OOS為用戶提供臨時授權訪問。此操作用來獲取臨時訪問密鑰。子用戶默認擁有調用此接口的權限。如果配置了禁止子用戶調用該接口的IAM策略，該策略不會生效。

STS（Security Token Service）是為云計算用戶提供臨時訪問令牌的Web服務。通過STS，可以為第三方應用或用戶頒發一個自定義時效的訪問憑證。第三方應用或用戶可以使用該訪問憑證直接調用OOS API，或者使用OOS提供的SDK來訪問OOS API。

使用臨時授權訪問OOS API時，用戶需要將安全令牌（SessionToken）攜帶在請求header中或者預簽名URL中。攜帶在請求header中，V4和V2簽名的X-Amz-Security-Token請求頭不區分大小寫。攜帶在預簽名URL中，V4簽名的標頭為“X-Amz-Security-Token”，V2簽名的標頭為“x-amz-security-token”。

請求語法

POST / HTTP/1.1 
Host: oos-cn-iam.ctyunapi.cn
Date: Date 
Authorization: SignatureValue 
Content-Type：application/octet-stream

Action=GetSessionToken&DurationSeconds=seconds

請求參數

響應結果

請求示例1

POST / HTTP/1.1
Content-Length:43
Content-MD5:MQsAw5tPAXYddIR5jTmaiQ==
Content-Type:application/x-www-form-urlencoded; charset=utf-8
Host:oos-cn-iam.ctyunapi.cn
x-amz-content-sha256:UNSIGNED-PAYLOAD
x-amz-date:20210528T065932Z
Authorization: SignatureValue
 
Action=GetSessionToken&DurationSeconds=3600

響應示例1

HTTP/1.1 200 OK
x-amz-request-id: 9d9fbac87ab54310
date: Fri, 28 May 2021 06:59:33 GMT
content-type: text/xml;charset=UTF-8
content-length: 533
server: CTYUN
 
<getsessiontokenresponse>
  <getsessiontokenresult>
    <credentials>
      <sessiontoken>804fcb8bbbeef97ab9326557ae61f885a3f9af49a6401f1e3d5aea3d35340eacc37ce8cd9c370bdee8d64ba5a424a98deea1bba86507d1e2ad0653eef0d3c905</sessiontoken>
      <accesskeyid>sts.e9043b8d93c704bce974</accesskeyid>
      <secretaccesskey>8930a3c60dc4c9e2a3d18c221acdf4ea0d1aecc3</secretaccesskey>
      <expiration>2021-05-28T07:59:33.438Z</expiration>
    </credentials>
  </getsessiontokenresult>
  <responsemetadata>
    <requestid>9d9fbac87ab54310</requestid>
  </responsemetadata>
</getsessiontokenresponse>

請求示例2

生成臨時訪問密鑰，并對該密鑰權限進行權限策略限制。權限策略為：允許OOS所有操作，禁止IAM所有操作。urlencode前的權限策略為：{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"oos:*","Resource":"arn:ctyun:oos::1pqvmpcd9dmxp:*"},{"Effect":"Deny","Action":"iam:*","Resource":"arn:ctyun:iam::1pqvmpcd9dmxp:*"}]}

使用時，需要使用urlencode工具將權限策略進行編碼，編碼后的權限策略為：%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Action%22%3A%22oos%3A*%22%2C%22Resource%22%3A%22arn%3Actyun%3Aoos%3A%3A1pqvmpcd9dmxp%3A*%22%7D%2C%7B%22Effect%22%3A%22Deny%22%2C%22Action%22%3A%22iam%3A*%22%2C%22Resource%22%3A%22arn%3Actyun%3Aiam%3A%3A1pqvmpcd9dmxp%3A*%22%7D%5D%7D%0A

POST / HTTP/1.1
Host:oos-cn-iam.ctyunapi.cn
X-Amz-Content-Sha256: 5f673b31306acbcfd7b0ba1414d27cd377f0b1d683937be4fbc773744a0573e1
X-Amz-Date: 20231218T024929Z 
Authorization: SignatureValue
Content-Length:386
Content-Type: application/octet-stream

Action=GetSessionToken&DurationSeconds=900&PolicyDocument=%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22Allow%22%2C%22Action%22%3A%22oos%3A*%22%2C%22Resource%22%3A%22arn%3Actyun%3Aoos%3A%3A1pqvmpcd9dmxp%3A*%22%7D%2C%7B%22Effect%22%3A%22Deny%22%2C%22Action%22%3A%22iam%3A*%22%2C%22Resource%22%3A%22arn%3Actyun%3Aiam%3A%3A1pqvmpcd9dmxp%3A*%22%7D%5D%7D%0A

響應示例2

HTTP/1.1 200 OK
x-amz-request-id: 3a3f41d6b9e64c03
date: Mon, 18 Dec 2023 02:49:29 GMT
content-type: text/xml;charset=UTF-8
content-length: 533
server: CTYUN

<getsessiontokenresponse>
  <getsessiontokenresult>
    <credentials>
      <sessiontoken>c5c6d33ca5fa55fbd7d1e42f0157b2547f37e0cdf492c0a7548a0c38084ae48040538bf9edcf54138c22a7f2e973bd5f8a0591ea8014507b0941e07995d05d3f</sessiontoken>
      <accesskeyid>sts.28b828b384a22d8aebc2</accesskeyid>
      <secretaccesskey>34d5a7da1e56243c494c77afd93412d5b46395af</secretaccesskey>
      <expiration>2023-12-18T03:04:29.856Z</expiration>
    </credentials>
  </getsessiontokenresult>
  <responsemetadata>
    <requestid>3a3f41d6b9e64c03</requestid>
  </responsemetadata>
</getsessiontokenresponse>