All Products
Search
Document Center

Resource Access Management:API overview

Last Updated:Jun 29, 2026

API standards and multilingual preset SDKs

The OpenAPI of this product (Ims/2019-08-15) uses the RPC signature style. We have encapsulated SDKs for common programming languages for developers. Developers can download the SDK to directly call this product's OpenAPI without worrying about technical details. If the existing SDK does not meet your needs, you can use the signature mechanism for self-signing integration. Since the details of self-signing are very complex, it may take around 5 business days. Therefore, we recommend joining our DingTalk service group (147535001692) and conducting signature integration under expert guidance.

Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (such as SDK and CLI). For details, see Obtain an AccessKey.

Custom signature scenarios

If your business scenario has special requirements and you need to integrate the API through self-signing, we recommend consulting our technical support team first (DingTalk service group: 147535001692) to obtain professional guidance and ensure efficient integration.

Account and security preparation

Alibaba Cloud accounts have full administrative permissions over all resources. Once an AccessKey is compromised, all associated resources will be at risk of unauthorized access. To ensure security, it is recommended to create a RAM user with only API access permissions and configure its AccessKey, while configuring RAM policies based on the principle of least privilege (PoLP). Use the Alibaba Cloud account only in specific scenarios where Alibaba Cloud account permissions are explicitly required.

User management

API

Title

Description

Users Users
CreateUser CreateUser Creates a RAM user.
GetUser GetUser Queries the information about a RAM user.
UpdateUser UpdateUser Modifies the information about a RAM user.
DeleteUser DeleteUser Deletes a Resource Access Management (RAM) user.
ListUsers ListUsers Queries information about all Resource Access Management (RAM) users.
ListUserBasicInfos ListUserBasicInfos Queries the basic information about all Resource Access Management (RAM) users.
GetAccountSummary GetAccountSummary Retrieves the overview for an Alibaba Cloud account (root account).
Logon information Logon information
CreateLoginProfile CreateLoginProfile Creates a logon configuration for a Resource Access Management (RAM) user.
GetLoginProfile GetLoginProfile Queries the console logon settings for a Resource Access Management (RAM) user.
UpdateLoginProfile UpdateLoginProfile Modifies the console logon settings for a Resource Access Management (RAM) user.
DeleteLoginProfile DeleteLoginProfile Disables logon to the console for a Resource Access Management (RAM) user.
ChangePassword ChangePassword Changes the password that is used to log on to the console for a Resource Access Management (RAM) user.
Access keys Access keys
CreateAccessKey CreateAccessKey Creates an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user.
DeleteAccessKey DeleteAccessKey Deletes an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user.
UpdateAccessKey UpdateAccessKey Modifies the status of an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user.
GetAccessKeyLastUsed GetAccessKeyLastUsed Queries the time when an AccessKey pair was used for the last time.
ListAccessKeys ListAccessKeys Queries the AccessKey pairs of an Alibaba Cloud account or a Resource Access Management (RAM) user.
Multi-factor authentication Multi-factor authentication
GetVerificationInfo GetVerificationInfo Queries the status of the mobile phone or email that is bound to a Resource Access Management (RAM) user.
CreateVirtualMFADevice CreateVirtualMFADevice Creates a virtual multi-factor authentication (MFA) device.
ListVirtualMFADevices ListVirtualMFADevices Queries multi-factor authentication (MFA) devices.
DeleteVirtualMFADevice DeleteVirtualMFADevice Deletes a multi-factor authentication (MFA) device.
DisableVirtualMFA DisableVirtualMFA Unbinds and deletes a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user.
BindMFADevice BindMFADevice Binds a multi-factor authentication (MFA) device to a Resource Access Management (RAM) user.
UnbindMFADevice UnbindMFADevice Unbinds a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user.
GetAccountMFAInfo GetAccountMFAInfo Queries information about the multi-factor authentication (MFA) devices of an Alibaba Cloud account.
GetUserMFAInfo GetUserMFAInfo Queries information about the multi-factor authentication (MFA) device that is bound to a Resource Access Management (RAM) user.
SetVerificationInfo SetVerificationInfo Binds a mobile phone or email to a Resource Access Management (RAM) user.
UnbindVerification UnbindVerification Unbinds a mobile phone or email from a Resource Access Management (RAM) user.
Tags Tags
TagResources TagResources Adds tags to resources.
UntagResources UntagResources Removes tags from a resource.
ListTagResources ListTagResources Queries the tags that are added resources.
Passkeys Passkeys
UpdatePasskey UpdatePasskey Updates the name of a passkey.
ListPasskeys ListPasskeys Queries the information about the passkeys that are bound to a Resource Access Management (RAM) user.
DeletePasskey DeletePasskey Deletes a passkey for a Resource Access Management (RAM) user.
Recycle bin Recycle bin
ListUsersInRecycleBin ListUsersInRecycleBin Queries the basic information about all Resource Access Management (RAM) users in the recycle bin.
GetUserInRecycleBin GetUserInRecycleBin Queries information about a specific Resource Access Management (RAM) user in the recycle bin.
DeleteUserInRecycleBin DeleteUserInRecycleBin Deletes a specific Resource Access Management (RAM) user from the recycle bin.
RestoreUserFromRecycleBin RestoreUserFromRecycleBin Restores a specific Resource Access Management (RAM) user from the recycle bin.
ListAccessKeysInRecycleBin ListAccessKeysInRecycleBin Queries the AccessKey pairs of a specific Resource Access Management (RAM) user in the recycle bin.
GetAccessKeyInfoInRecycleBin GetAccessKeyInfoInRecycleBin Queries information about a specific AccessKey pair of a Resource Access Management (RAM) user in the recycle bin.
DeleteAccessKeyInRecycleBin DeleteAccessKeyInRecycleBin Deletes a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin.
RestoreAccessKeyFromRecycleBin RestoreAccessKeyFromRecycleBin Restores a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin.

