API Overview
Token Management
|
API |
Description |
|---|---|
|
Obtain a user token through username/password-based authentication. |
|
|
Obtaining a User Token Through Password and Virtual MFA Authentication |
Obtain a user token using a username, password, and virtual MFA code on condition that virtual MFA–based login protection has been enabled. |
|
Obtain an agency token. |
|
|
Used by the administrator to verify the token of an IAM user or used by an IAM user to verify their own token. |
Access Key Management
|
API |
Description |
|---|---|
|
Obtaining a Temporary Access Key and Security Token Through an Agency |
Obtain a temporary access key and security token by using an agency. |
|
Obtaining a Temporary Access Key and Security Token Through a Token |
Obtain a temporary access key and security token using a token. |
|
Used by the administrator to create a permanent access key for an IAM user or used by an IAM user to create a permanent access key. |
|
|
Used by the administrator to query all permanent access key of an IAM user or used by an IAM user to query all of their own permanent access keys. |
|
|
Used by the administrator to query the specified permanent access key of an IAM user or used by an IAM user to query one of their own permanent access keys. |
|
|
Used by the administrator to modify the specified permanent access key of an IAM user or used by an IAM user to modify one of their own permanent access keys. |
|
|
Used by the administrator to delete the specified permanent access key of an IAM user or used by an IAM user to delete one of their own permanent access keys. |
Region Management
|
API |
Description |
|---|---|
|
Query regions. |
|
|
Query region details. |
Project Management
|
API |
Description |
|---|---|
|
Query project information. |
|
|
Used by the administrator to list the projects accessible to a specified IAM user or used by an IAM user to list accessible projects. |
|
|
List the projects in which resources are accessible to a specified IAM user. |
|
|
Provided for the administrator to create a project. |
|
|
Provided for the administrator to modify project information. |
|
|
Query the detailed information about a project based on the project ID. |
|
|
Provided for the administrator to change the status of a specified project. The project status can be normal or suspended. |
|
|
Provided for the administrator to query project details and status. |
|
|
Query the quotas of a specified project. |
Account Management
|
API |
Description |
|---|---|
|
Query the account information that is accessible to a specified IAM user. |
|
|
Query the password strength policy, including the regular expression and description, of a specified account. |
|
|
Querying the Regular Expression or Description of a Password Strength Policy |
Query the password strength policy, including the regular expression and description, of a specified account based on specified conditions. |
|
Query the quotas of a specified account. |
IAM User Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list all IAM users. |
|
|
Used by the administrator to query the details about a specified IAM user or used by an IAM user to query their own details, including the mobile number and email address. |
|
|
Used by the administrator to query the details about a specified IAM user or used by an IAM user to query their own details, excluding the mobile number and email address. |
|
|
Used by the administrator to query the groups of a specified IAM user or used by an IAM user to query their own groups. |
|
|
Used by the administrator to query the IAM users in a user group. |
|
|
Provided for the administrator to create an IAM user. |
|
|
This API is provided for the administrator to create an IAM user. |
|
|
Used by an IAM user to change the login password. |
|
|
Used by an IAM user to modify its basic information. |
|
|
Provided for the administrator to modify IAM user information. |
|
|
Provided for the administrator to modify IAM user information. |
|
|
Provided for the administrator to delete an IAM user. |
|
|
Provided for the administrator to query the MFA device information of IAM users. |
|
|
Used by the administrator to query the MFA device information of a specified IAM user or used by an IAM user to query their own MFA device information. |
|
|
Provided for the administrator to query the login protection configurations of IAM users. |
|
|
Used by the administrator to query the login protection configuration of a specified IAM user or used by an IAM user to query their own login protection configuration. |
|
|
Provided for the administrator to modify the login protection configuration of an IAM user. |
|
|
Bind a virtual MFA device to an IAM user. |
|
|
Unbind the virtual MFA device bound to an IAM user. |
|
|
Create a virtual MFA device for an IAM user. |
|
|
Provided for the administrator to delete the virtual MFA device created for an IAM user. |
User Group Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list all user groups. |
|
|
