API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (Ims/2019-08-15) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. To call APIs securely, create a Resource Access Management (RAM) user with API access only, configure its AccessKey pairs, and implement the principle of least privilege (PoLP) through RAM policies. Use the Alibaba Cloud account only when its permissions are explicitly required for specific scenarios.
User management
|
API |
Title |
Description |
| RAM user | RAM user | |
| ListUsers | ListUsers | Queries information about all Resource Access Management (RAM) users. |
| ListUserBasicInfos | ListUserBasicInfos | Queries the basic information about all Resource Access Management (RAM) users. |
| GetAccountSummary | GetAccountSummary | Retrieves a summary of an Alibaba Cloud account. |
| Logon | Logon | |
| CreateLoginProfile | CreateLoginProfile | Creates a logon configuration for a Resource Access Management (RAM) user. |
| GetLoginProfile | GetLoginProfile | Queries the console logon settings for a Resource Access Management (RAM) user. |
| UpdateLoginProfile | UpdateLoginProfile | Modifies the console logon settings for a Resource Access Management (RAM) user. |
| MFA | MFA | |
| ListVirtualMFADevices | ListVirtualMFADevices | Queries multi-factor authentication (MFA) devices. |
User group management
|
API |
Title |
Description |
| ListGroups | ListGroups | Queries Resource Access Management (RAM) user groups. |
SSO management
|
API |
Title |
Description |
| SetUserSsoSettings | SetUserSsoSettings | Sets the identity provider (IdP) settings for user-based single sign-on (SSO). |
| GetUserSsoSettings | GetUserSsoSettings | Queries the identity provider settings for user-based SSO. |
| CreateSAMLProvider | CreateSAMLProvider | Creates an identity provider (IdP) for role-based single sign-on (SSO). |
| UpdateSAMLProvider | UpdateSAMLProvider | Updates the information about a specified identity provider for role-based single sign-on (SSO). |
| GetSAMLProvider | GetSAMLProvider | Retrieves information about a specified SAML provider for role-based SSO. |
| CreateOIDCProvider | CreateOIDCProvider | Creates an OpenID Connect (OIDC) identity provider (IdP) to configure a trust relationship between Alibaba Cloud and an external IdP. This topic provides an example on how to create an IdP named TestOIDCProvider to configure a trust relationship between the external IdP Okta and Alibaba Cloud. |
OAuth management
|
API |
Title |
Description |
| CreateApplication | CreateApplication | Creates an application. |
| GetApplication | GetApplication | Queries the configuration information of a specified application. |
| UpdateApplication | UpdateApplication | Updates the configuration of a specified application. |
| ListApplications | ListApplications | Lists the applications that you have created. |
| ListPredefinedScopes | ListPredefinedScopes | Queries predefined application permissions. |
| ListApplicationProvisionInfos | ListApplicationProvisionInfos | Queries installation information about all installed applications. |
| ListExternalApplications | ListExternalApplications | Queries information about all installed external applications. |
Security management
|
API |
Title |
Description |
| SetPasswordPolicy | SetPasswordPolicy | Set the password policy for Resource Access Management (RAM) users. |
| GetPasswordPolicy | GetPasswordPolicy | Queries the password policy for Resource Access Management (RAM) users. |
| SetSecurityPreference | SetSecurityPreference | Configures the global security preferences for a Resource Access Management (RAM) user. |
| GetSecurityPreference | GetSecurityPreference | Queries the global security preferences for Resource Access Management (RAM) users. |
Others
|
API |
Title |
Description |
| AddClientIdToOIDCProvider | AddClientIdToOIDCProvider | Adds a client ID to an OpenID Connect (OIDC) identity provider (IdP). |
| AddFingerprintToOIDCProvider | AddFingerprintToOIDCProvider | Adds a fingerprint to an OpenID Connect (OIDC) identity provider (IdP). |
| AddUserToGroup | AddUserToGroup | Adds a Resource Access Management (RAM) user to a RAM user group. |
| BindMFADevice | BindMFADevice | Binds a multi-factor authentication (MFA) device to a Resource Access Management (RAM) user. |
| ChangePassword | ChangePassword | Changes the password that is used to log on to the console for a Resource Access Management (RAM) user. |
| CreateAccessKey | CreateAccessKey | Creates an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| CreateAppSecret | CreateAppSecret | Creates an application secret for an application. |
| CreateGroup | CreateGroup | Creates a Resource Access Management (RAM) user group. |
| CreateUser | CreateUser | Creates a RAM user. |
| CreateVirtualMFADevice | CreateVirtualMFADevice | Creates a virtual multi-factor authentication (MFA) device. |
| DeleteAccessKey | DeleteAccessKey | Deletes an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| DeleteAccessKeyInRecycleBin | DeleteAccessKeyInRecycleBin | Deletes a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin. |
| DeleteAppSecret | DeleteAppSecret | Deletes the application secret of an application. |
| DeleteApplication | DeleteApplication | Deletes an application. |
| DeleteGroup | DeleteGroup | Deletes a Resource Access Management (RAM) user group. |
| DeleteLoginProfile | DeleteLoginProfile | Disables logon to the console for a Resource Access Management (RAM) user. |
| DeleteOIDCProvider | DeleteOIDCProvider | Deletes an OpenID Connect (OIDC) identity provider (IdP). |
| DeletePasskey | DeletePasskey | Deletes a passkey for a Resource Access Management (RAM) user. |
| DeleteSAMLProvider | DeleteSAMLProvider | Deletes an identity provider (IdP) for role-based single sign-on (SSO). |
