This product(
Ims/2019-08-15) OpenAPI adopts RPC Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (78410016550) and sign under the guidance of experts. Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.
User management
| API | Title | Description |
|---|---|---|
| RAM user | RAM user | |
| CreateUser | CreateUser | Creates a RAM user. |
| GetUser | GetUser | Queries the information about a RAM user. |
| UpdateUser | UpdateUser | Modifies the information about a RAM user. |
| DeleteUser | DeleteUser | Deletes a Resource Access Management (RAM) user. |
| ListUsers | ListUsers | Queries information about all Resource Access Management (RAM) users. |
| ListUserBasicInfos | ListUserBasicInfos | Queries the basic information about all Resource Access Management (RAM) users. |
| GetAccountSummary | GetAccountSummary | Queries the overview information about an Alibaba Cloud account. |
| Logon | Logon | |
| CreateLoginProfile | CreateLoginProfile | Enables logon to the console for a Resource Access Management (RAM) user. |
| GetLoginProfile | GetLoginProfile | Queries the logon configurations of a Resource Access Management (RAM) user. |
| UpdateLoginProfile | UpdateLoginProfile | Modifies the console logon configurations of a Resource Access Management (RAM) user. |
| DeleteLoginProfile | DeleteLoginProfile | Disables logon to the console for a Resource Access Management (RAM) user. |
| ChangePassword | ChangePassword | Changes the password that is used to log on to the console for a Resource Access Management (RAM) user. |
| AccessKey | AccessKey | |
| CreateAccessKey | CreateAccessKey | Creates an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| DeleteAccessKey | DeleteAccessKey | Deletes an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| UpdateAccessKey | UpdateAccessKey | Modifies the status of an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| GetAccessKeyLastUsed | GetAccessKeyLastUsed | Queries the time when an AccessKey pair was used for the last time. |
| ListAccessKeys | ListAccessKeys | Queries the AccessKey pairs of an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| MFA | MFA | |
| GetVerificationInfo | GetVerificationInfo | Queries the status of the mobile phone or email that is bound to a Resource Access Management (RAM) user. |
| CreateVirtualMFADevice | CreateVirtualMFADevice | Creates a virtual multi-factor authentication (MFA) device. |
| ListVirtualMFADevices | ListVirtualMFADevices | Queries multi-factor authentication (MFA) devices. |
| DeleteVirtualMFADevice | DeleteVirtualMFADevice | Deletes a multi-factor authentication (MFA) device. |
| DisableVirtualMFA | DisableVirtualMFA | Unbinds and deletes a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user. |
| BindMFADevice | BindMFADevice | Binds a multi-factor authentication (MFA) device to a Resource Access Management (RAM) user. |
| UnbindMFADevice | UnbindMFADevice | Unbinds a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user. |
| GetAccountMFAInfo | GetAccountMFAInfo | Queries information about the multi-factor authentication (MFA) devices of an Alibaba Cloud account. |
| GetUserMFAInfo | GetUserMFAInfo | Queries information about the multi-factor authentication (MFA) device that is bound to a Resource Access Management (RAM) user. |
| Tag | Tag | |
| TagResources | TagResources | Adds tags to resources. |
| UntagResources | UntagResources | Removes tags from a resource. |
| ListTagResources | ListTagResources | Queries the tags that are added resources. |
User group management
| API | Title | Description |
|---|---|---|
| CreateGroup | CreateGroup | Creates a Resource Access Management (RAM) user group. |
| GetGroup | GetGroup | Queries the information about a Resource Access Management (RAM) user group. |
| UpdateGroup | UpdateGroup | Modifies information about a Resource Access Management (RAM) user group. |
| DeleteGroup | DeleteGroup | Deletes a Resource Access Management (RAM) user group. |
| ListGroups | ListGroups | Queries Resource Access Management (RAM) user groups. |
| AddUserToGroup | AddUserToGroup | Adds a Resource Access Management (RAM) user to a RAM user group. |
| RemoveUserFromGroup | RemoveUserFromGroup | Removes a Resource Access Management (RAM) user from a RAM user group. |
| ListUsersForGroup | ListUsersForGroup | Queries Resource Access Management (RAM) users in a RAM user group. |
