Customers accessing resources or services in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer and will reject any requests that might have been tampered with or otherwise falsely generated. Various endpoints or interfaces can be used, which can be located in the multi-tenant environment, in a customer environment, or in a separate location. These endpoints or interfaces can sign unsigned requests, or otherwise increase the credentials of a signed request, on behalf of a customer. In some embodiments, additional metadata can be added that can increase the authentication level of the requests. Such an approach can enable a customer to provide or delegate access to the resources without exposing the credentials outside a secure environment.