| DeleteUser | DeleteUser | Deletes a Resource Access Management (RAM) user. |
| DeleteUserInRecycleBin | DeleteUserInRecycleBin | Deletes a specific Resource Access Management (RAM) user from the recycle bin. |
| DeleteVirtualMFADevice | DeleteVirtualMFADevice | Deletes a multi-factor authentication (MFA) device. |
| DeprovisionApplication | DeprovisionApplication | Uninstalls an external application or an internal application of the ServerApp type. |
| DeprovisionExternalApplication | DeprovisionExternalApplication | Deletes an installed external application. |
| DisableVirtualMFA | DisableVirtualMFA | Unbinds and deletes a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user. |
| GenerateCredentialReport | GenerateCredentialReport | Generates the user credential report of an Alibaba Cloud account. |
| GetAccessKeyInfoInRecycleBin | GetAccessKeyInfoInRecycleBin | Queries information about a specific AccessKey pair of a Resource Access Management (RAM) user in the recycle bin. |
| GetAccessKeyLastUsed | GetAccessKeyLastUsed | Queries the time when an AccessKey pair was used for the last time. |
| GetAccountMFAInfo | GetAccountMFAInfo | Queries information about the multi-factor authentication (MFA) devices of an Alibaba Cloud account. |
| GetAccountSecurityPracticeReport | GetAccountSecurityPracticeReport | Queries the security report of an Alibaba Cloud account. |
| GetAppSecret | GetAppSecret | Queries the details of an application secret. |
| GetApplicationProvisionInfo | GetApplicationProvisionInfo | Queries installation information about a specified installed application. |
| GetCredentialReport | GetCredentialReport | Queries the user credential reports of an Alibaba Cloud account. |
| GetDefaultDomain | GetDefaultDomain | Queries the default domain name of an Alibaba Cloud account. |
| GetExternalApplication | GetExternalApplication | Queries information about an installed external application. |
| GetGroup | GetGroup | Queries the information about a Resource Access Management (RAM) user group. |
| GetOIDCProvider | GetOIDCProvider | Queries the information about an OIDC IdP. |
| GetUser | GetUser | Queries the information about a RAM user. |
| GetUserInRecycleBin | GetUserInRecycleBin | Queries information about a specific Resource Access Management (RAM) user in the recycle bin. |
| GetUserMFAInfo | GetUserMFAInfo | Queries information about the multi-factor authentication (MFA) device that is bound to a Resource Access Management (RAM) user. |
| GetVerificationInfo | GetVerificationInfo | Queries the status of the mobile phone or email that is bound to a Resource Access Management (RAM) user. |
| ListAccessKeys | ListAccessKeys | Queries the AccessKey pairs of an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| ListAccessKeysInRecycleBin | ListAccessKeysInRecycleBin | Queries the AccessKey pairs of a specific Resource Access Management (RAM) user in the recycle bin. |
| ListAppSecretIds | ListAppSecretIds | Queries the secret IDs of an application. |
| ListGroupsForUser | ListGroupsForUser | Queries the Resource Access Management (RAM) user groups to which a RAM user belongs. |
| ListOIDCProviders | ListOIDCProviders | Queries OIDC IdPs. |
| ListPasskeys | ListPasskeys | Queries the information about the passkeys that are bound to a Resource Access Management (RAM) user. |
| ListSAMLProviders | ListSAMLProviders | Queries information about identity providers (IdPs) for role-based single sign-on (SSO). |
| ListTagResources | ListTagResources | Queries the tags that are added resources. |
| ListUsersForGroup | ListUsersForGroup | Queries Resource Access Management (RAM) users in a RAM user group. |
| ListUsersInRecycleBin | ListUsersInRecycleBin | Queries the basic information about all Resource Access Management (RAM) users in the recycle bin. |
| ProvisionApplication | ProvisionApplication | Installs an application. |
| ProvisionExternalApplication | ProvisionExternalApplication | Installs an external application. |
| RemoveClientIdFromOIDCProvider | RemoveClientIdFromOIDCProvider | Removes a client ID from an OpenID Connect (OIDC) identity provider (IdP). |
| RemoveFingerprintFromOIDCProvider | RemoveFingerprintFromOIDCProvider | Removes a fingerprint from an OpenID Connect (OIDC) identity provider (IdP). |
| RemoveUserFromGroup | RemoveUserFromGroup | Removes a Resource Access Management (RAM) user from a RAM user group. |
| RestoreAccessKeyFromRecycleBin | RestoreAccessKeyFromRecycleBin | Restores a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin. |
| RestoreUserFromRecycleBin | RestoreUserFromRecycleBin | Restores a specific Resource Access Management (RAM) user from the recycle bin. |
| SetDefaultDomain | SetDefaultDomain | Configures the default domain name for an Alibaba Cloud account. |
| SetVerificationInfo | SetVerificationInfo | Binds a mobile phone or email to a Resource Access Management (RAM) user. |
| TagResources | TagResources | Adds tags to resources. |
| UnbindMFADevice | UnbindMFADevice | Unbinds a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user. |
| UnbindVerification | UnbindVerification | Unbinds a mobile phone or email from a Resource Access Management (RAM) user. |
| UntagResources | UntagResources | Removes tags from a resource. |
| UpdateAccessKey | UpdateAccessKey | Modifies the status of an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| UpdateGroup | UpdateGroup | Modifies information about a Resource Access Management (RAM) user group. |
| UpdateOIDCProvider | UpdateOIDCProvider | Modifies the description and client IDs of an OpenID Connect (OIDC) identity provider (IdP). |
| UpdatePasskey | UpdatePasskey | Updates the name of a passkey. |
| UpdateUser | UpdateUser | Modifies the information about a RAM user. |