Get storage credentials
Purpose
Retrieve temporary credentials to access a private data storage location for uploading input files and downloading results.
Request data
HTTP method: GET
- Constants and parameters enclosed in curly brackets
{}must be replaced with their values. - See the following Request parameters section with the required and optional parameters tables for these values.
URL format
get
URL format
https://api.tomtom.com/maps/orbis/platform/private-gateway/storages/{id}/credentials?type=READ_WRITE
URL example
get
URL example
https://api.tomtom.com/maps/orbis/platform/private-gateway/storages/storage-001/credentials?type=READ_WRITE
curl command example
get
curl command example
1curl -X GET "https://api.tomtom.com/maps/orbis/platform/private-gateway/storages/storage-001/credentials?type=READ_WRITE" \2 -H "tomtom-api-key: YOUR_API_KEY" \3 -H "Authorization: Bearer YOUR_AUTH_TOKEN"
Request headers
| Header | Required | Description |
|---|---|---|
tomtom-api-key | Yes | Your TomTom API key |
Authorization | Yes | Bearer token from Azure CLI |
Path parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | string | Yes | The unique identifier of the storage |
Query parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type | string | Yes | Credential type. Use READ_WRITE for upload/download operations or READ for download |
Response data
The credentials endpoint returns a wrapped Vault token that must be unwrapped before use. The response body contains the wrapped token as a string.
Response example
1{2 "credentials": "hvs.CAESI...truncated...wrapped_token"3}45### Unwrapping the token67The returned token is a HashiCorp Vault wrapped token. You must unwrap it to obtain the actual storage credentials:89```shell [type=post] [title=Unwrap vault token]10curl -X POST "https://hcp-vault.tomtomgroup.com/v1/sys/wrapping/unwrap" \11 -H "X-Vault-Token: hvs.CAESI...your_wrapped_token"
Unwrapped credentials response
1{2 "request_id":"abc123",3 "lease_id":"",4 "renewable": false,5 "lease_duration":0,6 "data": {7 "credentials":{8 "clientId":"123gdd",9 "clientSecret":"345cvb"10 },11 "id":"storage-001",12 "tenant_id":null,13 "url":"https://storage-001.blob.core.windows.net/default/"14 },15 "wrap_info":null,16 "warnings":null,17 "auth":null,18 "mount_type":"ns_system"19}
Unwrapped credentials fields
| Field | Type | Description |
|---|---|---|
data.credentials.clientId | string | Client ID for accessing Azure storage |
data.credentials.clientSecret | string | Client secret for Azure storage authentication |
data.id | string | Storage identifier (matches storage ID) |
data.tenant_id | string | null | Azure tenant ID (if applicable) |
data.url | string | Azure Blob Storage URL for the storage location |
Using the credentials
With the unwrapped credentials, you can authorize to the storage using:
1az login --service-principal \2 --username "123gdd"\3 --password "345cvb" \4 --tenant "374f8026-7b54-4a3a-b87d-328fa26ec10d"
Upload a file using Azure CLI
1az storage blob upload --account-name "storage-001" \2 --container-name "default" \3 --name "data.parquet" \4 --file "/Users/test/data.parquet" \5 --auth-mode login
Download results
1az storage blob download --account-name "storage-001" \2 --container-name "default" \3 --name "data.results.parquet" \4 --file "/Users/test/results/data.results.parquet" \5 --auth-mode login
Important notes
- Token wrapping: The credentials are returned as a wrapped Vault token for security. Always unwrap before use.
- Credential expiration: Credentials are temporary and expire after a limited time (check the
expirationfield). - READ_WRITE type: Always use
?type=READ_WRITEquery parameter to get credentials that allow both uploading input files and downloading results. - Refresh before expiry: Request new credentials before the current ones expire.
Error responses
| HTTP Status | Error | Cause | Solution |
|---|---|---|---|
| 401 | Unauthorized | Invalid credentials | Refresh API key or token |
| 403 | Forbidden | Insufficient permissions | Check your access rights |
| 404 | Not Found | Storage not found | Verify storage ID |
| 500 | Internal Server Error | Server-side issue | Retry the request |