Updated on 2023-07-18 GMT+08:00

API Overview

Token Management

API

Description

Obtaining a User Token Through Password Authentication

Obtain a user token through username/password-based authentication.

Obtaining a User Token Through Password and Virtual MFA Authentication

Obtain a user token using a username, password, and virtual MFA code on condition that virtual MFA–based login protection has been enabled.

Obtaining an Agency Token

Obtain an agency token.

Verifying a Token

Used by the administrator to verify the token of an IAM user or used by an IAM user to verify their own token.

Access Key Management

API

Description

Obtaining a Temporary Access Key and Security Token Through an Agency

Obtain a temporary access key and security token by using an agency.

Obtaining a Temporary Access Key and Security Token Through a Token

Obtain a temporary access key and security token using a token.

Creating a Permanent Access Key

Used by the administrator to create a permanent access key for an IAM user or used by an IAM user to create a permanent access key.

Querying Permanent Access Keys

Used by the administrator to query all permanent access key of an IAM user or used by an IAM user to query all of their own permanent access keys.

Querying a Permanent Access Key

Used by the administrator to query the specified permanent access key of an IAM user or used by an IAM user to query one of their own permanent access keys.

Modifying a Permanent Access Key

Used by the administrator to modify the specified permanent access key of an IAM user or used by an IAM user to modify one of their own permanent access keys.

Deleting a Permanent Access Key

Used by the administrator to delete the specified permanent access key of an IAM user or used by an IAM user to delete one of their own permanent access keys.

Region Management

API

Description

Querying Regions

Query regions.

Querying Region Details

Query region details.

Project Management

API

Description

Querying Project Information

Query project information.

Listing Projects

Used by the administrator to list the projects accessible to a specified IAM user or used by an IAM user to list accessible projects.

Listing Projects Accessible to an IAM User

List the projects in which resources are accessible to a specified IAM user.

Creating a Project

Provided for the administrator to create a project.

Modifying Project Information

Provided for the administrator to modify project information.

Querying Project Information

Query the detailed information about a project based on the project ID.

Changing Project Status

Provided for the administrator to change the status of a specified project. The project status can be normal or suspended.

Querying Project Information and Status

Provided for the administrator to query project details and status.

Querying the Quotas of a Project

Query the quotas of a specified project.

Account Management

API

Description

Querying Account Information Accessible to an IAM User

Query the account information that is accessible to a specified IAM user.

Querying the Password Strength Policy

Query the password strength policy, including the regular expression and description, of a specified account.

Querying the Regular Expression or Description of a Password Strength Policy

Query the password strength policy, including the regular expression and description, of a specified account based on specified conditions.

Querying the Quotas of an Account

Query the quotas of a specified account.

IAM User Management

API

Description

Listing IAM Users

Provided for the administrator to list all IAM users.

Querying IAM User Details (Recommended)

Used by the administrator to query the details about a specified IAM user or used by an IAM user to query their own details, including the mobile number and email address.

Querying IAM User Details

Used by the administrator to query the details about a specified IAM user or used by an IAM user to query their own details, excluding the mobile number and email address.

Querying the User Groups to Which an IAM User Belongs

Used by the administrator to query the groups of a specified IAM user or used by an IAM user to query their own groups.

Querying the IAM Users in a Group

Used by the administrator to query the IAM users in a user group.

Creating an IAM User (Recommended)

Provided for the administrator to create an IAM user.

Creating an IAM User

This API is provided for the administrator to create an IAM user.

Changing the Login Password

Used by an IAM user to change the login password.

Modifying IAM User Information (Recommended)

Used by an IAM user to modify its basic information.

Modifying IAM User Information (Recommended)

Provided for the administrator to modify IAM user information.

Modifying User Information

Provided for the administrator to modify IAM user information.

Deleting an IAM User

Provided for the administrator to delete an IAM user.

Querying MFA Device Information of IAM Users

Provided for the administrator to query the MFA device information of IAM users.

Querying the MFA Device Information of an IAM User

Used by the administrator to query the MFA device information of a specified IAM user or used by an IAM user to query their own MFA device information.

Querying Login Protection Configurations of IAM Users

Provided for the administrator to query the login protection configurations of IAM users.

Querying the Login Protection Configuration of an IAM User

Used by the administrator to query the login protection configuration of a specified IAM user or used by an IAM user to query their own login protection configuration.

Modifying the Login Protection Configuration of an IAM User

Provided for the administrator to modify the login protection configuration of an IAM user.

Binding a Virtual MFA Device

Bind a virtual MFA device to an IAM user.

Unbinding a Virtual MFA Device

Unbind the virtual MFA device bound to an IAM user.

Creating a Virtual MFA Device

Create a virtual MFA device for an IAM user.

