API standards and multilingual preset SDKs
The OpenAPI of this product (Ims/2019-08-15) uses the RPC signature style. We have encapsulated SDKs for common programming languages for developers. Developers can download the SDK to directly call this product's OpenAPI without worrying about technical details. If the existing SDK does not meet your needs, you can use the signature mechanism for self-signing integration. Since the details of self-signing are very complex, it may take around 5 business days. Therefore, we recommend joining our DingTalk service group (147535001692) and conducting signature integration under expert guidance.
Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (such as SDK and CLI). For details, see Obtain an AccessKey.
Custom signature scenarios
If your business scenario has special requirements and you need to integrate the API through self-signing, we recommend consulting our technical support team first (DingTalk service group: 147535001692) to obtain professional guidance and ensure efficient integration.
Account and security preparation
Alibaba Cloud accounts have full administrative permissions over all resources. Once an AccessKey is compromised, all associated resources will be at risk of unauthorized access. To ensure security, it is recommended to create a RAM user with only API access permissions and configure its AccessKey, while configuring RAM policies based on the principle of least privilege (PoLP). Use the Alibaba Cloud account only in specific scenarios where Alibaba Cloud account permissions are explicitly required.
User management
|
API |
Title |
Description |
| Users | Users | |
| CreateUser | CreateUser | Creates a RAM user. |
| GetUser | GetUser | Queries the information about a RAM user. |
| UpdateUser | UpdateUser | Modifies the information about a RAM user. |
| DeleteUser | DeleteUser | Deletes a Resource Access Management (RAM) user. |
| ListUsers | ListUsers | Queries information about all Resource Access Management (RAM) users. |
| ListUserBasicInfos | ListUserBasicInfos | Queries the basic information about all Resource Access Management (RAM) users. |
| GetAccountSummary | GetAccountSummary | Retrieves the overview for an Alibaba Cloud account (root account). |
| Logon information | Logon information | |
| CreateLoginProfile | CreateLoginProfile | Creates a logon configuration for a Resource Access Management (RAM) user. |
| GetLoginProfile | GetLoginProfile | Queries the console logon settings for a Resource Access Management (RAM) user. |
| UpdateLoginProfile | UpdateLoginProfile | Modifies the console logon settings for a Resource Access Management (RAM) user. |
| DeleteLoginProfile | DeleteLoginProfile | Disables logon to the console for a Resource Access Management (RAM) user. |
| ChangePassword | ChangePassword | Changes the password that is used to log on to the console for a Resource Access Management (RAM) user. |
| Access keys | Access keys | |
| CreateAccessKey | CreateAccessKey | Creates an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| DeleteAccessKey | DeleteAccessKey | Deletes an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| UpdateAccessKey | UpdateAccessKey | Modifies the status of an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| GetAccessKeyLastUsed | GetAccessKeyLastUsed | Queries the time when an AccessKey pair was used for the last time. |
| ListAccessKeys | ListAccessKeys | Queries the AccessKey pairs of an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| Multi-factor authentication | Multi-factor authentication | |
| GetVerificationInfo | GetVerificationInfo | Queries the status of the mobile phone or email that is bound to a Resource Access Management (RAM) user. |
| CreateVirtualMFADevice | CreateVirtualMFADevice | Creates a virtual multi-factor authentication (MFA) device. |
| ListVirtualMFADevices | ListVirtualMFADevices | Queries multi-factor authentication (MFA) devices. |
| DeleteVirtualMFADevice | DeleteVirtualMFADevice | Deletes a multi-factor authentication (MFA) device. |
| DisableVirtualMFA | DisableVirtualMFA | Unbinds and deletes a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user. |
| BindMFADevice | BindMFADevice | Binds a multi-factor authentication (MFA) device to a Resource Access Management (RAM) user. |