| ListGroupsForUser | ListGroupsForUser | Queries the Resource Access Management (RAM) user groups to which a RAM user belongs. |
SSO management
| API | Title | Description |
|---|---|---|
| SetUserSsoSettings | SetUserSsoSettings | Configures information about user-based single sign-on (SSO). |
| GetUserSsoSettings | GetUserSsoSettings | Queries the configurations of user-based single sign-on (SSO). |
| CreateSAMLProvider | CreateSAMLProvider | Creates an identity provider (IdP) for role-based single sign-on (SSO). |
| DeleteSAMLProvider | DeleteSAMLProvider | Deletes an identity provider (IdP) for role-based single sign-on (SSO). |
| UpdateSAMLProvider | UpdateSAMLProvider | Modifies information about an identity provider (IdP) for role-based single sign-on (SSO). |
| GetSAMLProvider | GetSAMLProvider | Queries the information about an identity provider (IdP) for role-based single sign-on (SSO). |
| ListSAMLProviders | ListSAMLProviders | Queries information about identity providers (IdPs) for role-based single sign-on (SSO). |
| CreateOIDCProvider | CreateOIDCProvider | Creates an OpenID Connect (OIDC) identity provider (IdP) to configure a trust relationship between Alibaba Cloud and an external IdP. This topic provides an example on how to create an IdP named TestOIDCProvider to configure a trust relationship between the external IdP Okta and Alibaba Cloud. |
| GetOIDCProvider | GetOIDCProvider | Queries the information about an OIDC IdP. |
| UpdateOIDCProvider | UpdateOIDCProvider | Modifies the description and client IDs of an OpenID Connect (OIDC) identity provider (IdP). |
| ListOIDCProviders | ListOIDCProviders | Queries OIDC IdPs. |
| DeleteOIDCProvider | DeleteOIDCProvider | Deletes an OpenID Connect (OIDC) identity provider (IdP). |
| AddClientIdToOIDCProvider | AddClientIdToOIDCProvider | Adds a client ID to an OpenID Connect (OIDC) identity provider (IdP). |
| RemoveClientIdFromOIDCProvider | RemoveClientIdFromOIDCProvider | Removes a client ID from an OpenID Connect (OIDC) identity provider (IdP). |
| AddFingerprintToOIDCProvider | AddFingerprintToOIDCProvider | Adds a fingerprint to an OpenID Connect (OIDC) identity provider (IdP). |
| RemoveFingerprintFromOIDCProvider | RemoveFingerprintFromOIDCProvider | Removes a fingerprint from an OpenID Connect (OIDC) identity provider (IdP). |
OAuth management
| API | Title | Description |
|---|---|---|
| CreateApplication | CreateApplication | Creates an application. |
| GetApplication | GetApplication | Queries the configuration information about an application. |
| UpdateApplication | UpdateApplication | Modifies the information about a specified application. |
| DeleteApplication | DeleteApplication | Deletes an application. |
| ListApplications | ListApplications | Lists the created applications. |
| ListPredefinedScopes | ListPredefinedScopes | Queries predefined application permissions. |
| CreateAppSecret | CreateAppSecret | Creates an application secret for an application. |
| GetAppSecret | GetAppSecret | Queries the details of an application secret. |
| ListAppSecretIds | ListAppSecretIds | Queries the secret IDs of an application. |
| DeleteAppSecret | DeleteAppSecret | Deletes the application secret of an application. |
Security settings
| API | Title | Description |
|---|---|---|
| SetPasswordPolicy | SetPasswordPolicy | Configures the password policy for Resource Access Management (RAM) users. |
| GetPasswordPolicy | GetPasswordPolicy | Queries the details of the password policy for RAM users. |
| SetSecurityPreference | SetSecurityPreference | Configures security preferences for a RAM user. |
| GetSecurityPreference | GetSecurityPreference | Queries the security preferences for RAM users. |
| SetDefaultDomain | SetDefaultDomain | Configures the default domain name for an Alibaba Cloud account. |
| GetDefaultDomain | GetDefaultDomain | Queries the default domain name of an Alibaba Cloud account. |
| GetCredentialReport | GetCredentialReport | Queries the user credential reports of an Alibaba Cloud account. |
| GetAccountSecurityPracticeReport | GetAccountSecurityPracticeReport | Queries the security report of an Alibaba Cloud account. |
| GenerateCredentialReport | GenerateCredentialReport | Generates the user credential report of an Alibaba Cloud account. |