API overview of RAM - Resource Access Management - Alibaba Cloud Documentation Center

RAM provides three API sets for different use cases: IMS (identity management), RAM (policies and roles), and STS (temporary security tokens). For more information about Alibaba Cloud APIs, see Overview.

Overview

RAM provides three API sets: IMS, RAM, and STS.

Select an API based on your scenario.

Scenario	Description	API selection	Difference
User management	Manage RAM users, AccessKey pairs, logon passwords, and MFA devices.	IMS API RAM API	IMS API supports additional operations such as querying AccessKey pair last-used time, modifying default domain names, and obtaining credential reports. New user, user group, and security operations will be added to IMS API. We recommend that you use IMS API. Some RAM and IMS operations overlap and produce the same result.
User group management	Manage RAM user groups and their members.
Security settings	Manage password policies, global security preferences, default domain names, user credential reports, and account security reports.
Policy management	Manage policies and grant or revoke permissions for RAM users, roles, and user groups.	RAM API Resource Management API	Some RAM and Resource Management operations overlap and produce the same result. Only Resource Management API supports resource group-level permissions. Resource Management API also provides service-linked role operations.
Role management	Manage RAM roles.	RAM API Resource Management API
Role usage	Obtain STS tokens by assuming roles.	STS API	None.
Single sign-on (SSO) management	Manage identity providers (IdPs) for user-based and role-based SSO.	IMS API	None.
Role-based SSO usage	Obtain STS tokens by using role-based SSO.	STS API	None.
Open authorization (OAuth) management	Manage applications and application secrets.	IMS API	None.

IMS API

API versions

API version	Description
2019-08-15	Recommended.

Endpoints

For more information, see Endpoints.

User identities

User identity	Supported
Alibaba Cloud account	Yes
RAM user (recommended)	Yes
RAM role (recommended)	Yes

We recommend that you use a RAM user or RAM role to call operations. Grant the required permissions before making API calls.

Format

Remote procedure call (RPC) API

Call methods

Call method	Supported	Description
Alibaba Cloud SDK (recommended)	Yes	Supported languages and dependencies:IMS SDKs.
Alibaba Cloud CLI	Yes	None.
Terraform	Partially supported	Supported resources: Terraform Registry.
Resource Orchestration Service (ROS)	Partially supported	For more information, see Resource type index.
Custom encapsulation	Yes	None.

RAM API

API versions

API version	Description
2015-05-01	Recommended.

Endpoints

For more information, see Endpoints.

User identities

User identity	Supported
Alibaba Cloud account	Yes
RAM user (recommended)	Yes
RAM role (recommended)	Yes

We recommend that you use a RAM user or RAM role to call operations. Grant the required permissions before making API calls.

Format

RPC API

Call methods

Call method	Supported	Description
Alibaba Cloud SDK (recommended)	Yes	Supported languages and dependencies:RAM SDKs.
Alibaba Cloud CLI	Yes	None.
Terraform	Partially supported	Supported resources: Terraform Registry.
Resource Orchestration Service (ROS)	Partially supported	For more information, see Resource type index.
Custom encapsulation	Yes	None.

STS API

API versions

API version	Description
2015-04-01	Recommended.

Endpoints

For more information, see Endpoints.

User identities

Interface	Supported user identity
AssumeRole	RAM user and RAM role.
AssumeRoleWithSAML	Authenticated via SAML assertions. Anonymous access supported.
AssumeRoleWithOIDC	Authenticated via OIDC tokens. Anonymous access supported.
GetCallerIdentity	Alibaba Cloud account, RAM user, and RAM role.

Format

RPC API

Call methods

Call method	Supported	Description
Alibaba Cloud SDK (recommended)	Yes	Supported languages and dependencies:STS SDKs.
Alibaba Cloud CLI	Yes	None.
Terraform	Yes	None.
Resource Orchestration Service (ROS)	Not supported.	None.
Custom encapsulation	Yes	None.