Get storage credentials

Purpose

Retrieve temporary credentials to access a private data storage location for uploading input files and downloading results.

Request data

HTTP method: GET

• Constants and parameters enclosed in curly brackets {} must be replaced with their values.
• See the following Request parameters section with the required and optional parameters tables for these values.

URL format

https://api.tomtom.com/maps/orbis/platform/pdg/storages/{storageId}/credentials?type=READ_WRITE

URL example

https://api.tomtom.com/maps/orbis/platform/pdg/storages/storage-001/credentials?type=READ_WRITE

curl command example

1curl -X GET "https://api.tomtom.com/maps/orbis/platform/pdg/storages/storage-001/credentials?type=READ_WRITE" \
2  -H "tomtom-api-key: YOUR_API_KEY" \
3  -H "Authorization: Bearer YOUR_AUTH_TOKEN" \
4  -H "X-Version: 1"

Request headers

Path parameters

Query parameters

Response data

The credentials endpoint returns a wrapped Vault token that must be unwrapped before use. The response body contains the wrapped token as a string.

Response example

hvs.CAESI...truncated...wrapped_token

Unwrapping the token

The returned token is a HashiCorp Vault wrapped token. You must unwrap it to obtain the actual storage credentials:

curl -X POST "https://vault.pdg.tomtom.com/v1/sys/wrapping/unwrap" \
  -H "X-Vault-Token: hvs.CAESI...your_wrapped_token"

Unwrapped credentials response

1{
2  "request_id": "abc123",
3  "lease_id": "",
4  "renewable": false,
5  "lease_duration": 0,
6  "data": {
7    "account": "pdgstorage",
8    "container": "storage-001",
9    "sas_token": "sv=2021-06-08&ss=b&srt=co&sp=rwlacx&se=2026-01-20T18:00:00Z&sig=...",
10    "expiration": "2026-01-20T18:00:00Z"
11  }
12}

Unwrapped credentials fields

Using the credentials

With the unwrapped credentials, you can construct the Azure Blob Storage URL:

https://{account}.blob.core.windows.net/{container}?{sas_token}

Upload a file using Azure CLI

1az storage blob upload \
2  --account-name pdgstorage \
3  --container-name storage-001 \
4  --sas-token "sv=2021-06-08&ss=b&srt=co&sp=rwlacx&se=..." \
5  --name your_data.parquet \
6  --file ./your_data.parquet

Upload using azcopy

azcopy copy "./your_data.parquet" \
  "https://pdgstorage.blob.core.windows.net/storage-001/your_data.parquet?sv=2021-06-08&ss=b&srt=co&sp=rwlacx&se=..."

Download results

1az storage blob download \
2  --account-name pdgstorage \
3  --container-name storage-001 \
4  --sas-token "sv=2021-06-08&ss=b&srt=co&sp=rwlacx&se=..." \
5  --name your_data_matched.parquet \
6  --file ./your_data_matched.parquet

Important notes

1. Token wrapping: The credentials are returned as a wrapped Vault token for security. Always unwrap before use.
2. Credential expiration: Credentials are temporary and expire after a limited time (check the expiration field).
3. READ_WRITE type: Always use ?type=READ_WRITE query parameter to get credentials that allow both uploading input files and downloading results.
4. Refresh before expiry: Request new credentials before the current ones expire.

Error responses