# CreateAccessToken


Creates an access token for a DNS view. Access tokens provide token-based authentication for DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) connections to the Route 53 Global Resolver.

**Important**  
Route 53 Global Resolver is a global service that supports resolvers in multiple AWS Regions but you must specify the US East (Ohio) Region to create, update, or otherwise work with Route 53 Global Resolver resources. That is, for example, specify `--region us-east-2` on AWS CLI commands.

## Request Syntax


```
POST /tokens/dnsViewId HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "expiresAt": "string",
   "name": "string",
   "tags": { 
      "string" : "string" 
   }
}
```

## URI Request Parameters


The request uses the following URI parameters.

 ** [dnsViewId](#API_route53globalresolver_CreateAccessToken_RequestSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-request-uri-dnsViewId"></a>
The ID of the DNS view to associate with this token.  
Length Constraints: Minimum length of 1. Maximum length of 64.  
Pattern: `[-.a-zA-Z0-9]+`   
Required: Yes

## Request Body


The request accepts the following data in JSON format.

 ** [clientToken](#API_route53globalresolver_CreateAccessToken_RequestSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-request-clientToken"></a>
A unique, case-sensitive identifier to ensure idempotency. This means that making the same request multiple times with the same `clientToken` has the same result every time.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 256.  
Required: No

 ** [expiresAt](#API_route53globalresolver_CreateAccessToken_RequestSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-request-expiresAt"></a>
The date and time when the token expires. Tokens can have a minimum expiration of 30 days and maximum of 365 days from creation.  
Type: Timestamp  
Required: No

 ** [name](#API_route53globalresolver_CreateAccessToken_RequestSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-request-name"></a>
A descriptive name for the access token.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 32.  
Pattern: `(?!^[0-9]+$)([a-zA-Z0-9-_/' ']+)`   
Required: No

 ** [tags](#API_route53globalresolver_CreateAccessToken_RequestSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-request-tags"></a>
An array of user-defined keys and optional values. These tags can be used for categorization and organization.  
Type: String to string map  
Map Entries: Minimum number of 0 items. Maximum number of 50 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 128.  
Key Pattern: `([\p{L}\p{Z}\p{N}_.:/=+\-@]*)`   
Value Length Constraints: Minimum length of 0. Maximum length of 256.  
Value Pattern: `([\p{L}\p{Z}\p{N}_.:/=+\-@]*)`   
Required: No

## Response Syntax


```
HTTP/1.1 200
Content-type: application/json

{
   "arn": "string",
   "clientToken": "string",
   "createdAt": "string",
   "dnsViewId": "string",
   "expiresAt": "string",
   "id": "string",
   "name": "string",
   "status": "string",
   "value": "string"
}
```

## Response Elements


If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [arn](#API_route53globalresolver_CreateAccessToken_ResponseSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-response-arn"></a>
The Amazon Resource Name (ARN) of the access token.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 2048.  
Pattern: `arn:[-.a-z0-9]{1,63}:[-.a-z0-9]{1,63}:[-.a-z0-9]{0,63}:[-.a-z0-9]{0,63}:[^/].{0,1023}` 

 ** [clientToken](#API_route53globalresolver_CreateAccessToken_ResponseSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-response-clientToken"></a>
The unique string that identifies the request and ensures idempotency.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 256.

 ** [createdAt](#API_route53globalresolver_CreateAccessToken_ResponseSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-response-createdAt"></a>
The date and time when the access token was created.  
Type: Timestamp

 ** [dnsViewId](#API_route53globalresolver_CreateAccessToken_ResponseSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-response-dnsViewId"></a>
The ID of the DNS view associated with this access token.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 64.  
Pattern: `[-.a-zA-Z0-9]+` 

 ** [expiresAt](#API_route53globalresolver_CreateAccessToken_ResponseSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-response-expiresAt"></a>
The date and time when the access token expires.  
Type: Timestamp

 ** [id](#API_route53globalresolver_CreateAccessToken_ResponseSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-response-id"></a>
The unique identifier for the access token.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 64.  
Pattern: `[-.a-zA-Z0-9]+` 

 ** [name](#API_route53globalresolver_CreateAccessToken_ResponseSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-response-name"></a>
The name of the access token.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 32.  
Pattern: `(?!^[0-9]+$)([a-zA-Z0-9-_/' ']+)` 

 ** [status](#API_route53globalresolver_CreateAccessToken_ResponseSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-response-status"></a>
The operational status of the access token.  
Type: String  
Valid Values: `CREATING | OPERATIONAL | DELETING` 

 ** [value](#API_route53globalresolver_CreateAccessToken_ResponseSyntax) **   <a name="Route53GlobalResolver-route53globalresolver_CreateAccessToken-response-value"></a>
The access token value. This token should be included in DoH and DoT requests for authentication. Keep this value secure as it provides access to your Route 53 Global Resolver.  
Type: String  
Length Constraints: Minimum length of 0. Maximum length of 100.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You don't have permission to perform this operation. Check your IAM permissions and try again.  
HTTP Status Code: 403

 ** ConflictException **   
The request conflicts with the current state of the resource. This can occur when trying to modify a resource that is not in a valid state for the requested operation.    
 ** resourceId **   
The ID of the conflicting resource.  
 ** resourceType **   
The type of the conflicting resource.
HTTP Status Code: 409

 ** InternalServerException **   
An internal server error occurred. Try again later.    
 ** retryAfterSeconds **   
Number of seconds in which the caller can retry the request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
The specified resource was not found. Verify the resource ID and try again.    
 ** resourceId **   
The unique ID of the resource referenced in the failed request.  
 ** resourceType **   
The resource type of the resource referenced in the failed request.
HTTP Status Code: 404

 ** ServiceQuotaExceededException **   
The request would exceed one or more service quotas. Check your current usage and quotas, then try again.    
 ** quotaCode **   
The quota code recognized by the AWS Service Quotas service.  
 ** resourceId **   
The unique ID of the resource referenced in the failed request.  
 ** resourceType **   
The resource type of the resource referenced in the failed request.  
 ** serviceCode **   
The code for the AWS service that owns the quota.
HTTP Status Code: 402

 ** ThrottlingException **   
The request was throttled due to too many requests. Wait a moment and try again.    
 ** quotaCode **   
The quota code recognized by the AWS Service Quotas service.  
 ** retryAfterSeconds **   
Number of seconds in which the caller can retry the request.  
 ** serviceCode **   
The code for the AWS service that owns the quota.
HTTP Status Code: 429

 ** ValidationException **   
The input parameters are invalid. Check the parameter values and try again.    
 ** fieldList **   
The list of fields that aren't valid.  
 ** reason **   
Reason the request failed validation.
HTTP Status Code: 400

## See Also


For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/route53globalresolver-2022-09-27/CreateAccessToken) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/route53globalresolver-2022-09-27/CreateAccessToken) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/route53globalresolver-2022-09-27/CreateAccessToken) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/route53globalresolver-2022-09-27/CreateAccessToken) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/route53globalresolver-2022-09-27/CreateAccessToken) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/route53globalresolver-2022-09-27/CreateAccessToken) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/route53globalresolver-2022-09-27/CreateAccessToken) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/route53globalresolver-2022-09-27/CreateAccessToken) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/route53globalresolver-2022-09-27/CreateAccessToken) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/route53globalresolver-2022-09-27/CreateAccessToken)