2026/05/29 - Amazon Bedrock AgentCore Control - 9 updated api methods
Changes Reference your own AWS Secrets Manager secrets when configuring credential providers, giving you control over encryption, rotation, and access policies instead of using service-managed secrets.
{'apiKeySecretConfig': {'jsonKey': 'string', 'secretId': 'string'},
'apiKeySecretSource': 'MANAGED | EXTERNAL'}
Response {'apiKeySecretJsonKey': 'string', 'apiKeySecretSource': 'MANAGED | EXTERNAL'}
Creates a new API key credential provider.
See also: AWS API Documentation
Request Syntax
client.create_api_key_credential_provider(
name='string',
apiKey='string',
apiKeySecretConfig={
'secretId': 'string',
'jsonKey': 'string'
},
apiKeySecretSource='MANAGED'|'EXTERNAL',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The name of the API key credential provider. The name must be unique within your account.
string
The API key to use for authentication. This value is encrypted and stored securely.
dict
A reference to the AWS Secrets Manager secret that stores the API key. This includes the secret ID and the JSON key used to extract the API key value from the secret. Required when apiKeySecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
string
The source type of the API key secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
dict
A map of tag keys and values to assign to the API key credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
(string) --
(string) --
dict
Response Syntax
{
'apiKeySecretArn': {
'secretArn': 'string'
},
'apiKeySecretJsonKey': 'string',
'apiKeySecretSource': 'MANAGED'|'EXTERNAL',
'name': 'string',
'credentialProviderArn': 'string'
}
Response Structure
(dict) --
apiKeySecretArn (dict) --
The Amazon Resource Name (ARN) of the secret containing the API key.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
apiKeySecretJsonKey (string) --
The JSON key used to extract the API key value from the AWS Secrets Manager secret.
apiKeySecretSource (string) --
The source type of the API key secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
name (string) --
The name of the created API key credential provider.
credentialProviderArn (string) --
The Amazon Resource Name (ARN) of the created API key credential provider.
{'oauth2ProviderConfigInput': {'atlassianOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'customOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'githubOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'googleOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'includedOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'linkedinOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'microsoftOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'salesforceOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'slackOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'}}}
Response {'clientSecretJsonKey': 'string', 'clientSecretSource': 'MANAGED | EXTERNAL'}
Creates a new OAuth2 credential provider.
See also: AWS API Documentation
Request Syntax
client.create_oauth2_credential_provider(
name='string',
credentialProviderVendor='GoogleOauth2'|'GithubOauth2'|'SlackOauth2'|'SalesforceOauth2'|'MicrosoftOauth2'|'CustomOauth2'|'AtlassianOauth2'|'LinkedinOauth2'|'XOauth2'|'OktaOauth2'|'OneLoginOauth2'|'PingOneOauth2'|'FacebookOauth2'|'YandexOauth2'|'RedditOauth2'|'ZoomOauth2'|'TwitchOauth2'|'SpotifyOauth2'|'DropboxOauth2'|'NotionOauth2'|'HubspotOauth2'|'CyberArkOauth2'|'FusionAuthOauth2'|'Auth0Oauth2'|'CognitoOauth2',
oauth2ProviderConfigInput={
'customOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL',
'onBehalfOfTokenExchangeConfig': {
'grantType': 'TOKEN_EXCHANGE'|'JWT_AUTHORIZATION_GRANT',
'tokenExchangeGrantTypeConfig': {
'actorTokenContent': 'NONE'|'M2M'|'AWS_IAM_ID_TOKEN_JWT',
'actorTokenScopes': [
'string',
]
}
},
'clientAuthenticationMethod': 'CLIENT_SECRET_BASIC'|'CLIENT_SECRET_POST'|'AWS_IAM_ID_TOKEN_JWT',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
},
'privateEndpointOverrides': [
{
'domain': 'string',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
}
},
]
},
'googleOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'githubOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'slackOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'salesforceOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'microsoftOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL',
'tenantId': 'string'
},
'atlassianOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'linkedinOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'includedOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL',
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string'
}
},
tags={
'string': 'string'
}
)
string
[REQUIRED]
The name of the OAuth2 credential provider. The name must be unique within your account.
string
[REQUIRED]
The vendor of the OAuth2 credential provider. This specifies which OAuth2 implementation to use.
dict
[REQUIRED]
The configuration settings for the OAuth2 provider, including client ID, client secret, and other vendor-specific settings.
customOauth2ProviderConfig (dict) --
The configuration for a custom OAuth2 provider.
oauthDiscovery (dict) -- [REQUIRED]
The OAuth2 discovery information for the custom provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) -- [REQUIRED]
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) -- [REQUIRED]
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) -- [REQUIRED]
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the custom OAuth2 provider.
clientSecret (string) --
The client secret for the custom OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
onBehalfOfTokenExchangeConfig (dict) --
The configuration for on-behalf-of token exchange. This enables authentication flows that use RFC 8693 token exchange or RFC 7523 JWT authorization grants.
grantType (string) -- [REQUIRED]
The grant type for the on-behalf-of token exchange.
tokenExchangeGrantTypeConfig (dict) --
Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
actorTokenContent (string) -- [REQUIRED]
The content type for the actor token in the token exchange.
actorTokenScopes (list) --
The scopes for the actor token. Only valid when actorTokenContent is M2M.
(string) --
clientAuthenticationMethod (string) --
The client authentication method to use when authenticating with the token endpoint.
privateEndpoint (dict) --
The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) -- [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) -- [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) -- [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
privateEndpointOverrides (list) --
The private endpoint overrides for the custom OAuth2 provider configuration.
(dict) --
A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
domain (string) -- [REQUIRED]
The domain to override with a private endpoint.
privateEndpoint (dict) -- [REQUIRED]
The private endpoint configuration for the specified domain.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) -- [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) -- [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) -- [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
googleOauth2ProviderConfig (dict) --
The configuration for a Google OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the Google OAuth2 provider.
clientSecret (string) --
The client secret for the Google OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
githubOauth2ProviderConfig (dict) --
The configuration for a GitHub OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the GitHub OAuth2 provider.
clientSecret (string) --
The client secret for the GitHub OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
slackOauth2ProviderConfig (dict) --
The configuration for a Slack OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the Slack OAuth2 provider.
clientSecret (string) --
The client secret for the Slack OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
salesforceOauth2ProviderConfig (dict) --
The configuration for a Salesforce OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the Salesforce OAuth2 provider.
clientSecret (string) --
The client secret for the Salesforce OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
microsoftOauth2ProviderConfig (dict) --
The configuration for a Microsoft OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the Microsoft OAuth2 provider.
