Retrieves an authorization token. An authorization token represents your IAM authentication credentials. You can use it to access any Amazon ECR registry that your IAM principal has access to. The authorization token is valid for 12 hours. This API requires the ecr-public:GetAuthorizationToken and sts:GetServiceBearerToken permissions.

See also: AWS API Documentation

Request Syntax

response = client.get_authorization_token()
Return type
Response Syntax
    'authorizationData': {
        'authorizationToken': 'string',
        'expiresAt': datetime(2015, 1, 1)

Response Structure

  • (dict) --
    • authorizationData (dict) --

      An authorization token data object that corresponds to a public registry.

      • authorizationToken (string) --

        A base64-encoded string that contains authorization data for a public Amazon ECR registry. When the string is decoded, it's presented in the format user:password for public registry authentication using docker login .

      • expiresAt (datetime) --

        The Unix time in seconds and milliseconds when the authorization token expires. Authorization tokens are valid for 12 hours.


  • ECRPublic.Client.exceptions.ServerException
  • ECRPublic.Client.exceptions.InvalidParameterException
  • ECRPublic.Client.exceptions.UnsupportedCommandException