Connect / Client / get_federation_token



Retrieves a token for federation.


This API doesn’t support root users. If you try to invoke GetFederationToken with root credentials, an error message similar to the following one appears:

Provided identity: Principal: .... User: .... cannot be used for federation with Amazon Connect

See also: AWS API Documentation

Request Syntax

response = client.get_federation_token(

InstanceId (string) –


The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

Return type:



Response Syntax

    'Credentials': {
        'AccessToken': 'string',
        'AccessTokenExpiration': datetime(2015, 1, 1),
        'RefreshToken': 'string',
        'RefreshTokenExpiration': datetime(2015, 1, 1)
    'SignInUrl': 'string',
    'UserArn': 'string',
    'UserId': 'string'

Response Structure

  • (dict) –

    • Credentials (dict) –

      The credentials to use for federation.

      • AccessToken (string) –

        An access token generated for a federated user to access Amazon Connect.

      • AccessTokenExpiration (datetime) –

        A token generated with an expiration time for the session a user is logged in to Amazon Connect.

      • RefreshToken (string) –

        Renews a token generated for a user to access the Amazon Connect instance.

      • RefreshTokenExpiration (datetime) –

        Renews the expiration timer for a generated token.

    • SignInUrl (string) –

      The URL to sign into the user’s instance.

    • UserArn (string) –

      The Amazon Resource Name (ARN) of the user.

    • UserId (string) –

      The identifier for the user.


  • Connect.Client.exceptions.InvalidRequestException

  • Connect.Client.exceptions.InvalidParameterException

  • Connect.Client.exceptions.ResourceNotFoundException

  • Connect.Client.exceptions.UserNotFoundException

  • Connect.Client.exceptions.InternalServiceException

  • Connect.Client.exceptions.DuplicateResourceException