User group management

API

Title

Description

CreateGroup CreateGroup Creates a Resource Access Management (RAM) user group.
GetGroup GetGroup Queries the information about a Resource Access Management (RAM) user group.
UpdateGroup UpdateGroup Modifies information about a Resource Access Management (RAM) user group.
DeleteGroup DeleteGroup Deletes a Resource Access Management (RAM) user group.
ListGroups ListGroups Queries Resource Access Management (RAM) user groups.
AddUserToGroup AddUserToGroup Adds a Resource Access Management (RAM) user to a RAM user group.
RemoveUserFromGroup RemoveUserFromGroup Removes a Resource Access Management (RAM) user from a RAM user group.
ListUsersForGroup ListUsersForGroup Queries Resource Access Management (RAM) users in a RAM user group.
ListGroupsForUser ListGroupsForUser Queries the Resource Access Management (RAM) user groups to which a RAM user belongs.

SSO management

API

Title

Description

SetUserSsoSettings SetUserSsoSettings Configures information about user-based single sign-on (SSO).
GetUserSsoSettings GetUserSsoSettings Queries the configurations of user-based single sign-on (SSO).
CreateSAMLProvider CreateSAMLProvider Creates an identity provider (IdP) for role-based single sign-on (SSO).
DeleteSAMLProvider DeleteSAMLProvider Deletes an identity provider (IdP) for role-based single sign-on (SSO).
UpdateSAMLProvider UpdateSAMLProvider Updates the information about a specified identity provider for role-based single sign-on (SSO).
GetSAMLProvider GetSAMLProvider Queries the information about an identity provider (IdP) for role-based single sign-on (SSO).
ListSAMLProviders ListSAMLProviders Queries information about identity providers (IdPs) for role-based single sign-on (SSO).
CreateOIDCProvider CreateOIDCProvider Creates an OpenID Connect (OIDC) identity provider (IdP) to configure a trust relationship between Alibaba Cloud and an external IdP. This topic provides an example on how to create an IdP named TestOIDCProvider to configure a trust relationship between the external IdP Okta and Alibaba Cloud.
GetOIDCProvider GetOIDCProvider Queries the information about an OIDC IdP.
UpdateOIDCProvider UpdateOIDCProvider Modifies the description and client IDs of an OpenID Connect (OIDC) identity provider (IdP).
ListOIDCProviders ListOIDCProviders Queries OIDC IdPs.
DeleteOIDCProvider DeleteOIDCProvider Deletes an OpenID Connect (OIDC) identity provider (IdP).
AddClientIdToOIDCProvider Add a specified client ID to an OIDC idP Calls AddClientIdToOIDCProvider to add a specified client ID to an OIDC IdP.
RemoveClientIdFromOIDCProvider RemoveClientIdFromOIDCProvider Removes a client ID from an OpenID Connect (OIDC) identity provider (IdP).
AddFingerprintToOIDCProvider AddFingerprintToOIDCProvider Adds a fingerprint to an OpenID Connect (OIDC) identity provider (IdP).
RemoveFingerprintFromOIDCProvider RemoveFingerprintFromOIDCProvider Removes a fingerprint from an OpenID Connect (OIDC) identity provider (IdP).

OAuth management

API

Title

Description

CreateApplication CreateApplication Creates an application.
GetApplication GetApplication Queries the configuration information of an application.
UpdateApplication UpdateApplication Modifies the configuration information of an application.
DeleteApplication DeleteApplication Deletes an application.
ListApplications ListApplications Lists the applications that you have created.
ListPredefinedScopes ListPredefinedScopes Queries predefined application permissions.
CreateAppSecret CreateAppSecret Creates an application secret for an application.
GetAppSecret GetAppSecret Queries the details of an application secret.
ListAppSecretIds ListAppSecretIds Queries the secret IDs of an application.
DeleteAppSecret DeleteAppSecret Deletes the application secret of an application.
ProvisionApplication ProvisionApplication Installs an application.
DeprovisionApplication DeprovisionApplication Uninstalls an external application or an internal application of the ServerApp type.
ListApplicationProvisionInfos ListApplicationProvisionInfos Queries installation information about all installed applications.
GetApplicationProvisionInfo GetApplicationProvisionInfo Queries installation information about a specified installed application.
ProvisionExternalApplication ProvisionExternalApplication Installs an external application.
DeprovisionExternalApplication DeprovisionExternalApplication Deletes an installed external application.
ListExternalApplications ListExternalApplications Queries information about all installed external applications.
GetExternalApplication GetExternalApplication Queries information about an installed external application.

Security settings

API

Title

Description

SetPasswordPolicy SetPasswordPolicy Set the password policy for Resource Access Management (RAM) users.
GetPasswordPolicy GetPasswordPolicy Queries the password policy for Resource Access Management (RAM) users.
SetSecurityPreference SetSecurityPreference Configure the global security preferences for a RAM user.
GetSecurityPreference GetSecurityPreference Use `GetSecurityPreference` to query the global security preferences of a RAM user.
SetDefaultDomain SetDefaultDomain Configures the default domain name for an Alibaba Cloud account.
GetDefaultDomain GetDefaultDomain Queries the default domain name of an Alibaba Cloud account.
GetCredentialReport GetCredentialReport Queries the user credential reports of an Alibaba Cloud account.
GetAccountSecurityPracticeReport GetAccountSecurityPracticeReport Queries the security report of an Alibaba Cloud account.
GenerateCredentialReport GenerateCredentialReport Generates the user credential report of an Alibaba Cloud account.

Identity and access governance

API

Title

Description