All Products
Search

This Product

    Resource Access Management:RAM APIs

    Document Center

    Resource Access Management:RAM APIs

    Last Updated:Oct 11, 2023

    This topic describes the basic information about Resource Access Management (RAM) APIs. For more information about Alibaba Cloud APIs, see Overview.

    Overview

    RAM APIs include the Identity Management Service (IMS) API, RAM API, and Security Token Service (STS) API.

    You can call the APIs based on your business requirements. The following table describes the details of the APIs.

    Scenario

    Description

    API selection

    Difference

    User management

    Manage RAM users, AccessKey pairs, logon passwords, and multi-factor authentication (MFA) devices.

    • IMS API supports new operations. For example, you can call an IMS operation to query the time at which an AccessKey pair was last used, to modify the default domain name, and to obtain user credential reports.

    • IMS API will support new operations that are related to user management, user group management, and security settings. We recommend that you use the IMS API.

    • Some RAM operations have the same features as IMS operations. You can call these RAM operations or IMS operations to achieve the same goals.

    User group management

    Manage RAM user groups, and add or remove RAM users in RAM user groups.

    Security settings

    Manage password policies, global security preferences, default domain names, user credential reports, and security reports of Alibaba Cloud accounts.

    Policy management

    Manage policies and grant permissions to or revoke permissions from a RAM user, RAM role, or RAM user group.

    • Some RAM operations have the same features as Resource Management operations. You can call these RAM operations or Resource Management operations to achieve the same goals.

    • You can call a Resource Management operation to grant permissions on resource groups. You cannot call a RAM operation to grant permissions on resource groups.

    • Resource Management API provides operations that are related to service-linked roles.

    Role management

    Manage RAM roles.

    Role usage

    Obtain STS tokens by assuming roles.

    STS API

    None.

    Single sign-on (SSO) management

    Manage identity providers (IdPs) for user-based SSO and role-based SSO.

    IMS API

    None.

    Role-based SSO usage

    Obtain STS tokens by using role-based SSO.

    STS API

    None.

    Open authorization (OAuth) management

    Manage applications and application secrets.

    IMS API

    None.

    IMS API

    API versions

    API version

    Description

    2019-08-15

    Recommended

    Endpoints

    For more information, see Endpoints.

    User identities

    User identity

    Supported

    Alibaba Cloud account

    Yes

    RAM user (recommended)

    Yes

    RAM role (recommended)

    Yes

    We recommend that you use a RAM user or RAM role to call operations. Before you use a RAM user or RAM role to call operations, you must grant the required permissions to the RAM user or RAM role.

    Format

    Remote procedure call (RPC) API

    Call methods

    Call method

    Supported

    Description

    Alibaba Cloud SDK (recommended)

    Yes

    For more information about the programming languages supported by IMS SDKs and methods to install dependencies, see IMS SDKs.

    Alibaba Cloud CLI

    Yes

    None.

    Terraform

    Partially supported

    None.

    Resource Orchestration Service (ROS)

    Partially supported

    For more information, see List of resource types by service.

    API encapsulation

    Yes

    None.

    RAM API

    API versions

    API version

    Description

    2015-05-01

    Recommended

    Endpoints

    For more information, see Endpoints.

    User identities

    User identity

    Supported

    Alibaba Cloud account

    Yes

    RAM user (recommended)

    Yes

    RAM role (recommended)

    Yes

    We recommend that you use a RAM user or RAM role to call operations. Before you use a RAM user or RAM role to call operations, you must grant the required permissions to the RAM user or RAM role.

    Format

    RPC API

    Call methods

    Call method

    Supported

    Description

    Alibaba Cloud SDK (recommended)

    Yes

    For more information about the programming languages supported by RAM SDKs and methods to install dependencies, see RAM SDKs.

    Alibaba Cloud CLI

    Yes

    None.

    Terraform

    Partially supported

    None.

    ROS

    Partially supported

    For more information, see List of resource types by service.

    API encapsulation

    Yes

    None.

    STS API

    API versions

    API version

    Description

    2015-04-01

    Recommended

    Endpoints

    For more information, see Endpoints.

    User identities

    Operation

    Supported user identity

    AssumeRole

    RAM user and RAM role.

    AssumeRoleWithSAML

    Authentication for this operation is performed based on SAML assertions. Anonymous users can call this operation.

    AssumeRoleWithOIDC

    Authentication for this operation is performed based on OIDC tokens. Anonymous users can call this operation.

    GetCallerIdentity

    Alibaba Cloud account, RAM user, and RAM role.

    Format

    RPC API

    Call methods

    Call method

    Supported

    Description

    Alibaba Cloud SDK (recommended)

    Yes

    For more information about the programming languages supported by STS SDKs and methods to install dependencies, see STS SDKs.

    Alibaba Cloud CLI

    Yes

    None.

    Terraform

    Yes

    None.

    ROS

    No

    None.

    API encapsulation

    Yes

    None.