All Products
Search

This Product

    CloudSSO:Example of calling an API operation by using CloudSSO SDK for Python

    Document Center

    CloudSSO:Example of calling an API operation by using CloudSSO SDK for Python

    Last Updated:Jun 11, 2024

    This topic describes how to use CloudSSO SDK for Python to call the GetServiceStatus operation. This operation is used to check whether CloudSSO is activated.

    Step 1: View the API documentation

    Click the link for the GetServiceStatus operation in the List of operations by function topic to view the API reference. You can obtain information such as request parameters and permissions in the API reference.

    Step 2: Create a RAM user and grant permissions to the RAM user

    Identities

    You can call the GetServiceStatus operation by using an Alibaba Cloud account, as a Resource Access Management (RAM) user, or by assuming a RAM role. For more information about the differences among the identities, see Identity.

    In this example, a RAM user is used to call this operation.

    Log on to the RAM console and create a RAM user. For more information, see Create a RAM user.

    Credential

    On the Users page, find the RAM user that you create and click its name. In the User AccessKeys section of the Authentication tab, click Create AccessKey to create an AccessKey pair. For more information, see Create an AccessKey pair.

    Important

    The AccessKey secret of a RAM user is displayed only when the RAM user is created. You cannot view the AccessKey secret after the RAM user is created. Record the AccessKey secret and keep it confidential.

    Authorization

    1. Go to the Users page of the RAM console. Find the RAM user that you create and click Add Permissions in the Actions column.

    2. In the Grant Permission panel, enter the keyword cloudsso in the search box in the Policy section and select the required system policy based on the principle of least privilege (PoLP).

      • AliyunCloudSSOFullAccess: the management permissions of CloudSSO.

      • AliyunCloudSSOReadOnlyAccess: the read-only permissions of CloudSSO.

      Note

      If the system policies do not meet your business requirements, you can create a custom policy. For more information, see Create custom policies and RAM authorization.

      In this topic, AliyunCloudSSOReadOnlyAccess is selected.

    3. Click Grant permissions to complete the authorization.

    Step 3: Call the operation

    In this topic, CloudSSO SDK for Python is used to call this operation. You can use SDKs for other programming languages in a similar way. For more information, see CloudSSO SDK in SDK center. You can use other methods to call the API operation based on your business requirements. For more information, see Call methods.

    Install Python

    Download and install Python 3.

    After you install Python 3, run the python --version command in the terminal to check the version of Python.

    Configure environment variables

    In this example, environment variables are configured to manage the AccessKey pair. This prevents security risks that are caused by hard-coding the AccessKey pair into your business code. For more information, see Configure environment variables in Linux, macOS, and Windows.

    Install dependencies

    pip install alibabacloud_credentials
pip install alibabacloud_cloudsso20210515==1.0.2
pip install alibabacloud_tea_console

    Download sample code

    1. Go to the GetServiceStatus debugging page in OpenAPI Portal.

    2. Specify the request parameters, click Initiate Call, and then check whether the call is successful.

      In this example, no operation-specific request parameters are required.

    3. On the SDK Sample Code tab, select Python as the language. Click Download Project to download the sample code package of Service Catalog SDK for Python.

    4. Decompress the sample code package on your computer and go to the alibabacloud_sample directory.

    Run the sample code

    Run the following command:

    python sample.py

    The following sample output is returned:

    {
	"headers": {
		"date": "Thu, 13 Jul 2023 08:04:35 GMT",
		"content-type": "application/json;charset=utf-8",
		"content-length": "151",
		"connection": "keep-alive",
		"keep-alive": "timeout=25",
		"access-control-allow-origin": "*",
		"access-control-expose-headers": "*",
		"x-acs-request-id": "0E144D0A-B869-5451-AD12-16B56576****",
		"x-acs-trace-id": "202b7b433bc249690b8efc7b2070****",
		"etag": "1m1nrhLTvQdwdhKVR9B2****"
	},
	"statusCode": 200,
	"body": {
		"RequestId": "0E144D0A-B869-5451-AD12-16B56576****",
		"ServiceStatus": {
			"AccountId": "151266687691****",
			"RegionsInUse": ["cn-shanghai"],
			"Status": "Enabled"
		}
	}
}