Getting an IAM token for a federated account


Lifetime of an IAM token cannot exceed 12 hours and is limited by the cookie lifetime for the federation.

  1. Authenticate with the CLI as a federated user.

  2. Get an IAM token:

    $ yc iam create-token

Specify the received IAM token when accessing Yandex.Cloud resources via the API. Pass the IAM token in the Authorization header in the following format:

Authorization: Bearer <IAM-TOKEN>


Using an IAM token obtained via the CLI

Save the IAM token to a variable in the CLI and use it in other requests from the command line. Sample request to get cloud list:

$ export IAM_TOKEN=`yc iam create-token`
$ curl -H "Authorization: Bearer ${IAM_TOKEN}" \
$IAM_TOKEN=yc iam create-token
curl.exe -H "Authorization: Bearer $IAM_TOKEN"