clientSecret (string) --
The client secret for the Microsoft OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
tenantId (string) --
The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered.
atlassianOauth2ProviderConfig (dict) --
Configuration settings for Atlassian OAuth2 provider integration.
clientId (string) -- [REQUIRED]
The client ID for the Atlassian OAuth2 provider. This identifier is assigned by Atlassian when you register your application.
clientSecret (string) --
The client secret for the Atlassian OAuth2 provider. This secret is assigned by Atlassian and used along with the client ID to authenticate your application.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret for the Atlassian OAuth2 provider. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
linkedinOauth2ProviderConfig (dict) --
Configuration settings for LinkedIn OAuth2 provider integration.
clientId (string) -- [REQUIRED]
The client ID for the LinkedIn OAuth2 provider. This identifier is assigned by LinkedIn when you register your application.
clientSecret (string) --
The client secret for the LinkedIn OAuth2 provider. This secret is assigned by LinkedIn and used along with the client ID to authenticate your application.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
includedOauth2ProviderConfig (dict) --
The configuration for a non-custom OAuth2 provider. This includes settings for supported OAuth2 providers that have built-in integration support.
clientId (string) -- [REQUIRED]
The client ID for the supported OAuth2 provider. This identifier is assigned by the OAuth2 provider when you register your application.
clientSecret (string) --
The client secret for the supported OAuth2 provider. This secret is assigned by the OAuth2 provider and used along with the client ID to authenticate your application.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
issuer (string) --
Token issuer of your isolated OAuth2 application tenant. This URL identifies the authorization server that issues tokens for this provider.
authorizationEndpoint (string) --
OAuth2 authorization endpoint for your isolated OAuth2 application tenant. This is where users are redirected to authenticate and authorize access to their resources.
tokenEndpoint (string) --
OAuth2 token endpoint for your isolated OAuth2 application tenant. This is where authorization codes are exchanged for access tokens.
dict
A map of tag keys and values to assign to the OAuth2 credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
(string) --
(string) --
dict
Response Syntax
{
'clientSecretArn': {
'secretArn': 'string'
},
'clientSecretJsonKey': 'string',
'clientSecretSource': 'MANAGED'|'EXTERNAL',
'name': 'string',
'credentialProviderArn': 'string',
'callbackUrl': 'string',
'oauth2ProviderConfigOutput': {
'customOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
},
'privateEndpointOverrides': [
{
'domain': 'string',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
}
},
],
'onBehalfOfTokenExchangeConfig': {
'grantType': 'TOKEN_EXCHANGE'|'JWT_AUTHORIZATION_GRANT',
'tokenExchangeGrantTypeConfig': {
'actorTokenContent': 'NONE'|'M2M'|'AWS_IAM_ID_TOKEN_JWT',
'actorTokenScopes': [
'string',
]
}
},
'clientAuthenticationMethod': 'CLIENT_SECRET_BASIC'|'CLIENT_SECRET_POST'|'AWS_IAM_ID_TOKEN_JWT'
},
'googleOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'githubOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'slackOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'salesforceOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'microsoftOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'atlassianOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'linkedinOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'includedOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
}
},
'status': 'CREATING'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED'
}
Response Structure
(dict) --
clientSecretArn (dict) --
The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
clientSecretJsonKey (string) --
The JSON key used to extract the client secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
name (string) --
The name of the OAuth2 credential provider.
credentialProviderArn (string) --
The Amazon Resource Name (ARN) of the OAuth2 credential provider.
callbackUrl (string) --
Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
oauth2ProviderConfigOutput (dict) --
Contains the output configuration for an OAuth2 provider.
customOauth2ProviderConfig (dict) --
The output configuration for a custom OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the custom provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the custom OAuth2 provider.
privateEndpoint (dict) --
The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
privateEndpointOverrides (list) --
The private endpoint overrides for the custom OAuth2 provider configuration.
(dict) --
A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
domain (string) --
The domain to override with a private endpoint.
privateEndpoint (dict) --
The private endpoint configuration for the specified domain.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
onBehalfOfTokenExchangeConfig (dict) --
The configuration for on-behalf-of token exchange.
grantType (string) --
The grant type for the on-behalf-of token exchange.
tokenExchangeGrantTypeConfig (dict) --
Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
actorTokenContent (string) --
The content type for the actor token in the token exchange.
actorTokenScopes (list) --
The scopes for the actor token. Only valid when actorTokenContent is M2M.
(string) --
clientAuthenticationMethod (string) --
The client authentication method used when authenticating with the token endpoint.
googleOauth2ProviderConfig (dict) --
The output configuration for a Google OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Google provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Google OAuth2 provider.
githubOauth2ProviderConfig (dict) --
The output configuration for a GitHub OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the GitHub provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the GitHub OAuth2 provider.
slackOauth2ProviderConfig (dict) --
The output configuration for a Slack OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Slack provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Slack OAuth2 provider.
salesforceOauth2ProviderConfig (dict) --
The output configuration for a Salesforce OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Salesforce provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Salesforce OAuth2 provider.
microsoftOauth2ProviderConfig (dict) --
The output configuration for a Microsoft OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Microsoft provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Microsoft OAuth2 provider.
atlassianOauth2ProviderConfig (dict) --
The configuration details for the Atlassian OAuth2 provider.
oauthDiscovery (dict) --
Contains the discovery information for an OAuth2 provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Atlassian OAuth2 provider.
linkedinOauth2ProviderConfig (dict) --
The configuration details for the LinkedIn OAuth2 provider.
oauthDiscovery (dict) --
Contains the discovery information for an OAuth2 provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the LinkedIn OAuth2 provider.
includedOauth2ProviderConfig (dict) --
The configuration for a non-custom OAuth2 provider. This includes the configuration details for supported OAuth2 providers that have built-in integration support.
oauthDiscovery (dict) --
Contains the discovery information for an OAuth2 provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the supported OAuth2 provider.
status (string) --
The current status of the OAuth2 credential provider.
