AKIDEXAMPLE/20231127/tcb/tc3_request, SignedHeaders=content-type;host, Signature=9c3e5bfe6d8a2b1c4f7e9a3d6b8c2e1f5a7d9b3c6e8f2a4d7b9c1e5f3a8b6d
Content-Type: application/json
{
  "grant_type": "client_credentials"
}

腾讯云v3签名认证响应示例

{
  "token_type": "Bearer",
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ",
  "expires_in": 432000
}

关键特性:

  • access_token有效期为432000秒(5天),客户端应适当缓存,无需频繁调用此接口获取token,可能会被限频
  • 不返回refresh_token,不支持token刷新
  • 自动授予超级管理员权限

安全规范:

  • SecretKey需存储于安全介质
  • 调用方需具备服务端可信环境
  • 避免在客户端代码中硬编码SecretKey

Request

Header Parameters

    Authorization stringrequired
    • 如果为secretId和secretKey, 值的格式为Basic ${base64(SecretId:SecretKey)}
    • 如果使用腾讯云v3签名来生成token, 值为生成的腾讯云v3签名的值
    Example: - Authorization: Basic c2VjcmV0OmNvbS1zaWduYXR1cmU= - Authorization: TC3-HMAC-SHA256 xxx

Body

    grant_type string

    授权类型, 固定为client_credentials

Responses

Response Headers
    Schema
      token_type 访问令牌类型 (string)

      统一返回 Bearer

      access_token 用户的访问令牌 (string)

      用于访问云开发HTTP API的令牌,长度4096位以内

      refresh_token 用户的刷新令牌 (string)

      access_token过期可通过refresh_token刷新获取新的access_token,过期时间默认为31天。长度128位以内

      expires_in int32

      access_token的过期时间,单位为秒

      scope 授权范围 (string)
      sub 用户的唯一id (string)
      groups string[]
    Loading...