Updated on 2023-09-14 GMT+08:00

Creating an IAM User (Recommended)

Function

This API is provided for the administrator to create an IAM user.

The API can be called using both the global endpoint and region-specific endpoints.

URI

POST /v3.0/OS-USER/users

Request Parameters

Table 1 Parameters in the request header

Parameter

Mandatory

Type

Description

Content-Type

Yes

String

Fill application/json;charset=utf8 in this field.

X-Auth-Token

Yes

String

Access credential issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see Actions.

Table 2 Parameters in the request body

Parameter

Mandatory

Type

Description

user

Yes

Object

IAM user information.

Table 3 user

Parameter

Mandatory

Type

Description

name

Yes

String

IAM user name, which consists of 1 to 32 characters. It can contain letters, digits, spaces, hyphens (-), underscores (_), and periods (.) and cannot start with a digit or space.

domain_id

Yes

String

Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

password

No

String

Password of the user. The password must meet the following requirements:

email

No

String

Email address with a maximum of 255 characters.

areacode

No

String

Country code. The country code must be used together with a mobile number.

phone

No

String

Mobile number with a maximum of 32 digits. The mobile number must be used together with a country code.

enabled

No

Boolean

Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.

pwd_status

No

Boolean

Indicates whether password reset is required at the first login. By default, password reset is required.

xuser_type

No

String

Type of the IAM user in the external system. The user type can contain a maximum of 64 characters. xuser_type must be used together with xuser_id and will be verified based on xaccount_type and xdomain_type of the same account. Currently, the parameter value can only be TenantIdp.

NOTE:

An external system refers to an enterprise management system connected to Huawei Cloud. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from Huawei Cloud. Please contact your enterprise administrator.

xuser_id

No

String

ID of the IAM user in the external system. The user ID can contain a maximum of 128 characters, and must be used together with xuser_type. Due to the latency, the IAM console may not be able to display the external identity ID you have set in real time. Refresh the page later.

NOTE:

An external system refers to an enterprise management system connected to Huawei Cloud. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from Huawei Cloud. Please contact your enterprise administrator.

access_mode

No

String

Access type of the IAM user.

  • default: programmatic access and management console access. This option is the default access type.
  • programmatic: programmatic access
  • console: management console access

description

No

String

Description of the IAM user.

Response Parameters

Table 4 Parameters in the response body

Parameter

Type

Description

user

Object

IAM user information.

Table 5 user

Parameter

Type

Description

status

Integer

Status of the IAM user.

pwd_status

Boolean

Indicates whether password reset is required at the first login.

xuser_id

String

ID of the IAM user in the external system.

NOTE:

An external system refers to an enterprise management system connected to Huawei Cloud. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from Huawei Cloud. Please contact your enterprise administrator.

xuser_type

String

Type of the IAM user in the external system.

NOTE:

An external system refers to an enterprise management system connected to Huawei Cloud. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from Huawei Cloud. Please contact your enterprise administrator.

access_mode

String

Access type of the IAM user.

  • default: programmatic access and management console access. This option is the default access type.
  • programmatic: programmatic access
  • console: management console access

description

String

Description of the IAM user.

name

String

IAM user name, which consists of 1 to 32 characters. It can contain letters, digits, spaces, hyphens (-), underscores (_), and periods (.) and cannot start with a digit or space.

phone

String

Mobile number with a maximum of 32 digits. The mobile number must be used together with a country code.

is_domain_owner

Boolean

Whether the IAM user is an administrator.

domain_id

String

ID of the account to which the IAM user belongs.

enabled

Boolean

Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.

areacode

String

Country code.

email

String

Email address.

create_time

String

Time when the IAM user was created.

NOTE:

The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601.

xdomain_id

String

Customer code of the business entity.

xdomain_type

String

Business entity.

id

String

IAM user ID that contains 32 characters.

password_expires_at

String

Password expiration time. If this parameter is set to null, the password will never expire.

NOTE:

The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601.

Example Request

Request for an administrator to create an IAM user named IAMUser, with the email address IAMEmail@huawei.com and mobile number 0012312345678910 bound, and with both programmatic access and management console access

POST https://iam.myhuaweicloud.eu/v3.0/OS-USER/users
{
    "user": {
        "domain_id": "d78cbac186b744899480f25...",
        "name": "IAMUser",
        "password": "IAMPassword@",
        "email": "IAMEmail@huawei.com",
        "areacode": "00123",
        "phone": "12345678910",
        "enabled": true,
        "pwd_status": false,
        "xuser_type": "",
        "xuser_id": "",
        "access_mode" : "default",
        "description": "IAMDescription"
    }
}

Example Response

Status code: 201

The IAM user is created successfully.

{
    "user": {
        "pwd_status": false,
        "xuser_id": "",
        "xuser_type": "",
        "access_mode" : "default",
        "description": "IAMDescription",
        "name": "IAMUser",
        "phone": "12345678910",
        "is_domain_owner": false,
        "enabled": true,
        "domain_id": "d78cbac186b744899480f25bd...",
        "areacode": "00123",
        "email": "IAMEmail@huaweiexample.com",
        "create_time": "2020-01-06T08:05:16.000000",
        "xdomain_id": "",
        "xdomain_type": "",
        "id": "07664aec578026691f00c003a..."
    }
}

Status Codes

Status Code

Description

201

The IAM user is created successfully.

400

Invalid parameters.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

405

The method specified in the request is not allowed for the requested resource.

409

A resource conflict occurs.

413

The request entity is too large.

500

Internal server error.

503

Service unavailable.

Error Codes

See Error Codes.