Provided for the administrator to query user group information. |
|
|
Provided for the administrator to create a user group. |
|
|
Provided for the administrator to update user group information. |
|
|
Provided for the administrator to delete a user group. |
|
|
Provided for the administrator to check whether an IAM user belongs to a specified user group. |
|
|
Provided for the administrator to add an IAM user to a specified user group. |
|
|
Used by the administrator to remove an IAM user from a specified user group. |
Permissions Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list all permissions. |
|
|
Provided for the administrator to query permission details. |
|
|
Querying Permissions of a User Group for a Global Service Project |
Provided for the administrator to query the permissions of a user group for the global service project. |
|
Querying Permissions of a User Group for a Region-specific Project |
Provided for the administrator to query the permissions of a user group for a region-specific project. |
|
Granting Permissions to a User Group for a Global Service Project |
Provided for the administrator to grant permissions to a user group for the global service project. |
|
Granting Permissions to a User Group for a Region-specific Project |
Provided for the administrator to grant permissions to a user group for a region-specific project. |
|
Checking Whether a User Group Has Specified Permissions for a Global Service Project |
Provided for the administrator to check whether a user group has specified permissions for the global service project. |
|
Checking Whether a User Group Has Specified Permissions for a Region-specific Project |
Provided for the administrator to check whether a user group has specified permissions for a region-specific project. |
|
Provided for the administrator to query all permissions that have been assigned to a user group. |
|
|
Checking Whether a User Group Has Specified Permissions for All Projects |
Provided for the administrator to check whether a user group has specified permissions for all projects. |
|
Removing Specified Permissions of a User Group in All Projects |
Provided for the administrator to remove the specified permissions of a user group for all projects. |
|
Removing Permissions of a User Group for a Global Service Project |
Provided for the administrator to remove the specified permissions of a user group for the global service project. |
|
Removing the Permissions of a User Group for a Region-specific Project |
Provided for the administrator to remove the specified permissions of a user group for a region-specific project. |
|
Provided for the administrator to grant permissions to a user group for all projects. |
Custom Policy Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list all custom policies. |
|
|
Provided for the administrator to query the details of a specified custom policy. |
|
|
Provided for the administrator to create a custom policy for cloud services. |
|
|
Provided for the administrator to create a custom policy for agencies. |
|
|
Provided for the administrator to modify a custom policy for cloud services. |
|
|
Provided for the administrator to modify a custom policy for agencies. |
|
|
Provided for the administrator to delete a custom policy. |
Agency Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list agencies that match specified conditions. |
|
|
Provided for the administrator to query the details about an agency. |
|
|
Provided for the administrator to create an agency. |
|
|
Provided for the administrator to modify an agency. |
|
|
Provided for the administrator to delete an agency. |
|
|
Querying Permissions of an Agency for a Global Service Project |
Provided for the administrator to query the permissions of an agency for the global service project. |
|
Querying Permissions of an Agency for a Region-specific Project |
Provided for the administrator to query the permissions of an agency for a region-specific project. |
|
Granting Permissions to an Agency for a Global Service Project |
Provided for the administrator to grant permissions to an agency for the global service project. |
|
Granting Permissions to an Agency for a Region-specific Project |
Provided for the administrator to grant permissions to an agency for a region-specific project. |
|
Checking Whether an Agency Has Specified Permissions for a Global Service Project |
Provided for the administrator to check whether an agency has specified permissions for a global service project. |
|
Checking Whether an Agency Has Specified Permissions for a Region-specific Project |
Provided for the administrator to check whether an agency has specified permissions for a region-specific project. |
|
Removing Permissions of an Agency for a Global Service Project |
Provided for the administrator to remove the specified permissions of an agency for a global service project. |
|
Removing Permissions of an Agency for a Region-specific Project |
Provided for the administrator to remove the specified permissions of an agency for a region-specific project. |
