Getting an IAM token for a federated account

Note

Lifetime of an IAM token cannot exceed 12 hours and is limited by the cookie lifetime for the federation.

  1. Authenticate with the CLI as a federated user.

  2. Get an IAM token:

    $ yc iam create-token
    

Specify the received IAM token when accessing Yandex.Cloud resources via the API. Pass the IAM token in the Authorization header in the following format:

Authorization: Bearer <IAM-TOKEN>

Examples

Using an IAM token obtained via the CLI

Save the IAM token to a variable in the CLI and use it in other requests from the command line. Sample request to get cloud list:

$ export IAM_TOKEN=`yc iam create-token`
$ curl -H "Authorization: Bearer ${IAM_TOKEN}" \
    https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds
$IAM_TOKEN=yc iam create-token
curl.exe -H "Authorization: Bearer $IAM_TOKEN" https://resource-manager.api.cloud.yandex.net/resource-manager/v1/clouds