API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (Ims/2019-08-15) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. Create a Resource Access Management (RAM) user with API-only access and use RAM policies to apply the principle of least privilege (PoLP). Alibaba Cloud accounts are only used when explicitly required.
To call APIs securely, configure the following:
A RAM user account
An AccessKey pair for the account
User management
|
API |
Title |
Description |
| RAM user | RAM user | |
| CreateUser | CreateUser | Creates a RAM user. |
| GetUser | GetUser | Queries the information about a RAM user. |
| UpdateUser | UpdateUser | Modifies the information about a RAM user. |
| DeleteUser | DeleteUser | Deletes a Resource Access Management (RAM) user. |
| ListUsers | ListUsers | Queries information about all Resource Access Management (RAM) users. |
| ListUserBasicInfos | ListUserBasicInfos | Queries the basic information about all Resource Access Management (RAM) users. |
| GetAccountSummary | GetAccountSummary | Retrieves a summary of an Alibaba Cloud account. |
| Logon | Logon | |
| CreateLoginProfile | CreateLoginProfile | Enables logon to the console for a Resource Access Management (RAM) user. |
| GetLoginProfile | GetLoginProfile | Queries the logon configurations of a Resource Access Management (RAM) user. |
| UpdateLoginProfile | UpdateLoginProfile | Modifies the console logon configurations of a Resource Access Management (RAM) user. |
| DeleteLoginProfile | DeleteLoginProfile | Disables logon to the console for a Resource Access Management (RAM) user. |
| ChangePassword | ChangePassword | Changes the password that is used to log on to the console for a Resource Access Management (RAM) user. |
| AccessKey | AccessKey | |
| CreateAccessKey | CreateAccessKey | Creates an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| DeleteAccessKey | DeleteAccessKey | Deletes an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| UpdateAccessKey | UpdateAccessKey | Modifies the status of an AccessKey pair for an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| GetAccessKeyLastUsed | GetAccessKeyLastUsed | Queries the time when an AccessKey pair was used for the last time. |
| ListAccessKeys | ListAccessKeys | Queries the AccessKey pairs of an Alibaba Cloud account or a Resource Access Management (RAM) user. |
| MFA | MFA | |
| GetVerificationInfo | GetVerificationInfo | Queries the status of the mobile phone or email that is bound to a Resource Access Management (RAM) user. |
| CreateVirtualMFADevice | CreateVirtualMFADevice | Creates a virtual multi-factor authentication (MFA) device. |
| ListVirtualMFADevices | ListVirtualMFADevices | Queries multi-factor authentication (MFA) devices. |
| DeleteVirtualMFADevice | DeleteVirtualMFADevice | Deletes a multi-factor authentication (MFA) device. |
| DisableVirtualMFA | DisableVirtualMFA | Unbinds and deletes a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user. |
| BindMFADevice | BindMFADevice | Binds a multi-factor authentication (MFA) device to a Resource Access Management (RAM) user. |
| UnbindMFADevice | UnbindMFADevice | Unbinds a multi-factor authentication (MFA) device from a Resource Access Management (RAM) user. |
| GetAccountMFAInfo | GetAccountMFAInfo | Queries information about the multi-factor authentication (MFA) devices of an Alibaba Cloud account. |
| GetUserMFAInfo | GetUserMFAInfo | Queries information about the multi-factor authentication (MFA) device that is bound to a Resource Access Management (RAM) user. |
| SetVerificationInfo | SetVerificationInfo | Binds a mobile phone or email to a Resource Access Management (RAM) user. |
| UnbindVerification | UnbindVerification | Unbinds a mobile phone or email from a Resource Access Management (RAM) user. |
| Tag | Tag | |
| TagResources | TagResources | Adds tags to resources. |
| UntagResources | UntagResources | Removes tags from a resource. |