|
Provided for the administrator to query all permissions that have been assigned to an agency. |
|
|
Granting Specified Permissions to an Agency for All Projects |
Provided for the administrator to grant specified permissions to an agency for all projects. |
|
Provided for the administrator to check whether an agency has specified permissions. |
|
|
Provided for the administrator to remove the specified permissions of an agency in all projects. |
Enterprise Project Management
|
API |
Description |
|---|---|
|
Query the user groups associated with the enterprise project of a specified ID. |
|
|
Querying the Permissions of a User Group Associated with an Enterprise Project |
Query the permissions of a user group associated with the enterprise project of a specified ID. |
|
Granting Permissions to a User Group Associated with an Enterprise Project |
Grant permissions to a user group associated with the enterprise project of a specified ID. |
|
Removing Permissions of a User Group Associated with an Enterprise Project |
Remove the permissions of a user group associated with an enterprise project. |
|
Querying the Enterprise Projects Associated with a User Group |
Query the enterprise projects associated with a user group. |
|
Querying the Enterprise Projects Directly Associated with an IAM User |
Query the enterprise projects associated with an IAM user. |
|
Querying Users Directly Associated with an Enterprise Project |
Query the users directly associated with a specified enterprise project. |
|
Querying Permissions of a User Directly Associated with an Enterprise Project |
Query the permissions of a user directly associated with a specified enterprise project. |
|
Grant a user permissions for an enterprise project. |
|
|
Removing Permissions of a User Directly Associated with an Enterprise Project |
Remove the permissions of a user directly associated with a specified enterprise project. |
Security Settings
|
API |
Description |
|---|---|
|
Provided for the administrator to modify the operation protection policy. |
|
|
Query the operation protection policy. |
|
|
Provided for the administrator to modify the password policy. |
|
|
Query the password policy. |
|
|
Provided for the administrator to modify the login authentication policy. |
|
|
Query the login authentication policy. |
|
|
Provided for the administrator to modify the ACL for console access. |
|
|
Query the ACL for console access. |
|
|
Provided for the administrator to modify the ACL for API access. |
|
|
Query the ACL for API access. |
Federated Identity Authentication Management
|
API |
Description |
|---|---|
|
Obtain a federated authentication token using the OpenStack Client or ShibbolethECP Client. |
|
|
Obtain a federated authentication token in the IdP-initiated mode. The Client4ShibbolethIdP script is used as an example. |
|
|
List all identity providers. |
|
|
Query the details about an identity provider. |
|
|
Provided for the administrator to register an identity provider. |
|
|
Provided for the administrator to update an identity provider. |
|
|
Provided for the administrator to delete an identity provider. |
|
|
List all mappings. |
|
|
Query the details of a mapping. |
|
|
Provided for the administrator to register a mapping. |
|
|
Provided for the administrator to update a mapping. |
|
|
Provided for the administrator to delete a mapping. |
|
|
List all protocols. |
|
|
Query the details of a protocol. |
|
|
Provided for the administrator to register a protocol, that is, to associate a protocol with an identity provider. |
|
|
Provided for the administrator to update the protocol associated with a specified identity provider. |
|
|
Provided for the administrator to delete the protocol associated with a specified identity provider. |
|
|
Provided for the administrator to query the metadata file imported to IAM for an identity provider. |
|
|
Query the metadata file of Keystone. |
|
|
Provided for the administrator to import a metadata file. |
|
|
Obtain an unscoped token through IdP-initiated federated identity authentication. |
|
|
Obtain a scoped token through federated identity authentication. |
|
|
Obtain a federated identity authentication token using an OpenID Connect ID token. |
|
|
Obtain an unscoped token using an OpenID Connect ID token. |
|
|
List the accounts whose resources are accessible to federated users. |
Custom Identity Brokers
|
API |
Description |
|---|---|
|
Obtain a token for logging in through a custom identity broker. |
Version Information Management
|
API |
Description |
|---|---|
|
Query the version information of Keystone APIs. |
|
|
Obtain the information about Keystone API 3.0. |
Services and Endpoints
|
API |
Description |
|---|---|
|
List all services. |
|
|
Query the details of a service. |
|
|
Query the service catalog corresponding to X-Auth-Token contained in the request. |
|
|
List all endpoints. |
|
|
Query the details of an endpoint. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
