Get workload credentials

post/v1/iam/workload-credentials

Get temporary credentials for a workload (instance, function, container, etc.). Called by infrastructure services (metadata service, function runtime, container orchestrator) to provide credentials to workloads. The principal is identified by a CRN (Cloud Resource Name) in the format: `crn:<region>:<service>:<resource>:<identifier>` Examples: - `crn:spo1:compute:instance:i-550e8400` - `crn:spo1:lambda:function:my-function` - `crn:spo1:container:task:task-abc123`

Request Body

required

Content-Type: application/json

principal

stringrequired

CRN of the workload requesting credentials. Format: crn:<region>:<service>:<resource>:<identifier>

role_name

stringoptional

Specific role to assume (uses workload's default role if omitted)

Responses

200

Temporary credentials

Content-Type: application/json

access_key_id

stringoptional

secret_access_key

stringoptional

session_token

stringoptional

expiration

string<date-time>optional

role_name

stringoptional

400

Invalid request parameters

Content-Type: application/json

error

objectrequired

401

Authentication required or token invalid

Content-Type: application/json

error

objectrequired

403

Workload is not allowed to assume any role

Content-Type: application/json

error

objectrequired

404

Resource not found

Content-Type: application/json

error

objectrequired

500

Internal server error

Content-Type: application/json

error

objectrequired

curl -X POST "https://api.spo1.mycloud.com/v1/iam/workload-credentials" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "principal": "crn:spo1:compute:instance:i-550e8400",
    "role_name": "string"
  }'