# Temporary Credentials ## Create Temporary Access Credentials `r2.temporary_credentials.create(TemporaryCredentialCreateParams**kwargs) -> TemporaryCredentialCreateResponse` **post** `/accounts/{account_id}/r2/temp-access-credentials` Creates temporary access credentials on a bucket that can be optionally scoped to prefixes or objects. ### Parameters - `account_id: str` Account ID. - `bucket: str` Name of the R2 bucket. - `parent_access_key_id: str` The parent access key id to use for signing. - `permission: Literal["admin-read-write", "admin-read-only", "object-read-write", "object-read-only"]` Permissions allowed on the credentials. - `"admin-read-write"` - `"admin-read-only"` - `"object-read-write"` - `"object-read-only"` - `ttl_seconds: float` How long the credentials will live for in seconds. - `objects: Optional[SequenceNotStr[str]]` Optional object paths to scope the credentials to. - `prefixes: Optional[SequenceNotStr[str]]` Optional prefix paths to scope the credentials to. ### Returns - `class TemporaryCredentialCreateResponse: …` - `access_key_id: Optional[str]` ID for new access key. - `secret_access_key: Optional[str]` Secret access key. - `session_token: Optional[str]` Security token. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) temporary_credential = client.r2.temporary_credentials.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", bucket="example-bucket", parent_access_key_id="example-access-key-id", permission="object-read-write", ttl_seconds=3600, ) print(temporary_credential.access_key_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ "string" ], "result": { "accessKeyId": "example-access-key-id", "secretAccessKey": "example-secret-key", "sessionToken": "example-session-token" }, "success": true } ``` ## Domain Types ### Temporary Credential - `class TemporaryCredential: …` - `bucket: str` Name of the R2 bucket. - `parent_access_key_id: str` The parent access key id to use for signing. - `permission: Literal["admin-read-write", "admin-read-only", "object-read-write", "object-read-only"]` Permissions allowed on the credentials. - `"admin-read-write"` - `"admin-read-only"` - `"object-read-write"` - `"object-read-only"` - `ttl_seconds: float` How long the credentials will live for in seconds. - `objects: Optional[List[str]]` Optional object paths to scope the credentials to. - `prefixes: Optional[List[str]]` Optional prefix paths to scope the credentials to. ### Temporary Credential Create Response - `class TemporaryCredentialCreateResponse: …` - `access_key_id: Optional[str]` ID for new access key. - `secret_access_key: Optional[str]` Secret access key. - `session_token: Optional[str]` Security token.