| UnbindMFADevice | UnbindMFADevice | Unbinds a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user. |
| GetAccountMFAInfo | GetAccountMFAInfo | Queries information about the multi-factor authentication (MFA) devices of an Alibaba Cloud account. |
| GetUserMFAInfo | GetUserMFAInfo | Queries information about the multi-factor authentication (MFA) device that is bound to a Resource Access Management (RAM) user. |
| SetVerificationInfo | SetVerificationInfo | Binds a mobile phone or email to a Resource Access Management (RAM) user. |
| UnbindVerification | UnbindVerification | Unbinds a mobile phone or email from a Resource Access Management (RAM) user. |
| Tags | Tags | |
| TagResources | TagResources | Adds tags to resources. |
| UntagResources | UntagResources | Removes tags from a resource. |
| ListTagResources | ListTagResources | Queries the tags that are added resources. |
| Passkeys | Passkeys | |
| UpdatePasskey | UpdatePasskey | Updates the name of a passkey. |
| ListPasskeys | ListPasskeys | Queries the information about the passkeys that are bound to a Resource Access Management (RAM) user. |
| DeletePasskey | DeletePasskey | Deletes a passkey for a Resource Access Management (RAM) user. |
| Recycle bin | Recycle bin | |
| ListUsersInRecycleBin | ListUsersInRecycleBin | Queries the basic information about all Resource Access Management (RAM) users in the recycle bin. |
| GetUserInRecycleBin | GetUserInRecycleBin | Queries information about a specific Resource Access Management (RAM) user in the recycle bin. |
| DeleteUserInRecycleBin | DeleteUserInRecycleBin | Deletes a specific Resource Access Management (RAM) user from the recycle bin. |
| RestoreUserFromRecycleBin | RestoreUserFromRecycleBin | Restores a specific Resource Access Management (RAM) user from the recycle bin. |
| ListAccessKeysInRecycleBin | ListAccessKeysInRecycleBin | Queries the AccessKey pairs of a specific Resource Access Management (RAM) user in the recycle bin. |
| GetAccessKeyInfoInRecycleBin | GetAccessKeyInfoInRecycleBin | Queries information about a specific AccessKey pair of a Resource Access Management (RAM) user in the recycle bin. |
| DeleteAccessKeyInRecycleBin | DeleteAccessKeyInRecycleBin | Deletes a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin. |
| RestoreAccessKeyFromRecycleBin | RestoreAccessKeyFromRecycleBin | Restores a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin. |
User group management
|
API |
Title |
Description |
| CreateGroup | CreateGroup | Creates a Resource Access Management (RAM) user group. |
| GetGroup | GetGroup | Queries the information about a Resource Access Management (RAM) user group. |
| UpdateGroup | UpdateGroup | Modifies information about a Resource Access Management (RAM) user group. |
| DeleteGroup | DeleteGroup | Deletes a Resource Access Management (RAM) user group. |
| ListGroups | ListGroups | Queries Resource Access Management (RAM) user groups. |
| AddUserToGroup | AddUserToGroup | Adds a Resource Access Management (RAM) user to a RAM user group. |
| RemoveUserFromGroup | RemoveUserFromGroup | Removes a Resource Access Management (RAM) user from a RAM user group. |
| ListUsersForGroup | ListUsersForGroup | Queries Resource Access Management (RAM) users in a RAM user group. |
| ListGroupsForUser | ListGroupsForUser | Queries the Resource Access Management (RAM) user groups to which a RAM user belongs. |
SSO management
|
API |
Title |
Description |
| SetUserSsoSettings | SetUserSsoSettings | Configures information about user-based single sign-on (SSO). |
| GetUserSsoSettings | GetUserSsoSettings | Queries the configurations of user-based single sign-on (SSO). |
| CreateSAMLProvider | CreateSAMLProvider | Creates an identity provider (IdP) for role-based single sign-on (SSO). |
| DeleteSAMLProvider | DeleteSAMLProvider | Deletes an identity provider (IdP) for role-based single sign-on (SSO). |
| UpdateSAMLProvider | UpdateSAMLProvider | Updates the information about a specified identity provider for role-based single sign-on (SSO). |
| GetSAMLProvider | GetSAMLProvider | Queries the information about an identity provider (IdP) for role-based single sign-on (SSO). |
| ListSAMLProviders | ListSAMLProviders | Queries information about identity providers (IdPs) for role-based single sign-on (SSO). |