{'providerConfigurationInput': {'coinbaseCdpConfiguration': {'apiKeySecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'apiKeySecretSource': 'MANAGED '
'| '
'EXTERNAL',
'walletSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'walletSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'stripePrivyConfiguration': {'appSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'appSecretSource': 'MANAGED '
'| '
'EXTERNAL',
'authorizationPrivateKeyConfig': {'jsonKey': 'string',
'secretId': 'string'},
'authorizationPrivateKeySource': 'MANAGED '
'| '
'EXTERNAL'}}}
Response {'providerConfigurationOutput': {'coinbaseCdpConfiguration': {'apiKeySecretJsonKey': 'string',
'apiKeySecretSource': 'MANAGED '
'| '
'EXTERNAL',
'walletSecretJsonKey': 'string',
'walletSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'stripePrivyConfiguration': {'appSecretJsonKey': 'string',
'appSecretSource': 'MANAGED '
'| '
'EXTERNAL',
'authorizationPrivateKeyJsonKey': 'string',
'authorizationPrivateKeySource': 'MANAGED '
'| '
'EXTERNAL'}}}
Creates a new payment credential provider for storing authentication credentials used by payment connectors to communicate with external payment providers.
See also: AWS API Documentation
Request Syntax
client.create_payment_credential_provider(
name='string',
credentialProviderVendor='CoinbaseCDP'|'StripePrivy',
providerConfigurationInput={
'coinbaseCdpConfiguration': {
'apiKeyId': 'string',
'apiKeySecret': 'string',
'apiKeySecretSource': 'MANAGED'|'EXTERNAL',
'apiKeySecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'walletSecret': 'string',
'walletSecretSource': 'MANAGED'|'EXTERNAL',
'walletSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
}
},
'stripePrivyConfiguration': {
'appId': 'string',
'appSecret': 'string',
'appSecretSource': 'MANAGED'|'EXTERNAL',
'appSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'authorizationPrivateKey': 'string',
'authorizationPrivateKeySource': 'MANAGED'|'EXTERNAL',
'authorizationPrivateKeyConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'authorizationId': 'string'
}
},
tags={
'string': 'string'
}
)
string
[REQUIRED]
Unique name for the payment credential provider.
string
[REQUIRED]
The vendor type for the payment credential provider (e.g., CoinbaseCDP, StripePrivy).
dict
[REQUIRED]
Configuration specific to the vendor, including API credentials.
coinbaseCdpConfiguration (dict) --
The Coinbase CDP configuration.
apiKeyId (string) -- [REQUIRED]
The API key identifier provided by Coinbase Developer Platform.
apiKeySecret (string) --
The API key secret provided by Coinbase Developer Platform.
apiKeySecretSource (string) --
The source type of the API key secret for the Coinbase Developer Platform. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
apiKeySecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the API key secret. This includes the secret ID and the JSON key used to extract the API key secret value from the secret. Required when apiKeySecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
walletSecret (string) --
The wallet secret provided by Coinbase Developer Platform.
walletSecretSource (string) --
The source type of the wallet secret for the Coinbase Developer Platform. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
walletSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the wallet secret. This includes the secret ID and the JSON key used to extract the wallet secret value from the secret. Required when walletSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
stripePrivyConfiguration (dict) --
The Stripe Privy configuration.
appId (string) -- [REQUIRED]
The app ID provided by Privy.
appSecret (string) --
The app secret provided by Privy.
appSecretSource (string) --
The source type of the app secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
appSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the app secret. This includes the secret ID and the JSON key used to extract the app secret value from the secret. Required when appSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
authorizationPrivateKey (string) --
The authorization private key for the Stripe Privy integration.
authorizationPrivateKeySource (string) --
The source type of the authorization private key. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
authorizationPrivateKeyConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the authorization private key. This includes the secret ID and the JSON key used to extract the authorization private key value from the secret. Required when authorizationPrivateKeySource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
authorizationId (string) -- [REQUIRED]
The authorization ID for the Stripe Privy integration.
dict
Optional tags for resource organization.
(string) --
(string) --
dict
Response Syntax
{
'name': 'string',
'credentialProviderVendor': 'CoinbaseCDP'|'StripePrivy',
'credentialProviderArn': 'string',
'providerConfigurationOutput': {
'coinbaseCdpConfiguration': {
'apiKeyId': 'string',
'apiKeySecretArn': {
'secretArn': 'string'
},
'apiKeySecretJsonKey': 'string',
'apiKeySecretSource': 'MANAGED'|'EXTERNAL',
'walletSecretArn': {
'secretArn': 'string'
},
'walletSecretJsonKey': 'string',
'walletSecretSource': 'MANAGED'|'EXTERNAL'
},
'stripePrivyConfiguration': {
'appId': 'string',
'appSecretArn': {
'secretArn': 'string'
},
'appSecretJsonKey': 'string',
'appSecretSource': 'MANAGED'|'EXTERNAL',
'authorizationPrivateKeyArn': {
'secretArn': 'string'
},
'authorizationPrivateKeyJsonKey': 'string',
'authorizationPrivateKeySource': 'MANAGED'|'EXTERNAL',
'authorizationId': 'string'
}
}
}
Response Structure
(dict) --
name (string) --
The name of the created payment credential provider.
credentialProviderVendor (string) --
The vendor type for the created payment credential provider.
credentialProviderArn (string) --
The Amazon Resource Name (ARN) of the created payment credential provider.
providerConfigurationOutput (dict) --
Output configuration (contains secret ARNs, excludes actual secret values).
coinbaseCdpConfiguration (dict) --
The Coinbase CDP configuration.
apiKeyId (string) --
The API key identifier provided by Coinbase Developer Platform.
apiKeySecretArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
apiKeySecretJsonKey (string) --
The JSON key used to extract the API key secret value from the AWS Secrets Manager secret.
apiKeySecretSource (string) --
The source type of the API key secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
walletSecretArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
walletSecretJsonKey (string) --
The JSON key used to extract the wallet secret value from the AWS Secrets Manager secret.
walletSecretSource (string) --
The source type of the wallet secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
stripePrivyConfiguration (dict) --
The Stripe Privy configuration.
appId (string) --
The app ID provided by Privy.
appSecretArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
appSecretJsonKey (string) --
The JSON key used to extract the app secret value from the AWS Secrets Manager secret.
appSecretSource (string) --
The source type of the app secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
authorizationPrivateKeyArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
authorizationPrivateKeyJsonKey (string) --
The JSON key used to extract the authorization private key value from the AWS Secrets Manager secret.
authorizationPrivateKeySource (string) --
The source type of the authorization private key. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
authorizationId (string) --
The authorization ID for the Stripe Privy integration.
{'apiKeySecretJsonKey': 'string', 'apiKeySecretSource': 'MANAGED | EXTERNAL'}
Retrieves information about an API key credential provider.