| ListTagResources | ListTagResources | Queries the tags that are added resources. |
| Passkey | Passkey | |
| UpdatePasskey | UpdatePasskey | Updates the name of a passkey. |
| ListPasskeys | ListPasskeys | Queries the information about the passkeys that are bound to a Resource Access Management (RAM) user. |
| DeletePasskey | DeletePasskey | Deletes a passkey for a Resource Access Management (RAM) user. |
| Recycle bin | Recycle bin | |
| ListUsersInRecycleBin | ListUsersInRecycleBin | Queries the basic information about all Resource Access Management (RAM) users in the recycle bin. |
| GetUserInRecycleBin | GetUserInRecycleBin | Queries information about a specific Resource Access Management (RAM) user in the recycle bin. |
| DeleteUserInRecycleBin | DeleteUserInRecycleBin | Deletes a specific Resource Access Management (RAM) user from the recycle bin. |
| RestoreUserFromRecycleBin | RestoreUserFromRecycleBin | Restores a specific Resource Access Management (RAM) user from the recycle bin. |
| ListAccessKeysInRecycleBin | ListAccessKeysInRecycleBin | Queries the AccessKey pairs of a specific Resource Access Management (RAM) user in the recycle bin. |
| GetAccessKeyInfoInRecycleBin | GetAccessKeyInfoInRecycleBin | Queries information about a specific AccessKey pair of a Resource Access Management (RAM) user in the recycle bin. |
| DeleteAccessKeyInRecycleBin | DeleteAccessKeyInRecycleBin | Deletes a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin. |
| RestoreAccessKeyFromRecycleBin | RestoreAccessKeyFromRecycleBin | Restores a specific AccessKey pair that belongs to a Resource Access Management (RAM) user from the recycle bin. |
User group management
|
API |
Title |
Description |
| CreateGroup | CreateGroup | Creates a Resource Access Management (RAM) user group. |
| GetGroup | GetGroup | Queries the information about a Resource Access Management (RAM) user group. |
| UpdateGroup | UpdateGroup | Modifies information about a Resource Access Management (RAM) user group. |
| DeleteGroup | DeleteGroup | Deletes a Resource Access Management (RAM) user group. |
| ListGroups | ListGroups | Queries Resource Access Management (RAM) user groups. |
| AddUserToGroup | AddUserToGroup | Adds a Resource Access Management (RAM) user to a RAM user group. |
| RemoveUserFromGroup | RemoveUserFromGroup | Removes a Resource Access Management (RAM) user from a RAM user group. |
| ListUsersForGroup | ListUsersForGroup | Queries Resource Access Management (RAM) users in a RAM user group. |
| ListGroupsForUser | ListGroupsForUser | Queries the Resource Access Management (RAM) user groups to which a RAM user belongs. |
SSO management
|
API |
Title |
Description |
| SetUserSsoSettings | SetUserSsoSettings | Sets the identity provider information for user-based SSO. |
| GetUserSsoSettings | GetUserSsoSettings | Queries the settings for user-based single sign-on (SSO). |
| CreateSAMLProvider | CreateSAMLProvider | Creates an identity provider configuration for role-based single sign-on (SSO). |
| DeleteSAMLProvider | DeleteSAMLProvider | Deletes an identity provider (IdP) for role-based single sign-on (SSO). |
| UpdateSAMLProvider | UpdateSAMLProvider | Updates the details of a specified identity provider for role-based SSO. |
| GetSAMLProvider | GetSAMLProvider | Retrieves information about a specified identity provider for role-based SSO. |
| ListSAMLProviders | ListSAMLProviders | Queries information about identity providers (IdPs) for role-based single sign-on (SSO). |
| CreateOIDCProvider | CreateOIDCProvider | Creates an OpenID Connect (OIDC) identity provider (IdP) to configure a trust relationship between Alibaba Cloud and an external IdP. This topic provides an example on how to create an IdP named TestOIDCProvider to configure a trust relationship between the external IdP Okta and Alibaba Cloud. |
| GetOIDCProvider | GetOIDCProvider | Queries the information about an OIDC IdP. |
