IDaaS provides Developer API operations to application developers.
You can use these API operations to synchronize accounts and organizations to IDaaS, and implement lifecycle management that covers employee onboarding, offboarding, and transfer.
The IDaaS administrator has all management permissions on applications. The administrator can specify whether to enable the API operations and manage the permissions on the operations.
Enable API operations
You can enable or disable API operations for a specified application in the IDaaS API tab.
After you enable an API operation, provide the client_id and client_secret obtained from the General tab to application developers. After permissions are configured, the API operation can be called.
Manage API Permissions
The administrator can manage permissions on the API operations of an application.
Note: The Developer APIs in IDaaS are different from Alibaba Cloud OpenAPI and depend on the key of the application in IDaaS. The permissions to call these API operations are managed in the IDaaS console. The permissions for the Developer APIs do not depend on the Resource Access Management (RAM) roles.
In the IDaaS APIs tab, you can select scenarios. The API operations corresponding to these scenarios are enabled.
Manage data permissions
You can configure the Synchronization Scope parameter in the Provisioning tab to limit the available data scope.
Only data within the specified Synchronization Scope can be created or queried by using API operations.
You can manage the Synchronization Scope in the Provisioning tab.
Development
For more information, see Application development APIs.
IDaaS provides SDKs in multiple programming languages. You can download or view the sample code in Alibaba Cloud OpenAPI Explorer and call API operations to check the result.