Creates a temporary access Token.

Scenario

After verifying the permissions of an MQTT client, the application server calls this method to request a Token for this client from the MQTT Server. For more information, see Overview of token authentication.

Limits

The limit of requests per user is 500 times per second. For special needs, please submit work Order application.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ApplyToken

The operation that you want to perform. Value: ApplyToken

Actions String Yes R

The permission type of the Token. Valid values:

  • R: only read permission is available.
  • W: only write permission is available.
  • R,W: WAF has both read and write permissions. R and W they must be separated by commas (,).
ExpireTime Long Yes 1578399620000

The timestamp when the Token expires. The minimum interval between expiration and expiration is 60 seconds. The maximum interval is 30 days. If the validity period of the value is longer than 30 days, no error is returned. However, the actual validity period is 30 days.

InstanceId String Yes post-cn-0pp12gl****

The ID of the MQTT instance, which must match the client-used instance ID. In the console instance details page.

Region ID String Yes mq-internet-access

The Region where the message queue for MQTT instance is located.

Resources String Yes TopicA/+

The resource name that indicates an MQTT Topic. Multiple topics are separated by commas (,). Each Token can run and operate a maximum of 100 resources. If there are multiple topics, sort these topics in lexicographic order.

The resource parameters registered while applying for the Token support the MQTT wildcard syntax, which includes one-level wildcard character (+) and multi-level wildcard character (#).

For example, if you specify resources if the value is "Topic1/+", the client can operate any Topic of "Topic1/xxx"; If you specify resources if Topic1/# is specified, the consumer can operate on any level of Topic1/xxx/xxx/xxx topics.

Note For more information about these parameters, see Common parametersand Make API requests.

Response parameters

Parameter Type Example Description
RequestId String 31782 AAF-D0CC-44C3-ABFD-1B500276F8CD

The ID of the request, which is a common parameter. Each request has a unique ID.

Token String LzMT+XLFl5s/YWJ/MlDz4t/Lq5HC1iGU1P28HAMaxYxn8aQbALNtml7QZKl9L9kPe6LqUb95tEVo+zUqOogs9+jZwDUSzsd4X4qaD3n2TrBEuMOqKkk1Xdrvu9VBQQvIYbz7MJWZDYC3DlW7gLEr33Cuj54iIhagtBi3epStJitsssWs7otY9zhKOSZxhr49G3d0bh35mwyP18EMvDas8UlzeSozsSrujNUqZXOGK0PEBSd+rWMGDJlCt6GFmJgm2JFY7PJwf/7OOSmUYIYFs5o/PuPpoTMF+hcVXMs+0yDukIMTOzG9m3t8k36PVrghFmnK6pC3Rt3mibjW****ng==

The Token returned by the server.

Note Do not assume any length, format, or rules on the returned Token content. The actual returned value

Examples

Sample requests

http(s)://onsmqtt.cn-hangzhou.aliyuncs.com/? Action=ApplyToken
&Actions=R
&ExpireTime=1578399620000
&InstanceId=post-cn-0pp12gl****
&RegionId=mq-internet-access
&Resources=TopicA/+
&<Common request parameters>

Sample success responses

XML format

<RequestId>31782AAF-D0CC-44C3-ABFD-1B500276F8CD</RequestId>
<Token>LzMT+XLFl5s/YWJ/MlDz4t/Lq5HC1iGU1P28HAMaxYxn8aQbALNtml7QZKl9L9kPe6LqUb95tEVo+zUqOogs9+jZwDUSzsd4X4qaD3n2TrBEuMOqKkk1Xdrvu9VBQQvIYbz7MJWZDYC3DlW7gLEr33Cuj54iIhagtBi3epStJitsssWs7otY9zhKOSZxhr49G3d0bh35mwyP18EMvDas8UlzeSozsSrujNUqZXOGK0PEBSd+rWMGDJlCt6GFmJgm2JFY7PJwf/7OOSmUYIYFs5o/PuPpoTMF+hcVXMs+0yDukIMTOzG9m3t8k36PVrghFmnK6pC3Rt3mibjW****ng==</Token>

JSON format

{
  "RequestId": "31782AAF-D0CC-44C3-ABFD-1B500276F8CD",
  "Token": "LzMT+XLFl5s/YWJ/MlDz4t/Lq5HC1iGU1P28HAMaxYxn8aQbALNtml7QZKl9L9kPe6LqUb95tEVo+zUqOogs9+jZwDUSzsd4X4qaD3n2TrBEuMOqKkk1Xdrvu9VBQQvIYbz7MJWZDYC3DlW7gLEr33Cuj54iIhagtBi3epStJitsssWs7otY9zhKOSZxhr49G3d0bh35mwyP18EMvDas8UlzeSozsSrujNUqZXOGK0PEBSd+rWMGDJlCt6GFmJgm2JFY7PJwf/7OOSmUYIYFs5o/PuPpoTMF+hcVXMs+0yDukIMTOzG9m3t8k36PVrghFmnK6pC3Rt3mibjW****ng=="
}

Error codes

HTTP status code Error Error message Description
404 ApiNotSupport The specified API is not supported. The current interface is not supported. Please check.
400 ApplyTokenOverFlow You have applied for tokens too many times. Please try again later. Token application frequency is too high, system flow control, please try again.
400 CheckAccountInfoFailed An error occurred while checking the account information by the STS token. An error occurred while parsing the account information in the STS Token.
400 InstancePermissionCheckFailed An error occurred while validating the permissions of the instance. Please verify the account that created the instance and its permissions settings. The error message returned because the instance permission verification fails. Check the ownership and authorization policy of the MQTT instance.
500 InternalError An error occurred while processing your request. Try again later. The MQTT backend service is abnormal. Please try again.
400 ParameterCheckFailed An error occurred while validating the parameters. The parameters may be missing or invalid. The parameter verification fails. This parameter may be missing or invalid.
400 PermissionCheckFailed An error occurred while validating the resource permissions. Please check the account that created the instance, topic, and GroupId, and check their permission settings. The error message returned because the resource permission verification failed. Check the instance, Topic, and Group ID for their permissions and authorization policies.
500 SystemOverFlow An error occurred while processing your request. Please try again. System throttling. Please try again.
400 InvalidParameter.%s An error occurred while validating the parameter. The parameter may be missing or invalid. The parameter verification fails. This parameter may be missing or invalid.

For a list of error codes, visit the API Error Center.