API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (Eiam-developerapi/2022-02-25) follows the ROA standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. To call APIs securely, create a Resource Access Management (RAM) user with API access only, configure its AccessKey pairs, and implement the principle of least privilege (PoLP) through RAM policies. Use the Alibaba Cloud account only when its permissions are explicitly required for specific scenarios.
OIDC API
|
API |
Title |
Description |
| GenerateToken | GenerateToken | Generates an access token for an application in a specified IDaaS instance based on credential information. |
Provisioning Scope
|
API |
Title |
Description |
| GetApplicationProvisioningScope | GetApplicationProvisioningScope | The GetApplicationProvisioningScope operation retrieves the synchronization scope of an application in a specific instance. |
Organization
|
API |
Title |
Description |
| ListOrganizationalUnits | ListOrganizationalUnits | Performs a paged query to retrieve organization information from EIAM. |
User
|
API |
Title |
Description |
| CreateUser | CreateUser | You can call the CreateUser operation to create an EIAM account in a specified organization. |
| PatchUser | PatchUser | Modifies an Employee Identity and Access Management (EIAM) account. |
| GetUser | GetUser | Queries the details of an Employee Identity and Access Management (EIAM) account. |
| UpdateUserPassword | UpdateUserPassword | Updates the password for a specified EIAM account. |
| ListUsers | ListUsers | Performs a paged query for EIAM account information. |
| SetUserPrimaryOrganizationalUnit | SetUserPrimaryOrganizationalUnit | Sets the primary organization for an EIAM account. This operation removes the account from the old primary organization and adds it to the new one. |
| AddUserToOrganizationalUnits | AddUserToOrganizationalUnits | Adds an EIAM account to one or more EIAM organizations. These organizations serve as subordinate organizations for the account. If the account is already a member of a specified organization, no update is performed. |
| RemoveUserFromOrganizationalUnits | RemoveUserFromOrganizationalUnits | Removes an EIAM account from one or more EIAM organizations. This operation succeeds even if the account is not a member of the specified organizations. |
| ListGroupsForUser | ListGroupsForUser | Lists the groups that an EIAM user is a member of. |
Group
|
API |
Title |
Description |
| GetGroup | GetGroup | Queries the details of a group. |
| CreateGroup | CreateGroup | Creates a group. |
| PatchGroup | PatchGroup | Modifies information about an Employee Identity and Access Management (EIAM) group. |
| DeleteGroup | DeleteGroup | Deletes a group. |
| ListGroups | ListGroups | Queries information about Employee Identity and Access Management (EIAM) groups by page. |
| AddUsersToGroup | AddUsersToGroup | Adds multiple Employee Identity and Access Management (EIAM) accounts to an EIAM group. If the accounts are already added to the specified group, no update is performed. |
Others
|
API |
Title |
Description |
| CreateOrganizationalUnit | CreateOrganizationalUnit | Creates an organizational unit. |
| DeleteOrganizationalUnit | DeleteOrganizationalUnit | Deletes an organizational unit. |
| DeleteUser | DeleteUser | Deletes an Employee Identity and Access Management (EIAM) account. |
| DisableUser | DisableUser | Disables an Employee Identity and Access Management (EIAM) account. |
| EnableUser | EnableUser | Enables an Employee Identity and Access Management (EIAM) account. |
| GenerateDeviceCode | GenerateDeviceCode | Generates a device code. |
| GetOrganizationalUnit | GetOrganizationalUnit | Queries the information of an organizational unit. |
| GetOrganizationalUnitIdByExternalId | GetOrganizationalUnitIdByExternalId | Obtains the ID of an organizational unit based on the external ID |
| GetUserIdByEmail | GetUserIdByEmail | Queries the ID of an Employee Identity and Access Management (EIAM) account by email address. |
| GetUserIdByPhoneNumber | GetUserIdByPhoneNumber | Queries the ID of an Employee Identity and Access Management (EIAM) account based on the mobile number. |
| GetUserIdByUserExternalId | GetUserIdByUserExternalId | Queries the ID of an Employee Identity and Access Management (EIAM) account based on the external ID. |
| GetUserIdByUsername | GetUserIdByUsername | Queries the ID of an Employee Identity and Access Management (EIAM) account based on the username. |
| GetUserInfo | GetUserInfo | Queries the information of a user by using the user token. |
| ListOrganizationalUnitParentIds | ListOrganizationalUnitParentIds | Queries the information of all the parent organizational units of an organizational unit. |
| ListUsersForGroup | ListUsersForGroup | Queries accounts in an Employee Identity and Access Management (EIAM) group. |
| ObtainCloudAccountRoleAccessCredential | ObtainCloudAccountRoleAccessCredential | Obtains a temporary access credential for a cloud account role. |
| PatchOrganizationalUnit | PatchOrganizationalUnit | Modifies an EIAM organizational unit. |
| RemoveUsersFromGroup | RemoveUsersFromGroup | Removes multiple Employee Identity and Access Management (EIAM) accounts from an EIAM group. If an account does not belong to the group, the removal succeeds by default. |
| RevokeToken | RevokeToken | Revokes an access token or refresh token. |