See also: AWS API Documentation
Request Syntax
client.get_api_key_credential_provider(
name='string'
)
string
[REQUIRED]
The name of the API key credential provider to retrieve.
dict
Response Syntax
{
'apiKeySecretArn': {
'secretArn': 'string'
},
'apiKeySecretJsonKey': 'string',
'apiKeySecretSource': 'MANAGED'|'EXTERNAL',
'name': 'string',
'credentialProviderArn': 'string',
'createdTime': datetime(2015, 1, 1),
'lastUpdatedTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
apiKeySecretArn (dict) --
The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
apiKeySecretJsonKey (string) --
The JSON key used to extract the API key value from the AWS Secrets Manager secret.
apiKeySecretSource (string) --
The source type of the API key secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
name (string) --
The name of the API key credential provider.
credentialProviderArn (string) --
The Amazon Resource Name (ARN) of the API key credential provider.
createdTime (datetime) --
The timestamp when the API key credential provider was created.
lastUpdatedTime (datetime) --
The timestamp when the API key credential provider was last updated.
{'clientSecretJsonKey': 'string', 'clientSecretSource': 'MANAGED | EXTERNAL'}
Retrieves information about an OAuth2 credential provider.
See also: AWS API Documentation
Request Syntax
client.get_oauth2_credential_provider(
name='string'
)
string
[REQUIRED]
The name of the OAuth2 credential provider to retrieve.
dict
Response Syntax
{
'clientSecretArn': {
'secretArn': 'string'
},
'clientSecretJsonKey': 'string',
'clientSecretSource': 'MANAGED'|'EXTERNAL',
'name': 'string',
'credentialProviderArn': 'string',
'credentialProviderVendor': 'GoogleOauth2'|'GithubOauth2'|'SlackOauth2'|'SalesforceOauth2'|'MicrosoftOauth2'|'CustomOauth2'|'AtlassianOauth2'|'LinkedinOauth2'|'XOauth2'|'OktaOauth2'|'OneLoginOauth2'|'PingOneOauth2'|'FacebookOauth2'|'YandexOauth2'|'RedditOauth2'|'ZoomOauth2'|'TwitchOauth2'|'SpotifyOauth2'|'DropboxOauth2'|'NotionOauth2'|'HubspotOauth2'|'CyberArkOauth2'|'FusionAuthOauth2'|'Auth0Oauth2'|'CognitoOauth2',
'callbackUrl': 'string',
'oauth2ProviderConfigOutput': {
'customOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
},
'privateEndpointOverrides': [
{
'domain': 'string',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
}
},
],
'onBehalfOfTokenExchangeConfig': {
'grantType': 'TOKEN_EXCHANGE'|'JWT_AUTHORIZATION_GRANT',
'tokenExchangeGrantTypeConfig': {
'actorTokenContent': 'NONE'|'M2M'|'AWS_IAM_ID_TOKEN_JWT',
'actorTokenScopes': [
'string',
]
}
},
'clientAuthenticationMethod': 'CLIENT_SECRET_BASIC'|'CLIENT_SECRET_POST'|'AWS_IAM_ID_TOKEN_JWT'
},
'googleOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'githubOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'slackOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'salesforceOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'microsoftOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'atlassianOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'linkedinOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'includedOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
}
},
'createdTime': datetime(2015, 1, 1),
'lastUpdatedTime': datetime(2015, 1, 1),
'status': 'CREATING'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED',
'failureReason': 'string'
}
Response Structure
(dict) --
clientSecretArn (dict) --
The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
clientSecretJsonKey (string) --
The JSON key used to extract the client secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
name (string) --
The name of the OAuth2 credential provider.
credentialProviderArn (string) --
ARN of the credential provider requested.
credentialProviderVendor (string) --
The vendor of the OAuth2 credential provider.
callbackUrl (string) --
Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
oauth2ProviderConfigOutput (dict) --
The configuration output for the OAuth2 provider.
customOauth2ProviderConfig (dict) --
The output configuration for a custom OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the custom provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the custom OAuth2 provider.
privateEndpoint (dict) --
The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
privateEndpointOverrides (list) --
The private endpoint overrides for the custom OAuth2 provider configuration.
(dict) --
A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
domain (string) --
The domain to override with a private endpoint.
privateEndpoint (dict) --
The private endpoint configuration for the specified domain.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
onBehalfOfTokenExchangeConfig (dict) --
The configuration for on-behalf-of token exchange.
grantType (string) --
The grant type for the on-behalf-of token exchange.
tokenExchangeGrantTypeConfig (dict) --
Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
actorTokenContent (string) --
The content type for the actor token in the token exchange.
actorTokenScopes (list) --
The scopes for the actor token. Only valid when actorTokenContent is M2M.
(string) --
clientAuthenticationMethod (string) --
The client authentication method used when authenticating with the token endpoint.
googleOauth2ProviderConfig (dict) --
The output configuration for a Google OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Google provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Google OAuth2 provider.
githubOauth2ProviderConfig (dict) --
The output configuration for a GitHub OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the GitHub provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the GitHub OAuth2 provider.
slackOauth2ProviderConfig (dict) --
The output configuration for a Slack OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Slack provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Slack OAuth2 provider.
salesforceOauth2ProviderConfig (dict) --
The output configuration for a Salesforce OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Salesforce provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Salesforce OAuth2 provider.
microsoftOauth2ProviderConfig (dict) --
The output configuration for a Microsoft OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Microsoft provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Microsoft OAuth2 provider.
atlassianOauth2ProviderConfig (dict) --
The configuration details for the Atlassian OAuth2 provider.
oauthDiscovery (dict) --
Contains the discovery information for an OAuth2 provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Atlassian OAuth2 provider.
linkedinOauth2ProviderConfig (dict) --
The configuration details for the LinkedIn OAuth2 provider.
oauthDiscovery (dict) --
Contains the discovery information for an OAuth2 provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the LinkedIn OAuth2 provider.
includedOauth2ProviderConfig (dict) --
The configuration for a non-custom OAuth2 provider. This includes the configuration details for supported OAuth2 providers that have built-in integration support.
oauthDiscovery (dict) --
Contains the discovery information for an OAuth2 provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the supported OAuth2 provider.
createdTime (datetime) --
The timestamp when the OAuth2 credential provider was created.
lastUpdatedTime (datetime) --
The timestamp when the OAuth2 credential provider was last updated.
status (string) --
The current status of the OAuth2 credential provider.
failureReason (string) --
The reason for failure if the OAuth2 credential provider is in a failed state.
{'providerConfigurationOutput': {'coinbaseCdpConfiguration': {'apiKeySecretJsonKey': 'string',
'apiKeySecretSource': 'MANAGED '
'| '
'EXTERNAL',
'walletSecretJsonKey': 'string',
'walletSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'stripePrivyConfiguration': {'appSecretJsonKey': 'string',
'appSecretSource': 'MANAGED '
'| '
'EXTERNAL',
'authorizationPrivateKeyJsonKey': 'string',
'authorizationPrivateKeySource': 'MANAGED '
'| '
'EXTERNAL'}}}
Retrieves information about a specific payment credential provider.
