API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (Eiam-developerapi/2022-02-25) follows the ROA standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. Create a Resource Access Management (RAM) user with API-only access and use RAM policies to apply the principle of least privilege (PoLP). Alibaba Cloud accounts are only used when explicitly required.
To call APIs securely, configure the following:
A RAM user account
An AccessKey pair for the account
OIDC API
|
API |
Title |
Description |
| GenerateToken | GenerateToken | Generates an access token for an application in a specified IDaaS EIAM instance using credential information. |
| GenerateDeviceCode | GenerateDeviceCode | Generates a device code. |
| GetUserInfo | GetUserInfo | Queries the information of a user by using the user token. |
| RevokeToken | RevokeToken | Revokes an access token or refresh token. |
Provisioning Scope
|
API |
Title |
Description |
| GetApplicationProvisioningScope | GetApplicationProvisioningScope | The GetApplicationProvisioningScope operation retrieves the synchronization scope of an application in a specific instance. |
Organization
|
API |
Title |
Description |
| CreateOrganizationalUnit | CreateOrganizationalUnit | Creates an organizational unit. |
| PatchOrganizationalUnit | PatchOrganizationalUnit | Modifies an EIAM organizational unit. |
| GetOrganizationalUnit | GetOrganizationalUnit | Queries the information of an organizational unit. |
| DeleteOrganizationalUnit | DeleteOrganizationalUnit | Deletes an organizational unit. |
| ListOrganizationalUnits | ListOrganizationalUnits | Retrieves a paged list of organizations in IDaaS. |
| ListOrganizationalUnitParentIds | ListOrganizationalUnitParentIds | Queries the information of all the parent organizational units of an organizational unit. |
| GetOrganizationalUnitIdByExternalId | GetOrganizationalUnitIdByExternalId | Obtains the ID of an organizational unit based on the external ID |
User
|
API |
Title |
Description |
| CreateUser | CreateUser | You can call the CreateUser operation to create an EIAM account in a specified organization. |
| PatchUser | PatchUser | Modifies an Employee Identity and Access Management (EIAM) account. |
| GetUser | GetUser | Queries the details of an Employee Identity and Access Management (EIAM) account. |
| UpdateUserPassword | UpdateUserPassword | Updates the password for a specified EIAM account. |
| DeleteUser | DeleteUser | Deletes an Employee Identity and Access Management (EIAM) account. |
| ListUsers | ListUsers | Performs a paged query for EIAM account information. |
| EnableUser | EnableUser | Enables an Employee Identity and Access Management (EIAM) account. |
| DisableUser | DisableUser | Disables an Employee Identity and Access Management (EIAM) account. |
| GetUserIdByEmail | GetUserIdByEmail | Queries the ID of an Employee Identity and Access Management (EIAM) account by email address. |
| GetUserIdByPhoneNumber | GetUserIdByPhoneNumber | Queries the ID of an Employee Identity and Access Management (EIAM) account based on the mobile number. |
| GetUserIdByUserExternalId | GetUserIdByUserExternalId | Queries the ID of an Employee Identity and Access Management (EIAM) account based on the external ID. |
| GetUserIdByUsername | GetUserIdByUsername | Queries the ID of an Employee Identity and Access Management (EIAM) account based on the username. |
| SetUserPrimaryOrganizationalUnit | SetUserPrimaryOrganizationalUnit | Sets the primary organization for an EIAM account. This operation removes the account from the old primary organization and adds it to the new one. |
| AddUserToOrganizationalUnits | AddUserToOrganizationalUnits | Adds an EIAM account to one or more EIAM organizations. These organizations serve as subordinate organizations for the account. If the account is already a member of a specified organization, no update is performed. |
| RemoveUserFromOrganizationalUnits | RemoveUserFromOrganizationalUnits | Removes an EIAM account from one or more EIAM organizations. This operation succeeds even if the account is not a member of the specified organizations. |
| ListGroupsForUser | ListGroupsForUser | Lists the groups that an EIAM user is a member of. |
Group
|
API |
Title |
Description |
| GetGroup | GetGroup | Queries the details of a group. |
| CreateGroup | CreateGroup | Creates a group. |
| PatchGroup | PatchGroup | Modifies information about an Employee Identity and Access Management (EIAM) group. |
| DeleteGroup | DeleteGroup | Deletes a group. |
| ListGroups | ListGroups | Queries information about Employee Identity and Access Management (EIAM) groups by page. |
| AddUsersToGroup | AddUsersToGroup | Adds multiple Employee Identity and Access Management (EIAM) accounts to an EIAM group. If the accounts are already added to the specified group, no update is performed. |
| RemoveUsersFromGroup | RemoveUsersFromGroup | Removes multiple Employee Identity and Access Management (EIAM) accounts from an EIAM group. If an account does not belong to the group, the removal succeeds by default. |
| ListUsersForGroup | ListUsersForGroup | Queries accounts in an Employee Identity and Access Management (EIAM) group. |