Add Credentials | ArcGIS REST APIs

URL:: https://<root>/cloud/services/<serviceID>/credential/add
Methods:: POST
Version Introduced:: 11.2

Access requirements

Required privileges

The Enterprise Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.

Security and infrastructure

Tokens

This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Enterprise Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.

Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generateToken operation in the Enterprise Directory API. For security reasons, all POST requests made to the Enterprise Administrator API must include a token in the request body.

Learn how to generate a token

Description

The credential/add operation adds credential information, specific to a cloud service provider, to a service. You can use this operation to assign new credentials to a cloud service that has not yet been assigned its own credentials. Once submitted, the request returns a job ID that you can use to query the Job resource. The HTML view also returns a link that can be used to access the job page for the request.

Prior to ArcGIS Enterprise on Kubernetes 12.0, this operation could only add keys associated with supported cloud service providers (e.g. AWS, Azure, GCP). Starting at 12.0, this operation supports updating and switching to other provider-specific credential types, such as Amazon S3 IAM Roles and Azure Blob Store identities.

Request parameters

Parameter Details

Parameter	Details
`credential`	The new credential object. The cloud service associated with the new credential object cannot have existing service-specific credentials as returned by the Services resource. Before 12.0, the only accepted credential object types were provider-specific access keys. Amazon S3 credential examplesAmazon S3 credential examplesAzure Blob Store credential examplesGoogle Cloud Storage credential examples Use dark colors for code blocksCopy `1 2 3 4 5 6 7 8 9 10 11 12 13 // Access Keys credential={ "type":"ACCESS-KEY", "secret":{ "secret_key":"<secret_key>", "access_key":"<access_key>" } } // IAM Role credential={ "type": "IAM-ROLE" }` Note This operation can also add credentials for user-registered raster stores and supports both Azure Service Principal and Azure SAS tokens. Examples Use dark colors for code blocksCopy `1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 // Azure Blob Store - Service Principal { "secret":{ "storageAccountName":"<account_name>" }, "type":"SERVICE-PRINCIPAL", "servicePrincipal":{ "clientId":"<client_id>", "tenantId":"<tenant_id>", "clientSecret":"<client_secret>" } } // Azure Blob Store - SAS Token { "type":"SAS-TOKEN", "secret":{ "sasToken":"<azure_sas_token>", "storageAccountName":"<account_name>" } }`
`f`	The response format. The default format is `html`. Values: `html` \| `json` \| `pjson`

credential

The new credential object. The cloud service associated with the new credential object cannot have existing service-specific credentials as returned by the Services resource. Before 12.0, the only accepted credential object types were provider-specific access keys.

Amazon S3 credential examples

Azure Blob Store credential examples

Google Cloud Storage credential examples

Use dark colors for code blocksCopy
// Access Keys
credential={
  "type":"ACCESS-KEY",
  "secret":{
    "secret_key":"<secret_key>",
    "access_key":"<access_key>"
  }
}

// IAM Role
credential={
  "type": "IAM-ROLE"
}

Examples
Use dark colors for code blocksCopy
// Azure Blob Store - Service Principal
{
  "secret":{
    "storageAccountName":"<account_name>"
  },
  "type":"SERVICE-PRINCIPAL",
  "servicePrincipal":{
    "clientId":"<client_id>",
    "tenantId":"<tenant_id>",
    "clientSecret":"<client_secret>"
  }
}

// Azure Blob Store - SAS Token
{
  "type":"SAS-TOKEN",
  "secret":{
    "sasToken":"<azure_sas_token>",
    "storageAccountName":"<account_name>"
  }
}

f

The response format. The default format is html.

Values: html | json | pjson

Example usage

The following is a sample POST request for the credential/add operation:

Use dark colors for code blocksCopy
POST /<context>/admin/clouds/services/eg7hrelq6b/credential/add HTTP/1.1
Host: organization.example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

credential={"type":"STORAGE-ACCOUNT-KEY","secret": {"storageAccountName": "{crypt}R68p/cvTUo1LmRcgXJ5U07WKv936mnCe","storageAccountKey": "{crypt}xxxxxxxxxxxxxxxxVC5M"}}&f=pjson&token=m7zGSezM7znt6ZuIwr827imJxOTSDsjYujVdd7SiAQLYG1HmesG8EbSnTwCbiekEh0QwRdmeyp1hP63M60TPrdZQ2NzIg5G7qFaQh40MdiOCfh60-6oPKC2MNoqwdVDZ3srzreVZb66QofWXws8GMrKWkgP45A-2an5crKvReUo-pwvkzm68W87Q0yPJFA2Kww39UnMYNw-5qd2-Bt04VmkrqKI-lCbA-jFZY_UGzeGzNqnBGrjKuVB_q17HogMw

JSON Response example

Use dark colors for code blocksCopy
{
  "cloudCredentialRotationJobId": j876ae6e7-27d9-4b2d-b8ab-d07e2433e2c1",
  "message": "A cloud credentials rotation job is in-progress"
}