| CreateOIDCProvider | CreateOIDCProvider | Creates an OpenID Connect (OIDC) identity provider (IdP) to configure a trust relationship between Alibaba Cloud and an external IdP. This topic provides an example on how to create an IdP named TestOIDCProvider to configure a trust relationship between the external IdP Okta and Alibaba Cloud. |
| GetOIDCProvider | GetOIDCProvider | Queries the information about an OIDC IdP. |
| UpdateOIDCProvider | UpdateOIDCProvider | Modifies the description and client IDs of an OpenID Connect (OIDC) identity provider (IdP). |
| ListOIDCProviders | ListOIDCProviders | Queries OIDC IdPs. |
| DeleteOIDCProvider | DeleteOIDCProvider | Deletes an OpenID Connect (OIDC) identity provider (IdP). |
| AddClientIdToOIDCProvider | Add a specified client ID to an OIDC idP | Calls AddClientIdToOIDCProvider to add a specified client ID to an OIDC IdP. |
| RemoveClientIdFromOIDCProvider | RemoveClientIdFromOIDCProvider | Removes a client ID from an OpenID Connect (OIDC) identity provider (IdP). |
| AddFingerprintToOIDCProvider | AddFingerprintToOIDCProvider | Adds a fingerprint to an OpenID Connect (OIDC) identity provider (IdP). |
| RemoveFingerprintFromOIDCProvider | RemoveFingerprintFromOIDCProvider | Removes a fingerprint from an OpenID Connect (OIDC) identity provider (IdP). |
OAuth management
|
API |
Title |
Description |
| CreateApplication | CreateApplication | Creates an application. |
| GetApplication | GetApplication | Queries the configuration information of an application. |
| UpdateApplication | UpdateApplication | Modifies the configuration information of an application. |
| DeleteApplication | DeleteApplication | Deletes an application. |
| ListApplications | ListApplications | Lists the applications that you have created. |
| ListPredefinedScopes | ListPredefinedScopes | Queries predefined application permissions. |
| CreateAppSecret | CreateAppSecret | Creates an application secret for an application. |
| GetAppSecret | GetAppSecret | Queries the details of an application secret. |
| ListAppSecretIds | ListAppSecretIds | Queries the secret IDs of an application. |
| DeleteAppSecret | DeleteAppSecret | Deletes the application secret of an application. |
| ProvisionApplication | ProvisionApplication | Installs an application. |
| DeprovisionApplication | DeprovisionApplication | Uninstalls an external application or an internal application of the ServerApp type. |
| ListApplicationProvisionInfos | ListApplicationProvisionInfos | Queries installation information about all installed applications. |
| GetApplicationProvisionInfo | GetApplicationProvisionInfo | Queries installation information about a specified installed application. |
| ProvisionExternalApplication | ProvisionExternalApplication | Installs an external application. |
| DeprovisionExternalApplication | DeprovisionExternalApplication | Deletes an installed external application. |
| ListExternalApplications | ListExternalApplications | Queries information about all installed external applications. |
| GetExternalApplication | GetExternalApplication | Queries information about an installed external application. |
Security settings
|
API |
Title |
Description |
| SetPasswordPolicy | SetPasswordPolicy | Set the password policy for Resource Access Management (RAM) users. |
| GetPasswordPolicy | GetPasswordPolicy | Queries the password policy for Resource Access Management (RAM) users. |
| SetSecurityPreference | SetSecurityPreference | Configure the global security preferences for a RAM user. |
| GetSecurityPreference | GetSecurityPreference | Use `GetSecurityPreference` to query the global security preferences of a RAM user. |
| SetDefaultDomain | SetDefaultDomain | Configures the default domain name for an Alibaba Cloud account. |
| GetDefaultDomain | GetDefaultDomain | Queries the default domain name of an Alibaba Cloud account. |
| GetCredentialReport | GetCredentialReport | Queries the user credential reports of an Alibaba Cloud account. |
| GetAccountSecurityPracticeReport | GetAccountSecurityPracticeReport | Queries the security report of an Alibaba Cloud account. |
| GenerateCredentialReport | GenerateCredentialReport | Generates the user credential report of an Alibaba Cloud account. |
Identity and access governance
|
API |
Title |
Description |