See also: AWS API Documentation
Request Syntax
client.get_payment_credential_provider(
name='string'
)
string
[REQUIRED]
The name of the payment credential provider to retrieve.
dict
Response Syntax
{
'name': 'string',
'credentialProviderArn': 'string',
'credentialProviderVendor': 'CoinbaseCDP'|'StripePrivy',
'providerConfigurationOutput': {
'coinbaseCdpConfiguration': {
'apiKeyId': 'string',
'apiKeySecretArn': {
'secretArn': 'string'
},
'apiKeySecretJsonKey': 'string',
'apiKeySecretSource': 'MANAGED'|'EXTERNAL',
'walletSecretArn': {
'secretArn': 'string'
},
'walletSecretJsonKey': 'string',
'walletSecretSource': 'MANAGED'|'EXTERNAL'
},
'stripePrivyConfiguration': {
'appId': 'string',
'appSecretArn': {
'secretArn': 'string'
},
'appSecretJsonKey': 'string',
'appSecretSource': 'MANAGED'|'EXTERNAL',
'authorizationPrivateKeyArn': {
'secretArn': 'string'
},
'authorizationPrivateKeyJsonKey': 'string',
'authorizationPrivateKeySource': 'MANAGED'|'EXTERNAL',
'authorizationId': 'string'
}
},
'createdTime': datetime(2015, 1, 1),
'lastUpdatedTime': datetime(2015, 1, 1),
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
name (string) --
The name of the payment credential provider.
credentialProviderArn (string) --
The Amazon Resource Name (ARN) of the payment credential provider.
credentialProviderVendor (string) --
The vendor type for the payment credential provider.
providerConfigurationOutput (dict) --
Output configuration (contains secret ARNs, excludes actual secret values).
coinbaseCdpConfiguration (dict) --
The Coinbase CDP configuration.
apiKeyId (string) --
The API key identifier provided by Coinbase Developer Platform.
apiKeySecretArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
apiKeySecretJsonKey (string) --
The JSON key used to extract the API key secret value from the AWS Secrets Manager secret.
apiKeySecretSource (string) --
The source type of the API key secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
walletSecretArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
walletSecretJsonKey (string) --
The JSON key used to extract the wallet secret value from the AWS Secrets Manager secret.
walletSecretSource (string) --
The source type of the wallet secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
stripePrivyConfiguration (dict) --
The Stripe Privy configuration.
appId (string) --
The app ID provided by Privy.
appSecretArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
appSecretJsonKey (string) --
The JSON key used to extract the app secret value from the AWS Secrets Manager secret.
appSecretSource (string) --
The source type of the app secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
authorizationPrivateKeyArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
authorizationPrivateKeyJsonKey (string) --
The JSON key used to extract the authorization private key value from the AWS Secrets Manager secret.
authorizationPrivateKeySource (string) --
The source type of the authorization private key. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
authorizationId (string) --
The authorization ID for the Stripe Privy integration.
createdTime (datetime) --
The timestamp when the payment credential provider was created.
lastUpdatedTime (datetime) --
The timestamp when the payment credential provider was last updated.
tags (dict) --
The tags associated with the payment credential provider.
(string) --
(string) --
{'apiKeySecretConfig': {'jsonKey': 'string', 'secretId': 'string'},
'apiKeySecretSource': 'MANAGED | EXTERNAL'}
Response {'apiKeySecretJsonKey': 'string', 'apiKeySecretSource': 'MANAGED | EXTERNAL'}
Updates an existing API key credential provider.
See also: AWS API Documentation
Request Syntax
client.update_api_key_credential_provider(
name='string',
apiKey='string',
apiKeySecretConfig={
'secretId': 'string',
'jsonKey': 'string'
},
apiKeySecretSource='MANAGED'|'EXTERNAL'
)
string
[REQUIRED]
The name of the API key credential provider to update.
string
The new API key to use for authentication. This value replaces the existing API key and is encrypted and stored securely.
dict
A reference to the AWS Secrets Manager secret that stores the API key. This includes the secret ID and the JSON key used to extract the API key value from the secret. Required when apiKeySecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
string
The source type of the API key secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
dict
Response Syntax
{
'apiKeySecretArn': {
'secretArn': 'string'
},
'apiKeySecretJsonKey': 'string',
'apiKeySecretSource': 'MANAGED'|'EXTERNAL',
'name': 'string',
'credentialProviderArn': 'string',
'createdTime': datetime(2015, 1, 1),
'lastUpdatedTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
apiKeySecretArn (dict) --
The Amazon Resource Name (ARN) of the API key secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
apiKeySecretJsonKey (string) --
The JSON key used to extract the API key value from the AWS Secrets Manager secret.
apiKeySecretSource (string) --
The source type of the API key secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
name (string) --
The name of the API key credential provider.
credentialProviderArn (string) --
The Amazon Resource Name (ARN) of the API key credential provider.
createdTime (datetime) --
The timestamp when the API key credential provider was created.
lastUpdatedTime (datetime) --
The timestamp when the API key credential provider was last updated.
{'oauth2ProviderConfigInput': {'atlassianOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'customOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'githubOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'googleOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'includedOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'linkedinOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'microsoftOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'salesforceOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'slackOauth2ProviderConfig': {'clientSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'clientSecretSource': 'MANAGED '
'| '
'EXTERNAL'}}}
Response {'clientSecretJsonKey': 'string', 'clientSecretSource': 'MANAGED | EXTERNAL'}
Updates an existing OAuth2 credential provider.
