# Temporary Credentials

## Create Temporary Access Credentials

`client.R2.TemporaryCredentials.New(ctx, params) (*TemporaryCredentialNewResponse, error)`

**post** `/accounts/{account_id}/r2/temp-access-credentials`

Creates temporary access credentials on a bucket that can be optionally scoped to prefixes or objects.

### Parameters

- `params TemporaryCredentialNewParams`

  - `AccountID param.Field[string]`

    Path param: Account ID.

  - `TemporaryCredential param.Field[TemporaryCredential]`

    Body param

### Returns

- `type TemporaryCredentialNewResponse struct{…}`

  - `AccessKeyID string`

    ID for new access key.

  - `SecretAccessKey string`

    Secret access key.

  - `SessionToken string`

    Security token.

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/r2"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  temporaryCredential, err := client.R2.TemporaryCredentials.New(context.TODO(), r2.TemporaryCredentialNewParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    TemporaryCredential: r2.TemporaryCredentialParam{
      Bucket: cloudflare.F("example-bucket"),
      ParentAccessKeyID: cloudflare.F("example-access-key-id"),
      Permission: cloudflare.F(r2.TemporaryCredentialPermissionObjectReadWrite),
      TTLSeconds: cloudflare.F(3600.000000),
    },
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", temporaryCredential.AccessKeyID)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    "string"
  ],
  "result": {
    "accessKeyId": "example-access-key-id",
    "secretAccessKey": "example-secret-key",
    "sessionToken": "example-session-token"
  },
  "success": true
}
```

## Domain Types

### Temporary Credential

- `type TemporaryCredential struct{…}`

  - `Bucket string`

    Name of the R2 bucket.

  - `ParentAccessKeyID string`

    The parent access key id to use for signing.

  - `Permission TemporaryCredentialPermission`

    Permissions allowed on the credentials.

    - `const TemporaryCredentialPermissionAdminReadWrite TemporaryCredentialPermission = "admin-read-write"`

    - `const TemporaryCredentialPermissionAdminReadOnly TemporaryCredentialPermission = "admin-read-only"`

    - `const TemporaryCredentialPermissionObjectReadWrite TemporaryCredentialPermission = "object-read-write"`

    - `const TemporaryCredentialPermissionObjectReadOnly TemporaryCredentialPermission = "object-read-only"`

  - `TTLSeconds float64`

    How long the credentials will live for in seconds.

  - `Objects []string`

    Optional object paths to scope the credentials to.

  - `Prefixes []string`

    Optional prefix paths to scope the credentials to.