API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (Eiam-developerapi/2022-02-25) follows the ROA standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. To call APIs securely, create a Resource Access Management (RAM) user with API access only, configure its AccessKey pairs, and implement the principle of least privilege (PoLP) through RAM policies. Use the Alibaba Cloud account only when its permissions are explicitly required for specific scenarios.
API list
|
API |
Title |
Description |
| AddUserToOrganizationalUnits | AddUserToOrganizationalUnits | Adds an EIAM account to one or more EIAM organizations. These organizations serve as subordinate organizations for the account. If the account is already a member of a specified organization, no update is performed. |
| AddUsersToGroup | AddUsersToGroup | Adds multiple Employee Identity and Access Management (EIAM) accounts to an EIAM group. If the accounts are already added to the specified group, no update is performed. |
| CreateGroup | CreateGroup | Creates a group. |
| CreateOrganizationalUnit | CreateOrganizationalUnit | Creates an organizational unit. |
| CreateUser | CreateUser | You can call the CreateUser operation to create an EIAM account in a specified organization. |
| DeleteGroup | DeleteGroup | Deletes a group. |
| DeleteOrganizationalUnit | DeleteOrganizationalUnit | Deletes an organizational unit. |
| DeleteUser | DeleteUser | Deletes an Employee Identity and Access Management (EIAM) account. |
| DisableUser | DisableUser | Disables an Employee Identity and Access Management (EIAM) account. |
| EnableUser | EnableUser | Enables an Employee Identity and Access Management (EIAM) account. |
| FetchOAuthAuthenticationToken | FetchOAuthAuthenticationToken | Fetches a valid OAuth authentication token. |
| GenerateDeviceCode | GenerateDeviceCode | Generates a device code. |
| GenerateJwtAuthenticationToken | GenerateJwtAuthenticationToken | Generates a JSON Web Token (JWT) authentication token. |
| GenerateToken | GenerateToken | Generates an access token for an application in a specified IDaaS instance based on credential information. |
| GenerateTokenByAuthorizationServer | GenerateTokenByAuthorizationServer | The token endpoint for an instance-level authorization server. |
| GetApplicationProvisioningScope | GetApplicationProvisioningScope | The GetApplicationProvisioningScope operation retrieves the synchronization scope of an application in a specific instance. |
| GetGroup | GetGroup | Retrieves the details of a group. |
| GetOrganizationalUnit | GetOrganizationalUnit | Retrieves the information about an organizational unit. |
| GetOrganizationalUnitIdByExternalId | GetOrganizationalUnitIdByExternalId | Obtains the ID of an organizational unit based on the external ID |
| GetUser | GetUser | Retrieves the details of an Employee Identity and Access Management (EIAM) account. |
| GetUserIdByEmail | GetUserIdByEmail | Queries the ID of an Employee Identity and Access Management (EIAM) account by email address. |
| GetUserIdByPhoneNumber | GetUserIdByPhoneNumber | Queries the ID of an Employee Identity and Access Management (EIAM) account based on the mobile number. |
| GetUserIdByUserExternalId | GetUserIdByUserExternalId | Queries the ID of an Employee Identity and Access Management (EIAM) account based on the external ID. |
| GetUserIdByUsername | GetUserIdByUsername | Queries the ID of an Employee Identity and Access Management (EIAM) account based on the username. |
| GetUserInfo | GetUserInfo | Retrieves the information about a user by using the user token. |
| ListAuthenticationTokens | ListAuthenticationTokens | Lists authentication tokens. |
| ListGroups | ListGroups | Retrieves information about Employee Identity and Access Management (EIAM) groups by page. |
| ListGroupsForUser | ListGroupsForUser | Lists the groups that an EIAM user is a member of. |
| ListOrganizationalUnitParentIds | ListOrganizationalUnitParentIds | Retrieves the information about all the parent organizational units of an organizational unit. |
| ListOrganizationalUnits | ListOrganizationalUnits | Performs a paged query to retrieve organization information from EIAM. |
| ListUsers | ListUsers | Performs a paged query for EIAM account information. |
| ListUsersForGroup | ListUsersForGroup | Queries accounts in an Employee Identity and Access Management (EIAM) group. |
| ObtainCloudAccountRoleAccessCredential | ObtainCloudAccountRoleAccessCredential | Gets temporary access credentials for a `CloudAccountRole`. |
| ObtainJwtAuthenticationTokenByDerivedShortToken | ObtainJwtAuthenticationTokenByDerivedShortToken | Obtain a JWT authentication token using a derived short token. |
| PatchGroup | PatchGroup | Modifies information about an Employee Identity and Access Management (EIAM) group. |
| PatchOrganizationalUnit | PatchOrganizationalUnit | Modifies an EIAM organizational unit. |
| PatchUser | PatchUser | Modifies an Employee Identity and Access Management (EIAM) account. |
| ReinstateAuthenticationToken | ReinstateAuthenticationToken | Reinstate an authentication token. |
| ReinstateAuthenticationTokenByConsumer | ReinstateAuthenticationTokenByConsumer | Reinstate an authentication token for a consumer. |
| RemoveUserFromOrganizationalUnits | RemoveUserFromOrganizationalUnits | Removes an EIAM account from one or more EIAM organizations. This operation succeeds even if the account is not a member of the specified organizations. |
| RemoveUsersFromGroup | RemoveUsersFromGroup | Removes multiple Employee Identity and Access Management (EIAM) accounts from an EIAM group. If an account does not belong to the group, the removal succeeds by default. |
| RevokeAuthenticationToken | RevokeAuthenticationToken | Revokes an authentication token. |
| RevokeAuthenticationTokenByConsumer | RevokeAuthenticationTokenByConsumer | Revokes an authentication token for a consumer. |
| RevokeToken | RevokeToken | Revokes an access token or refresh token. |
| SetUserPrimaryOrganizationalUnit | SetUserPrimaryOrganizationalUnit | Sets the primary organization for an EIAM account. This operation removes the account from the old primary organization and adds it to the new one. |
| UpdateUserPassword | UpdateUserPassword | Updates the password for a specified EIAM account. |
| ValidateAuthenticationToken | ValidateAuthenticationToken | Validates an authentication token. |