Example: Programmatically Update AWS S3 Credentials in Thru AFT
This guide demonstrates how to update the access and secret keys for an AWS S3 endpoint in Thru AFT using the REST API.
Prerequisites
A valid Thru AFT API key
curlfor making HTTP requestsjqfor JSON parsing (for the automated script version)
API Flow Overview
The process involves three main steps:
Retrieve organization IDs accessible to your API key
Get endpoint IDs for each organization
Update the endpoint configuration with new credentials
Basic Example
1. Get Organization IDs
First, retrieve the organizations your API key can access:
curl -X 'GET' \
'<https://us.thruinc.com/api/Organization?showDeleted=false'> \
-H 'accept: */*' \
-H 'apikey: YOUR_API_KEY'2. Get Endpoint IDs
Once you have the organization ID, get the endpoints for that organization:
curl -X 'GET' \
'<https://us.thruinc.com/api/Endpoints/getEndpoints?organizationId=YOUR_ORG_ID'> \
-H 'accept: text/plain' \
-H 'apikey: YOUR_API_KEY'3. Get Endpoint Configuration
Retrieve the current endpoint configuration:
curl -X 'GET' \
'<https://us.thruinc.com/api/Endpoints/YOUR_ENDPOINT_ID'> \
-H 'accept: text/plain' \
-H 'apikey: YOUR_API_KEY'4. Update Endpoint Credentials
Update the endpoint with new credentials:
curl '<https://us.thruinc.com/api/endpoints/SaveAndApply'> \
-X 'PUT' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json' \
-H 'apikey: YOUR_API_KEY' \
--data-raw '{
"id": YOUR_ENDPOINT_ID,
"organizationId": YOUR_ORG_ID,
"name": "YOUR_ENDPOINT_NAME",
"protocolId": 6,
"endpointTypeId": 4,
"isEnabled": true,
"description": "YOUR_DESCRIPTION",
"s3RegionTypeId": "YOUR_REGION_ID",
"s3AccessKey": "YOUR_ACCESS_KEY",
"s3BucketName": "YOUR_BUCKET_NAME",
"s3SecretKey": "YOUR_NEW_SECRET_KEY",
"s3ServiceUrl": null
}'Automated Script Example
Here's a more sophisticated script that automatically retrieves the current configuration and updates only the secret key:
#!/bin/bash
# Configuration
endpoint_id=2381 ##example##
auth_header='apikey: YOUR_API_KEY'
env_url='us.thruinc.com'
new_secret_key='your-new-secret-key'
# Get current endpoint config and parse with jq
endpoint_config=$(curl -X GET \
"<https://${env_url}/api/Endpoints/${endpoint_id}>" \
-H "${auth_header}" \
-H 'accept: text/plain' | jq '.endpoint')
# Extract values from endpoint config
org_id=$(echo "$endpoint_config" | jq -r '.organizationId')
endpoint_name=$(echo "$endpoint_config" | jq -r '.name')
description=$(echo "$endpoint_config" | jq -r '.description')
region_id=$(echo "$endpoint_config" | jq -r '.s3Configuration.amazonRegionId')
access_key=$(echo "$endpoint_config" | jq -r '.s3Configuration.accessKey')
bucket_name=$(echo "$endpoint_config" | jq -r '.s3Configuration.bucketName')
# Update endpoint with new secret key
curl "<https://${env_url}/api/endpoints/SaveAndApply>" \
-X 'PUT' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json' \
-H "${auth_header}" \
--data-raw "{
\"id\": ${endpoint_id},
\"organizationId\": ${org_id},
\"name\": \"${endpoint_name}\",
\"protocolId\": 6,
\"endpointTypeId\": 4,
\"isEnabled\": true,
\"description\": \"${description}\",
\"s3RegionTypeId\": ${region_id},
\"s3AccessKey\": \"${access_key}\",
\"s3BucketName\": \"${bucket_name}\",
\"s3SecretKey\": \"${new_secret_key}\",
\"s3ServiceUrl\": null
}"Notes
Replace
YOUR_API_KEYwith your actual Thru AFT API keyThe
protocolId: 6andendpointTypeId: 4are specific to AWS S3 endpointsThe script preserves all existing endpoint configuration while only updating the secret key
Always secure your API keys and credentials appropriately
Test in a non-production environment first
Error Handling
The API will return appropriate HTTP status codes:
200: Success
400: Bad Request (check your JSON payload)
401: Unauthorized (check your API key)
404: Not Found (check your endpoint ID)