> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stigg.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Getting temporary credentials for event queues

# Overview

Use this guide to request short‑lived AWS credentials for a customer’s event queue via the Stigg Edge API. These credentials can be used to access the queue (e.g., read messages) without sharing long‑lived AWS keys.

## Use cases

* Poll or consume the customer’s provisioned SQS queue from a backend worker.
* Rotate access automatically by renewing short‑lived credentials.

## Endpoint

```bash theme={null}
GET https://edge.api.stigg.io/v1/credentials/event-queue.json?queueUrl=<queue-url>[&durationSeconds=<number>]
X-API-KEY: <api-key>
```

### Required header

* `X-API-KEY` — A full access key **or** a [scoped key](/api-and-sdks/api-reference/api-keys) with the **Event Queue: Read** permission.

### Query parameters

* `queueUrl` (required): The SQS queue URL that was provisioned for the customer.
* `durationSeconds` (optional): Lifespan of the temporary credentials.
  * Range: 900-3600 seconds (15 minutes-1 hour)
  * Default: 3600 seconds (1 hour)

Stigg validates the combination of `queueUrl + account + environment`. The request must be made with a key that belongs to the same account/environment where the queue was provisioned.

### Example request (cURL)

```bash theme={null}
curl -X GET \
"https://edge.api.stigg.io/v1/credentials/event-queue.json?queueUrl=https%3A%2F%2Fsqs.eu-west-1.amazonaws.com%2F123456789012%2Fcustomer-events&durationSeconds=1800" \
-H "X-API-KEY: $STIGG_API_KEY"
```

<Note>
  `STIGG_API_KEY` can be either a full access key or a scoped key with the **Event Queue: Read** permission. Using a scoped key is recommended for environments with strict security requirements, as it limits the key's access to only what is needed.
</Note>

### Example response

```json theme={null}
{
"accessKeyId": "...",
"secretAccessKey": "...",
"sessionToken": "...",
"expiration": "2025-08-03T09:58:08.468Z"
}
```

* `accessKeyId`, `secretAccessKey`, and `sessionToken` are AWS STS session credentials.
* `expiration` is an ISO timestamp when the credentials become invalid. Renew before this time.