See also: AWS API Documentation
Request Syntax
client.update_oauth2_credential_provider(
name='string',
credentialProviderVendor='GoogleOauth2'|'GithubOauth2'|'SlackOauth2'|'SalesforceOauth2'|'MicrosoftOauth2'|'CustomOauth2'|'AtlassianOauth2'|'LinkedinOauth2'|'XOauth2'|'OktaOauth2'|'OneLoginOauth2'|'PingOneOauth2'|'FacebookOauth2'|'YandexOauth2'|'RedditOauth2'|'ZoomOauth2'|'TwitchOauth2'|'SpotifyOauth2'|'DropboxOauth2'|'NotionOauth2'|'HubspotOauth2'|'CyberArkOauth2'|'FusionAuthOauth2'|'Auth0Oauth2'|'CognitoOauth2',
oauth2ProviderConfigInput={
'customOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL',
'onBehalfOfTokenExchangeConfig': {
'grantType': 'TOKEN_EXCHANGE'|'JWT_AUTHORIZATION_GRANT',
'tokenExchangeGrantTypeConfig': {
'actorTokenContent': 'NONE'|'M2M'|'AWS_IAM_ID_TOKEN_JWT',
'actorTokenScopes': [
'string',
]
}
},
'clientAuthenticationMethod': 'CLIENT_SECRET_BASIC'|'CLIENT_SECRET_POST'|'AWS_IAM_ID_TOKEN_JWT',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
},
'privateEndpointOverrides': [
{
'domain': 'string',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
}
},
]
},
'googleOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'githubOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'slackOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'salesforceOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'microsoftOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL',
'tenantId': 'string'
},
'atlassianOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'linkedinOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL'
},
'includedOauth2ProviderConfig': {
'clientId': 'string',
'clientSecret': 'string',
'clientSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'clientSecretSource': 'MANAGED'|'EXTERNAL',
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string'
}
}
)
string
[REQUIRED]
The name of the OAuth2 credential provider to update.
string
[REQUIRED]
The vendor of the OAuth2 credential provider.
dict
[REQUIRED]
The configuration input for the OAuth2 provider.
customOauth2ProviderConfig (dict) --
The configuration for a custom OAuth2 provider.
oauthDiscovery (dict) -- [REQUIRED]
The OAuth2 discovery information for the custom provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) -- [REQUIRED]
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) -- [REQUIRED]
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) -- [REQUIRED]
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the custom OAuth2 provider.
clientSecret (string) --
The client secret for the custom OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
onBehalfOfTokenExchangeConfig (dict) --
The configuration for on-behalf-of token exchange. This enables authentication flows that use RFC 8693 token exchange or RFC 7523 JWT authorization grants.
grantType (string) -- [REQUIRED]
The grant type for the on-behalf-of token exchange.
tokenExchangeGrantTypeConfig (dict) --
Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
actorTokenContent (string) -- [REQUIRED]
The content type for the actor token in the token exchange.
actorTokenScopes (list) --
The scopes for the actor token. Only valid when actorTokenContent is M2M.
(string) --
clientAuthenticationMethod (string) --
The client authentication method to use when authenticating with the token endpoint.
privateEndpoint (dict) --
The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) -- [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) -- [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) -- [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
privateEndpointOverrides (list) --
The private endpoint overrides for the custom OAuth2 provider configuration.
(dict) --
A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
domain (string) -- [REQUIRED]
The domain to override with a private endpoint.
privateEndpoint (dict) -- [REQUIRED]
The private endpoint configuration for the specified domain.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) -- [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) -- [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) -- [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
googleOauth2ProviderConfig (dict) --
The configuration for a Google OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the Google OAuth2 provider.
clientSecret (string) --
The client secret for the Google OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
githubOauth2ProviderConfig (dict) --
The configuration for a GitHub OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the GitHub OAuth2 provider.
clientSecret (string) --
The client secret for the GitHub OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
slackOauth2ProviderConfig (dict) --
The configuration for a Slack OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the Slack OAuth2 provider.
clientSecret (string) --
The client secret for the Slack OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
salesforceOauth2ProviderConfig (dict) --
The configuration for a Salesforce OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the Salesforce OAuth2 provider.
clientSecret (string) --
The client secret for the Salesforce OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
microsoftOauth2ProviderConfig (dict) --
The configuration for a Microsoft OAuth2 provider.
clientId (string) -- [REQUIRED]
The client ID for the Microsoft OAuth2 provider.
clientSecret (string) --
The client secret for the Microsoft OAuth2 provider.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
tenantId (string) --
The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered.
atlassianOauth2ProviderConfig (dict) --
Configuration settings for Atlassian OAuth2 provider integration.
clientId (string) -- [REQUIRED]
The client ID for the Atlassian OAuth2 provider. This identifier is assigned by Atlassian when you register your application.
clientSecret (string) --
The client secret for the Atlassian OAuth2 provider. This secret is assigned by Atlassian and used along with the client ID to authenticate your application.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret for the Atlassian OAuth2 provider. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
linkedinOauth2ProviderConfig (dict) --
Configuration settings for LinkedIn OAuth2 provider integration.
clientId (string) -- [REQUIRED]
The client ID for the LinkedIn OAuth2 provider. This identifier is assigned by LinkedIn when you register your application.
clientSecret (string) --
The client secret for the LinkedIn OAuth2 provider. This secret is assigned by LinkedIn and used along with the client ID to authenticate your application.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
includedOauth2ProviderConfig (dict) --
The configuration for a non-custom OAuth2 provider. This includes settings for supported OAuth2 providers that have built-in integration support.
clientId (string) -- [REQUIRED]
The client ID for the supported OAuth2 provider. This identifier is assigned by the OAuth2 provider when you register your application.
clientSecret (string) --
The client secret for the supported OAuth2 provider. This secret is assigned by the OAuth2 provider and used along with the client ID to authenticate your application.
clientSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
issuer (string) --
Token issuer of your isolated OAuth2 application tenant. This URL identifies the authorization server that issues tokens for this provider.
authorizationEndpoint (string) --
OAuth2 authorization endpoint for your isolated OAuth2 application tenant. This is where users are redirected to authenticate and authorize access to their resources.
tokenEndpoint (string) --
OAuth2 token endpoint for your isolated OAuth2 application tenant. This is where authorization codes are exchanged for access tokens.
