Skip to main content
POST
Create access key from OIDC

gRPC method: CreateAccessKeyFromOIDC

  • The API server is https://api.coreweave.com.
  • This endpoint is anonymous on the CoreWeave side — authentication comes from the OIDC token in the request body, not a Bearer token in the header.
Exchanges an OIDC token from a configured Workload Identity Federation provider for a temporary CoreWeave AI Object Storage access key. The lifespan is set by durationSeconds and must be 0–43200 seconds (12 hours maximum).
data.json
Example request

Body

application/json

Inputs for exchanging an OIDC token for a CoreWeave AI Object Storage access key.

durationSeconds
integer<uint32>
required

Lifespan of the resulting access key in seconds. Must be 0–43200 (12 hours maximum).

Required range: 0 <= x <= 43200
orgId
string
required

The CoreWeave organization ID to mint the access key for.

oidcToken
string
required

The OIDC token from the configured Workload Identity Federation provider.

attributes
object

Free-form caller-supplied attributes attached to the key (for example, name).

Response

OK

The newly-minted access key. The secretKey is the only opportunity to read the secret value.

accessKeyId
string

The access-key ID.

secretKey
string

The secret access key. Treat as a credential and store it securely on receipt.

principalName
string

The fully-qualified principal name that owns the access key.

expiry
string<date-time>

The expiration time of the access key.

attributes
object

The attributes that were attached to the key on creation.

Last modified on July 13, 2026