IDaaS provides Developer APIs that application developers use to synchronize accounts and organizations, and to manage the full employee lifecycle—onboarding, offboarding, and transfers.
Developer APIs are separate from Alibaba Cloud OpenAPI. They use application-level credentials (client_idandclient_secret) managed in the IDaaS console, and do not depend on Resource Access Management (RAM) roles.
Prerequisites
Before you begin, ensure that you have:
Administrator access to the IDaaS console
Enable API operations
Administrators control which API operations are available for each application.
In the IDaaS console, open your application and go to the IDaaS API tab.
Enable or disable the API operations you want to expose.
Go to the General tab and copy the
client_idandclient_secret.Share the
client_idandclient_secretwith your application developers. They need these credentials to call the enabled API operations.
Manage API permissions
Select scenarios in the IDaaS APIs tab to enable the corresponding API operations for your application.
Each scenario maps to a set of API operations. Enabling a scenario grants access to those operations.
Manage data permissions
Configure the Synchronization Scope parameter in the Provisioning tab to restrict which data the API can access.
Only data within the specified Synchronization Scope can be created or queried by using API operations.
What's next
Application development APIs — full API reference with endpoint details and request/response examples
IDaaS provides SDKs in multiple programming languages. Download or view the sample code in Alibaba Cloud OpenAPI Explorer and call API operations to check the result.