| UpdateOIDCProvider | UpdateOIDCProvider | Modifies the description and client IDs of an OpenID Connect (OIDC) identity provider (IdP). |
| ListOIDCProviders | ListOIDCProviders | Queries OIDC IdPs. |
| DeleteOIDCProvider | DeleteOIDCProvider | Deletes an OpenID Connect (OIDC) identity provider (IdP). |
| AddClientIdToOIDCProvider | AddClientIdToOIDCProvider | Adds a client ID to an OpenID Connect (OIDC) identity provider (IdP). |
| RemoveClientIdFromOIDCProvider | RemoveClientIdFromOIDCProvider | Removes a client ID from an OpenID Connect (OIDC) identity provider (IdP). |
| AddFingerprintToOIDCProvider | AddFingerprintToOIDCProvider | Adds a fingerprint to an OpenID Connect (OIDC) identity provider (IdP). |
| RemoveFingerprintFromOIDCProvider | RemoveFingerprintFromOIDCProvider | Removes a fingerprint from an OpenID Connect (OIDC) identity provider (IdP). |
OAuth management
|
API |
Title |
Description |
| CreateApplication | CreateApplication | Creates an application. |
| GetApplication | GetApplication | Queries the configuration information of a specified application. |
| UpdateApplication | UpdateApplication | Updates the configuration of a specified application. |
| DeleteApplication | DeleteApplication | Deletes an application. |
| ListApplications | ListApplications | Lists the applications that you have created. |
| ListPredefinedScopes | ListPredefinedScopes | Queries predefined application permissions. |
| CreateAppSecret | CreateAppSecret | Creates an application secret for an application. |
| GetAppSecret | GetAppSecret | Queries the details of an application secret. |
| ListAppSecretIds | ListAppSecretIds | Queries the secret IDs of an application. |
| DeleteAppSecret | DeleteAppSecret | Deletes the application secret of an application. |
| ProvisionApplication | ProvisionApplication | Installs an application. |
| DeprovisionApplication | DeprovisionApplication | Uninstalls an external application or an internal application of the ServerApp type. |
| ListApplicationProvisionInfos | ListApplicationProvisionInfos | Queries installation information about all installed applications. |
| GetApplicationProvisionInfo | GetApplicationProvisionInfo | Queries installation information about a specified installed application. |
| ProvisionExternalApplication | ProvisionExternalApplication | Installs an external application. |
| DeprovisionExternalApplication | DeprovisionExternalApplication | Deletes an installed external application. |
| ListExternalApplications | ListExternalApplications | Queries information about all installed external applications. |
| GetExternalApplication | GetExternalApplication | Queries information about an installed external application. |
Security settings
|
API |
Title |
Description |
| SetPasswordPolicy | SetPasswordPolicy | Configures the password policy for Resource Access Management (RAM) users. |
| GetPasswordPolicy | GetPasswordPolicy | Queries the details of the password policy for RAM users. |
| SetSecurityPreference | SetSecurityPreference | Configures security preferences for a RAM user. |
| GetSecurityPreference | GetSecurityPreference | Queries the security preferences for RAM users. |
| SetDefaultDomain | SetDefaultDomain | Configures the default domain name for an Alibaba Cloud account. |
| GetDefaultDomain | GetDefaultDomain | Queries the default domain name of an Alibaba Cloud account. |
| GetCredentialReport | GetCredentialReport | Queries the user credential reports of an Alibaba Cloud account. |
| GetAccountSecurityPracticeReport | GetAccountSecurityPracticeReport | Queries the security report of an Alibaba Cloud account. |
| GenerateCredentialReport | GenerateCredentialReport | Generates the user credential report of an Alibaba Cloud account. |
Cloud governance
|
API |
Title |
Description |
| GenerateGovernanceReport | GenerateGovernanceReport | Generates a check report for Cloud Governance. |
| ListRecentGovernanceMetrics | ListRecentGovernanceMetrics | Queries all metric values in the most recent governance check. |