Create SASL users - ApsaraMQ for Kafka - Alibaba Cloud Documentation Center

Creates a Simple Authentication and Security Layer (SASL) user.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Authorization information

The following table describes the authorization information corresponding to this API operation. The authorization information can be used in the Action policy element to grant a Resource Access Management (RAM) user or a RAM role the permissions to call the API operation. Take note of the following items:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are highlighted.
- If the permissions cannot be granted at the resource level, All resources is used in the Resource type column of the operation.
Condition key: the condition key that is defined by the Alibaba Cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation

Access level

Resource type

Condition key

Associated operation

alikafka:CreateSaslUser

create

Instance

acs:alikafka:{#regionId}:{#accountId}:{#InstanceId}

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The region ID.	cn-hangzhou
InstanceId	string	Yes	The instance ID.	alikafka_pre-cn-v0h1cng0****
Username	string	Yes	The username of the SASL user.	test***
Password	string	Yes	The password of the SASL user.	12***
Type	string	No	The verification type. Valid values: plain: a simple mechanism that uses usernames and passwords to verify user identities. ApsaraMQ for Kafka provides an improved PLAIN mechanism that allows you to dynamically add SASL users without the need to restart an instance. scram: a mechanism that uses usernames and passwords to verify user identities. Compared with the PLAIN mechanism, this mechanism provides higher security. ApsaraMQ for Kafka uses the SCRAM-SHA-256 algorithm. LDAP: a Lightweight Directory Access Protocol (LDAP) mechanism. This value is available only when you create SASL users for ApsaraMQ for Confluent instances. Default value: plain.	plain
Mechanism	string	No	The encryption method. Valid values: SCRAM-SHA-512 (default) SCRAM-SHA-256 Note This parameter is available only for serverless ApsaraMQ for Kafka instances.	SCRAM-SHA-256

Response parameters

Parameter	Data type	Description	Example
	object
Code	integer	The response code. The value 200 indicates that the request was successful.	200
Message	string	The response message.	operation success.
RequestId	string	The request ID.	C5CA600C-7D5A-45B5-B6DB-44FAC2C****
Success	boolean	Indicates whether the request was successful.	true

Examples

Sample success responses

JSON format

{
  "Code": 200,
  "Message": "operation success.",
  "RequestId": "C5CA600C-7D5A-45B5-B6DB-44FAC2C****",
  "Success": true
}

Error codes

For information about error codes, see Common error codes.

Change history

Effective date	Content	Operation
2024-04-02	The error codes and input parameters of the API operation are modified.	View change details