Applies for a token for temporary access.

Scenarios

This operation is called by an application server to apply to a Message Queue for MQTT broker for a token after the application server verifies the permissions of the Message Queue for MQTT client. For more information, see Token authentication overview.

Limits

A single user can send a maximum of 500 requests per second. If you need to send more requests, submit a ticket.

Note Each successful call to the ApplyToken operation is calculated as a message transaction per second (TPS). This way, you are billed for the call. For more information, seeBilling.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ApplyToken

The operation that you want to perform. Set the value to ApplyToken.

Actions String Yes R

The permission type of the token. Valid values:

  • R: Only the read permission is available.
  • W: Only the write permission is available.
  • R,W: Both the read and write permissions are available. Separate R and W with a comma (,).
ExpireTime Long Yes 1578399620000

The timestamp of token expiration, in milliseconds. Value range: 60 seconds to 30 days. If you set this parameter to a value larger than 30 days, no errors are returned. However, the token takes effect only for 30 days.

InstanceId String Yes post-cn-0pp12gl****

The ID of the Message Queue for MQTT instance. The value must match the instance ID used on the Message Queue for MQTT client. You can obtain the instance ID from the instance details page in the Message Queue for MQTT console.

RegionId String Yes mq-internet-access

The region ID of the Message Queue for MQTT instance.

Resources String Yes TopicA/+

The name of the resource, that is, the topic on the Message Queue for MQTT instance. Separate multiple topics with commas (,). Each token can be used to run and manage at most 100 resources. Sort multiple topics in alphabetical order.

Resource parameters that you register to apply for a token support the MQTT wildcard syntax, including the single-level wildcard represented by a plus sign (+) and the multi-level wildcard represented by a number sign (#).

For example, if you set resources to Topic1/+ when you apply for a token, the Message Queue for MQTT client can manage any topic of Topic1/xxx. If you set resources to Topic1/# when you apply for a token, the Message Queue for MQTT client can manage any multi-level topics of Topic1/xxx/xxx/xxx.

Note For more information about these parameters, see Common parameters andEndpoints.

Response parameters

Parameter Type Example Description
RequestId String 31782AAF-D0CC-44C3-ABFD-1B500276****

The ID of the request.

Token String LzMT+XLFl5s/YWJ/MlDz4t/Lq5HC1iGU1P28HAMaxYxn8aQbALNtml7QZKl9L9kPe6LqUb95tEVo+zUqOogs9+jZwDUSzsd4X4qaD3n2TrBEuMOqKkk1Xdrvu9VBQQvIYbz7MJWZDYC3DlW7gLEr33Cuj54iIhagtBi3epStJitsssWs7otY9zhKOSZxhr49G3d0bh35mwyP18EMvDas8UlzeSozsSrujNUqZXOGK0PEBSd+rWMGDJlCt6GFmJgm2JFY7PJwf/7OOSmUYIYFs5o/PuPpoTMF+hcVXMs+0yDukIMTOzG9m3t8k36PVrghFmnK6pC3Rt3mibjW****ng==

The token returned by the Message Queue for MQTT broker.

Note Do not assume the length, format, or rule of the token to return. The actual returned value prevails.

Examples

Sample requests

http(s)://onsmqtt.cn-hangzhou.aliyuncs.com/? Action=ApplyToken
&Actions=R
&ExpireTime=1578399620000
&InstanceId=post-cn-0pp12gl****
&RegionId=mq-internet-access
&Resources=TopicA/+
&<Common request parameters>

Sample success responses

XML format

<ApplyTokenResponse>
      <RequestId>31782AAF-D0CC-44C3-ABFD-1B500276****</RequestId>
      <Token>LzMT+XLFl5s/YWJ/MlDz4t/Lq5HC1iGU1P28HAMaxYxn8aQbALNtml7QZKl9L9kPe6LqUb95tEVo+zUqOogs9+jZwDUSzsd4X4qaD3n2TrBEuMOqKkk1Xdrvu9VBQQvIYbz7MJWZDYC3DlW7gLEr33Cuj54iIhagtBi3epStJitsssWs7otY9zhKOSZxhr49G3d0bh35mwyP18EMvDas8UlzeSozsSrujNUqZXOGK0PEBSd+rWMGDJlCt6GFmJgm2JFY7PJwf/7OOSmUYIYFs5o/PuPpoTMF+hcVXMs+0yDukIMTOzG9m3t8k36PVrghFmnK6pC3Rt3mibjW****ng==</Token>
</ApplyTokenResponse>

JSON format

{
  "RequestId": "31782AAF-D0CC-44C3-ABFD-1B500276****",
  "Token": "LzMT+XLFl5s/YWJ/MlDz4t/Lq5HC1iGU1P28HAMaxYxn8aQbALNtml7QZKl9L9kPe6LqUb95tEVo+zUqOogs9+jZwDUSzsd4X4qaD3n2TrBEuMOqKkk1Xdrvu9VBQQvIYbz7MJWZDYC3DlW7gLEr33Cuj54iIhagtBi3epStJitsssWs7otY9zhKOSZxhr49G3d0bh35mwyP18EMvDas8UlzeSozsSrujNUqZXOGK0PEBSd+rWMGDJlCt6GFmJgm2JFY7PJwf/7OOSmUYIYFs5o/PuPpoTMF+hcVXMs+0yDukIMTOzG9m3t8k36PVrghFmnK6pC3Rt3mibjW****ng=="
}

Error codes

HTTP status code Error code Error message Description
404 ApiNotSupport The specified API is not supported. The error message returned because the current operation is not supported.
400 ApplyTokenOverFlow You have applied for tokens too many times. Please try again later. The error message returned because token application is too frequent and throttling is triggered by the system. Please try again later.
400 CheckAccountInfoFailed An error occurred while checking the account information by the STS token. The error message returned because the account information of the Security Token Service (STS) token failed to be parsed.
400 InstancePermissionCheckFailed An error occurred while validating the permissions of the instance. Please verify the account that created the instance and its permissions settings. The error message returned because instance permission verification failed. Check the ownership and authorization policy of the Message Queue for MQTT instance.
500 InternalError An error occurred while processing your request. Try again later. The error message returned because an internal error occurred to the Message Queue for MQTT instance. Please try again.
400 ParameterCheckFailed An error occurred while validating the parameters. The parameters may be missing or invalid. The error message returned because parameter verification failed. This parameter may be missing or invalid.
400 PermissionCheckFailed An error occurred while validating the resource permissions. Please check the account that created the instance, topic, and GroupId, and check their permission settings. The error message returned because resource permission verification failed. Check the permissions and authorization policies of the instance, topic, and group ID.
500 SystemOverFlow An error occurred while processing your request. Please try again. The error message returned because throttling is triggered. Please try again.
400 InvalidParameter.%s An error occurred while validating the parameter. The parameter may be missing or invalid. The error message returned because parameter verification failed. This parameter may be missing or invalid.

For a list of error codes, visit the API Error Center.