dict
Response Syntax
{
'clientSecretArn': {
'secretArn': 'string'
},
'clientSecretJsonKey': 'string',
'clientSecretSource': 'MANAGED'|'EXTERNAL',
'name': 'string',
'credentialProviderVendor': 'GoogleOauth2'|'GithubOauth2'|'SlackOauth2'|'SalesforceOauth2'|'MicrosoftOauth2'|'CustomOauth2'|'AtlassianOauth2'|'LinkedinOauth2'|'XOauth2'|'OktaOauth2'|'OneLoginOauth2'|'PingOneOauth2'|'FacebookOauth2'|'YandexOauth2'|'RedditOauth2'|'ZoomOauth2'|'TwitchOauth2'|'SpotifyOauth2'|'DropboxOauth2'|'NotionOauth2'|'HubspotOauth2'|'CyberArkOauth2'|'FusionAuthOauth2'|'Auth0Oauth2'|'CognitoOauth2',
'credentialProviderArn': 'string',
'callbackUrl': 'string',
'oauth2ProviderConfigOutput': {
'customOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
},
'privateEndpointOverrides': [
{
'domain': 'string',
'privateEndpoint': {
'selfManagedLatticeResource': {
'resourceConfigurationIdentifier': 'string'
},
'managedVpcResource': {
'vpcIdentifier': 'string',
'subnetIds': [
'string',
],
'endpointIpAddressType': 'IPV4'|'IPV6',
'securityGroupIds': [
'string',
],
'tags': {
'string': 'string'
},
'routingDomain': 'string'
}
}
},
],
'onBehalfOfTokenExchangeConfig': {
'grantType': 'TOKEN_EXCHANGE'|'JWT_AUTHORIZATION_GRANT',
'tokenExchangeGrantTypeConfig': {
'actorTokenContent': 'NONE'|'M2M'|'AWS_IAM_ID_TOKEN_JWT',
'actorTokenScopes': [
'string',
]
}
},
'clientAuthenticationMethod': 'CLIENT_SECRET_BASIC'|'CLIENT_SECRET_POST'|'AWS_IAM_ID_TOKEN_JWT'
},
'googleOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'githubOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'slackOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'salesforceOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'microsoftOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'atlassianOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'linkedinOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
},
'includedOauth2ProviderConfig': {
'oauthDiscovery': {
'discoveryUrl': 'string',
'authorizationServerMetadata': {
'issuer': 'string',
'authorizationEndpoint': 'string',
'tokenEndpoint': 'string',
'responseTypes': [
'string',
],
'tokenEndpointAuthMethods': [
'string',
]
}
},
'clientId': 'string'
}
},
'createdTime': datetime(2015, 1, 1),
'lastUpdatedTime': datetime(2015, 1, 1),
'status': 'CREATING'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED'
}
Response Structure
(dict) --
clientSecretArn (dict) --
The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
clientSecretJsonKey (string) --
The JSON key used to extract the client secret value from the AWS Secrets Manager secret.
clientSecretSource (string) --
The source type of the client secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
name (string) --
The name of the OAuth2 credential provider.
credentialProviderVendor (string) --
The vendor of the OAuth2 credential provider.
credentialProviderArn (string) --
The Amazon Resource Name (ARN) of the OAuth2 credential provider.
callbackUrl (string) --
Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
oauth2ProviderConfigOutput (dict) --
The configuration output for the OAuth2 provider.
customOauth2ProviderConfig (dict) --
The output configuration for a custom OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the custom provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the custom OAuth2 provider.
privateEndpoint (dict) --
The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
privateEndpointOverrides (list) --
The private endpoint overrides for the custom OAuth2 provider configuration.
(dict) --
A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
domain (string) --
The domain to override with a private endpoint.
privateEndpoint (dict) --
The private endpoint configuration for the specified domain.
selfManagedLatticeResource (dict) --
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
resourceConfigurationIdentifier (string) --
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) --
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) --
The ID of the VPC that contains your private resource.
subnetIds (list) --
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) --
endpointIpAddressType (string) --
The IP address type for the resource configuration endpoint.
securityGroupIds (list) --
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) --
tags (dict) --
Tags to apply to the managed VPC Lattice resource gateway.
(string) --
(string) --
routingDomain (string) --
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
onBehalfOfTokenExchangeConfig (dict) --
The configuration for on-behalf-of token exchange.
grantType (string) --
The grant type for the on-behalf-of token exchange.
tokenExchangeGrantTypeConfig (dict) --
Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
actorTokenContent (string) --
The content type for the actor token in the token exchange.
actorTokenScopes (list) --
The scopes for the actor token. Only valid when actorTokenContent is M2M.
(string) --
clientAuthenticationMethod (string) --
The client authentication method used when authenticating with the token endpoint.
googleOauth2ProviderConfig (dict) --
The output configuration for a Google OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Google provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Google OAuth2 provider.
githubOauth2ProviderConfig (dict) --
The output configuration for a GitHub OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the GitHub provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the GitHub OAuth2 provider.
slackOauth2ProviderConfig (dict) --
The output configuration for a Slack OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Slack provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Slack OAuth2 provider.
salesforceOauth2ProviderConfig (dict) --
The output configuration for a Salesforce OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Salesforce provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Salesforce OAuth2 provider.
microsoftOauth2ProviderConfig (dict) --
The output configuration for a Microsoft OAuth2 provider.
oauthDiscovery (dict) --
The OAuth2 discovery information for the Microsoft provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Microsoft OAuth2 provider.
atlassianOauth2ProviderConfig (dict) --
The configuration details for the Atlassian OAuth2 provider.
oauthDiscovery (dict) --
Contains the discovery information for an OAuth2 provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the Atlassian OAuth2 provider.
linkedinOauth2ProviderConfig (dict) --
The configuration details for the LinkedIn OAuth2 provider.
oauthDiscovery (dict) --
Contains the discovery information for an OAuth2 provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the LinkedIn OAuth2 provider.
includedOauth2ProviderConfig (dict) --
The configuration for a non-custom OAuth2 provider. This includes the configuration details for supported OAuth2 providers that have built-in integration support.
oauthDiscovery (dict) --
Contains the discovery information for an OAuth2 provider.
discoveryUrl (string) --
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) --
The authorization server metadata for the OAuth2 provider.
issuer (string) --
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) --
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) --
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) --
The supported response types for the OAuth2 authorization server.
(string) --
tokenEndpointAuthMethods (list) --
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) --
clientId (string) --
The client ID for the supported OAuth2 provider.
createdTime (datetime) --
The timestamp when the OAuth2 credential provider was created.
lastUpdatedTime (datetime) --
The timestamp when the OAuth2 credential provider was last updated.
status (string) --
The current status of the updated OAuth2 credential provider.
{'providerConfigurationInput': {'coinbaseCdpConfiguration': {'apiKeySecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'apiKeySecretSource': 'MANAGED '
'| '
'EXTERNAL',
'walletSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'walletSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'stripePrivyConfiguration': {'appSecretConfig': {'jsonKey': 'string',
'secretId': 'string'},
'appSecretSource': 'MANAGED '
'| '
'EXTERNAL',
'authorizationPrivateKeyConfig': {'jsonKey': 'string',
'secretId': 'string'},
'authorizationPrivateKeySource': 'MANAGED '
'| '
'EXTERNAL'}}}
Response {'providerConfigurationOutput': {'coinbaseCdpConfiguration': {'apiKeySecretJsonKey': 'string',
'apiKeySecretSource': 'MANAGED '
'| '
'EXTERNAL',
'walletSecretJsonKey': 'string',
'walletSecretSource': 'MANAGED '
'| '
'EXTERNAL'},
'stripePrivyConfiguration': {'appSecretJsonKey': 'string',
'appSecretSource': 'MANAGED '
'| '
'EXTERNAL',
'authorizationPrivateKeyJsonKey': 'string',
'authorizationPrivateKeySource': 'MANAGED '
'| '
'EXTERNAL'}}}
Updates an existing payment credential provider with new authentication credentials.
