Skip to main content

Overview

Use this guide to request short‑lived AWS credentials for a customer’s event queue via the Stigg Edge API. These credentials can be used to access the queue (e.g., read messages) without sharing long‑lived AWS keys.

Use cases

  • Poll or consume the customer’s provisioned SQS queue from a backend worker.
  • Rotate access automatically by renewing short‑lived credentials.

Endpoint

GET https://edge.api.stigg.io/v1/credentials/event-queue.json?queueUrl=<queue-url>[&durationSeconds=<number>]
X-API-KEY: <server-api-key>

Required header

  • X-API-KEY — Server API key (environment‑scoped). Do not use a client/public key.

Query parameters

  • queueUrl (required) — The SQS queue URL that was provisioned for the customer.
  • durationSeconds (optional) — Lifespan of the temporary credentials.
    • Range: 900–3600 seconds (15 minutes–1 hour)
    • Default: 3600 seconds (1 hour)
Stigg validates the combination of queueUrl + account + environment. The request must be made with a Server API key for the same account/environment where the queue was provisioned.

Example request (cURL)

curl -X GET \
"https://edge.api.stigg.io/v1/credentials/event-queue.json?queueUrl=https%3A%2F%2Fsqs.eu-west-1.amazonaws.com%2F123456789012%2Fcustomer-events&durationSeconds=1800" \
-H "X-API-KEY: $STIGG_SERVER_API_KEY"

Example response

{
"accessKeyId": "...",
"secretAccessKey": "...",
"sessionToken": "...",
"expiration": "2025-08-03T09:58:08.468Z"
}
  • accessKeyId, secretAccessKey, and sessionToken are AWS STS session credentials.
  • expiration is an ISO timestamp when the credentials become invalid. Renew before this time.