Developer

Get storage credentials

Request Access

Purpose

Retrieve temporary credentials to access a private data storage location for uploading input files and downloading results.

Request data

HTTP method: GET

  • Constants and parameters enclosed in curly brackets {} must be replaced with their values.
  • See the following Request parameters section with the required and optional parameters tables for these values.

URL format

get
URL format
https://api.tomtom.com/maps/orbis/platform/private-gateway/storages/{id}/credentials?type=READ_WRITE

URL example

get
URL example
https://api.tomtom.com/maps/orbis/platform/private-gateway/storages/storage-001/credentials?type=READ_WRITE

curl command example

get
curl command example
1curl -X GET "https://api.tomtom.com/maps/orbis/platform/private-gateway/storages/storage-001/credentials?type=READ_WRITE" \
2  -H "tomtom-api-key: YOUR_API_KEY" \
3  -H "Authorization: Bearer YOUR_AUTH_TOKEN"

Request headers

HeaderRequiredDescription
tomtom-api-keyYesYour TomTom API key
AuthorizationYesBearer token from Azure CLI

Path parameters

ParameterTypeRequiredDescription
idstringYesThe unique identifier of the storage

Query parameters

ParameterTypeRequiredDescription
typestringYesCredential type. Use READ_WRITE for upload/download operations or READ for download

Response data

The credentials endpoint returns a wrapped Vault token that must be unwrapped before use. The response body contains the wrapped token as a string.

Response example

1{
2    "credentials": "hvs.CAESI...truncated...wrapped_token"
3}
4

5### Unwrapping the token
6

7The returned token is a HashiCorp Vault wrapped token. You must unwrap it to obtain the actual storage credentials:
8

9```shell [type=post] [title=Unwrap vault token]
10curl -X POST "https://hcp-vault.tomtomgroup.com/v1/sys/wrapping/unwrap" \
11  -H "X-Vault-Token: hvs.CAESI...your_wrapped_token"

Unwrapped credentials response

1{
2  "request_id":"abc123",
3  "lease_id":"",
4  "renewable": false,
5  "lease_duration":0,
6  "data": {
7    "credentials":{
8      "clientId":"123gdd",
9      "clientSecret":"345cvb"
10    },
11    "id":"storage-001",
12    "tenant_id":null,
13    "url":"https://storage-001.blob.core.windows.net/default/"
14  },
15  "wrap_info":null,
16  "warnings":null,
17  "auth":null,
18  "mount_type":"ns_system"
19}

Unwrapped credentials fields

FieldTypeDescription
data.credentials.clientIdstringClient ID for accessing Azure storage
data.credentials.clientSecretstringClient secret for Azure storage authentication
data.idstringStorage identifier (matches storage ID)
data.tenant_idstring | nullAzure tenant ID (if applicable)
data.urlstringAzure Blob Storage URL for the storage location

Using the credentials

With the unwrapped credentials, you can authorize to the storage using:

1az login --service-principal \
2         --username "123gdd"\
3         --password "345cvb" \
4         --tenant "374f8026-7b54-4a3a-b87d-328fa26ec10d"

Upload a file using Azure CLI

1az storage blob upload --account-name "storage-001" \
2                       --container-name "default" \
3                       --name "data.parquet" \
4                       --file "/Users/test/data.parquet" \
5                       --auth-mode login

Download results

1az storage blob download --account-name "storage-001" \
2 --container-name "default" \
3 --name "data.results.parquet" \
4 --file "/Users/test/results/data.results.parquet" \
5 --auth-mode login

Important notes

  1. Token wrapping: The credentials are returned as a wrapped Vault token for security. Always unwrap before use.
  2. Credential expiration: Credentials are temporary and expire after a limited time (check the expiration field).
  3. READ_WRITE type: Always use ?type=READ_WRITE query parameter to get credentials that allow both uploading input files and downloading results.
  4. Refresh before expiry: Request new credentials before the current ones expire.

Error responses

HTTP StatusErrorCauseSolution
401UnauthorizedInvalid credentialsRefresh API key or token
403ForbiddenInsufficient permissionsCheck your access rights
404Not FoundStorage not foundVerify storage ID
500Internal Server ErrorServer-side issueRetry the request