See also: AWS API Documentation
Request Syntax
client.update_payment_credential_provider(
name='string',
credentialProviderVendor='CoinbaseCDP'|'StripePrivy',
providerConfigurationInput={
'coinbaseCdpConfiguration': {
'apiKeyId': 'string',
'apiKeySecret': 'string',
'apiKeySecretSource': 'MANAGED'|'EXTERNAL',
'apiKeySecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'walletSecret': 'string',
'walletSecretSource': 'MANAGED'|'EXTERNAL',
'walletSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
}
},
'stripePrivyConfiguration': {
'appId': 'string',
'appSecret': 'string',
'appSecretSource': 'MANAGED'|'EXTERNAL',
'appSecretConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'authorizationPrivateKey': 'string',
'authorizationPrivateKeySource': 'MANAGED'|'EXTERNAL',
'authorizationPrivateKeyConfig': {
'secretId': 'string',
'jsonKey': 'string'
},
'authorizationId': 'string'
}
}
)
string
[REQUIRED]
The name of the payment credential provider to update.
string
[REQUIRED]
The vendor type for the payment credential provider (e.g., CoinbaseCDP, StripePrivy).
dict
[REQUIRED]
Configuration specific to the vendor, including API credentials.
coinbaseCdpConfiguration (dict) --
The Coinbase CDP configuration.
apiKeyId (string) -- [REQUIRED]
The API key identifier provided by Coinbase Developer Platform.
apiKeySecret (string) --
The API key secret provided by Coinbase Developer Platform.
apiKeySecretSource (string) --
The source type of the API key secret for the Coinbase Developer Platform. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
apiKeySecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the API key secret. This includes the secret ID and the JSON key used to extract the API key secret value from the secret. Required when apiKeySecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
walletSecret (string) --
The wallet secret provided by Coinbase Developer Platform.
walletSecretSource (string) --
The source type of the wallet secret for the Coinbase Developer Platform. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
walletSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the wallet secret. This includes the secret ID and the JSON key used to extract the wallet secret value from the secret. Required when walletSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
stripePrivyConfiguration (dict) --
The Stripe Privy configuration.
appId (string) -- [REQUIRED]
The app ID provided by Privy.
appSecret (string) --
The app secret provided by Privy.
appSecretSource (string) --
The source type of the app secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
appSecretConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the app secret. This includes the secret ID and the JSON key used to extract the app secret value from the secret. Required when appSecretSource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
authorizationPrivateKey (string) --
The authorization private key for the Stripe Privy integration.
authorizationPrivateKeySource (string) --
The source type of the authorization private key. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.
authorizationPrivateKeyConfig (dict) --
A reference to the AWS Secrets Manager secret that stores the authorization private key. This includes the secret ID and the JSON key used to extract the authorization private key value from the secret. Required when authorizationPrivateKeySource is set to EXTERNAL.
secretId (string) -- [REQUIRED]
The ID of the AWS Secrets Manager secret that stores the secret value.
jsonKey (string) -- [REQUIRED]
The JSON key used to extract the secret value from the AWS Secrets Manager secret.
authorizationId (string) -- [REQUIRED]
The authorization ID for the Stripe Privy integration.
dict
Response Syntax
{
'name': 'string',
'credentialProviderVendor': 'CoinbaseCDP'|'StripePrivy',
'credentialProviderArn': 'string',
'providerConfigurationOutput': {
'coinbaseCdpConfiguration': {
'apiKeyId': 'string',
'apiKeySecretArn': {
'secretArn': 'string'
},
'apiKeySecretJsonKey': 'string',
'apiKeySecretSource': 'MANAGED'|'EXTERNAL',
'walletSecretArn': {
'secretArn': 'string'
},
'walletSecretJsonKey': 'string',
'walletSecretSource': 'MANAGED'|'EXTERNAL'
},
'stripePrivyConfiguration': {
'appId': 'string',
'appSecretArn': {
'secretArn': 'string'
},
'appSecretJsonKey': 'string',
'appSecretSource': 'MANAGED'|'EXTERNAL',
'authorizationPrivateKeyArn': {
'secretArn': 'string'
},
'authorizationPrivateKeyJsonKey': 'string',
'authorizationPrivateKeySource': 'MANAGED'|'EXTERNAL',
'authorizationId': 'string'
}
},
'createdTime': datetime(2015, 1, 1),
'lastUpdatedTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
name (string) --
The name of the updated payment credential provider.
credentialProviderVendor (string) --
The vendor type for the updated payment credential provider.
credentialProviderArn (string) --
The Amazon Resource Name (ARN) of the updated payment credential provider.
providerConfigurationOutput (dict) --
Output configuration (contains secret ARNs, excludes actual secret values).
coinbaseCdpConfiguration (dict) --
The Coinbase CDP configuration.
apiKeyId (string) --
The API key identifier provided by Coinbase Developer Platform.
apiKeySecretArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
apiKeySecretJsonKey (string) --
The JSON key used to extract the API key secret value from the AWS Secrets Manager secret.
apiKeySecretSource (string) --
The source type of the API key secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
walletSecretArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
walletSecretJsonKey (string) --
The JSON key used to extract the wallet secret value from the AWS Secrets Manager secret.
walletSecretSource (string) --
The source type of the wallet secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
stripePrivyConfiguration (dict) --
The Stripe Privy configuration.
appId (string) --
The app ID provided by Privy.
appSecretArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
appSecretJsonKey (string) --
The JSON key used to extract the app secret value from the AWS Secrets Manager secret.
appSecretSource (string) --
The source type of the app secret. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
authorizationPrivateKeyArn (dict) --
Contains information about a secret in AWS Secrets Manager.
secretArn (string) --
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
authorizationPrivateKeyJsonKey (string) --
The JSON key used to extract the authorization private key value from the AWS Secrets Manager secret.
authorizationPrivateKeySource (string) --
The source type of the authorization private key. Either MANAGED if the secret is managed by the service, or EXTERNAL if managed by the user in AWS Secrets Manager.
authorizationId (string) --
The authorization ID for the Stripe Privy integration.
createdTime (datetime) --
The timestamp when the payment credential provider was created.
lastUpdatedTime (datetime) --
The timestamp when the payment credential provider was last updated.