Overview
Use this guide to request short‑lived AWS credentials for a customer’s event queue via the Stigg Edge API. These credentials can be used to access the queue (e.g., read messages) without sharing long‑lived AWS keys.
Use cases
- Poll or consume the customer’s provisioned SQS queue from a backend worker.
- Rotate access automatically by renewing short‑lived credentials.
Endpoint
GET https://edge.api.stigg.io/v1/credentials/event-queue.json?queueUrl=<queue-url>[&durationSeconds=<number>]
X-API-KEY: <api-key>
X-API-KEY — A full access key or a scoped key with the Event Queue: Read permission.
Query parameters
queueUrl (required): The SQS queue URL that was provisioned for the customer.durationSeconds (optional): Lifespan of the temporary credentials.
- Range: 900-3600 seconds (15 minutes-1 hour)
- Default: 3600 seconds (1 hour)
Stigg validates the combination of queueUrl + account + environment. The request must be made with a key that belongs to the same account/environment where the queue was provisioned.
Example request (cURL)
curl -X GET \
"https://edge.api.stigg.io/v1/credentials/event-queue.json?queueUrl=https%3A%2F%2Fsqs.eu-west-1.amazonaws.com%2F123456789012%2Fcustomer-events&durationSeconds=1800" \
-H "X-API-KEY: $STIGG_API_KEY"
STIGG_API_KEY can be either a full access key or a scoped key with the Event Queue: Read permission. Using a scoped key is recommended for environments with strict security requirements, as it limits the key’s access to only what is needed.
Example response
{
"accessKeyId": "...",
"secretAccessKey": "...",
"sessionToken": "...",
"expiration": "2025-08-03T09:58:08.468Z"
}
accessKeyId, secretAccessKey, and sessionToken are AWS STS session credentials.expiration is an ISO timestamp when the credentials become invalid. Renew before this time.