Deleting a Virtual MFA Device

Provided for the administrator to delete the virtual MFA device created for an IAM user.

User Group Management

API

Description

Listing User Groups

Provided for the administrator to list all user groups.

Querying User Group Details

Provided for the administrator to query user group information.

Creating a User Group

Provided for the administrator to create a user group.

Updating User Group Information

Provided for the administrator to update user group information.

Deleting a User Group

Provided for the administrator to delete a user group.

Checking Whether an IAM User Belongs to a User Group

Provided for the administrator to check whether an IAM user belongs to a specified user group.

Adding an IAM User to a User Group

Provided for the administrator to add an IAM user to a specified user group.

Removing an IAM User from a User Group

Used by the administrator to remove an IAM user from a specified user group.

Permissions Management

API

Description

Listing Permissions

Provided for the administrator to list all permissions.

Querying Permission Details

Provided for the administrator to query permission details.

Querying Permissions of a User Group for a Global Service Project

Provided for the administrator to query the permissions of a user group for the global service project.

Querying Permissions of a User Group for a Region-specific Project

Provided for the administrator to query the permissions of a user group for a region-specific project.

Granting Permissions to a User Group for a Global Service Project

Provided for the administrator to grant permissions to a user group for the global service project.

Granting Permissions to a User Group for a Region-specific Project

Provided for the administrator to grant permissions to a user group for a region-specific project.

Checking Whether a User Group Has Specified Permissions for a Global Service Project

Provided for the administrator to check whether a user group has specified permissions for the global service project.

Checking Whether a User Group Has Specified Permissions for a Region-specific Project

Provided for the administrator to check whether a user group has specified permissions for a region-specific project.

Querying All Permissions of a User Group

Provided for the administrator to query all permissions that have been assigned to a user group.

Checking Whether a User Group Has Specified Permissions for All Projects

Provided for the administrator to check whether a user group has specified permissions for all projects.

Removing Specified Permissions of a User Group in All Projects

Provided for the administrator to remove the specified permissions of a user group for all projects.

Removing Permissions of a User Group for a Global Service Project

Provided for the administrator to remove the specified permissions of a user group for the global service project.

Removing the Permissions of a User Group for a Region-specific Project

Provided for the administrator to remove the specified permissions of a user group for a region-specific project.

Granting Permissions to a User Group for All Projects

Provided for the administrator to grant permissions to a user group for all projects.

Custom Policy Management

API

Description

Listing Custom Policies

Provided for the administrator to list all custom policies.

Querying Custom Policy Details

Provided for the administrator to query the details of a specified custom policy.

Creating a Custom Policy for Cloud Services

Provided for the administrator to create a custom policy for cloud services.

Creating a Custom Policy for Agencies

Provided for the administrator to create a custom policy for agencies.

Modifying a Custom Policy for Cloud Services

Provided for the administrator to modify a custom policy for cloud services.

Modifying a Custom Policy for Agencies

Provided for the administrator to modify a custom policy for agencies.

Deleting a Custom Policy

Provided for the administrator to delete a custom policy.

Agency Management

API

Description

Listing Agencies

Provided for the administrator to list agencies that match specified conditions.

Querying Agency Details

Provided for the administrator to query the details about an agency.

Creating an Agency

Provided for the administrator to create an agency.

Modifying an Agency

Provided for the administrator to modify an agency.

Deleting an Agency

Provided for the administrator to delete an agency.

Querying Permissions of an Agency for a Global Service Project

Provided for the administrator to query the permissions of an agency for the global service project.

Querying Permissions of an Agency for a Region-specific Project

Provided for the administrator to query the permissions of an agency for a region-specific project.

Granting Permissions to an Agency for a Global Service Project

Provided for the administrator to grant permissions to an agency for the global service project.

Granting Permissions to an Agency for a Region-specific Project

Provided for the administrator to grant permissions to an agency for a region-specific project.

Checking Whether an Agency Has Specified Permissions for a Global Service Project

Provided for the administrator to check whether an agency has specified permissions for a global service project.

Checking Whether an Agency Has Specified Permissions for a Region-specific Project

Provided for the administrator to check whether an agency has specified permissions for a region-specific project.

Removing Permissions of an Agency for a Global Service Project

Provided for the administrator to remove the specified permissions of an agency for a global service project.

Removing Permissions of an Agency for a Region-specific Project

Provided for the administrator to remove the specified permissions of an agency for a region-specific project.

Querying All Permissions of an Agency

Provided for the administrator to query all permissions that have been assigned to an agency.

Granting Specified Permissions to an Agency for All Projects

Provided for the administrator to grant specified permissions to an agency for all projects.

Checking Whether an Agency Has Specified Permissions

Provided for the administrator to check whether an agency has specified permissions.

Removing Specified Permissions of an Agency in All Projects

Provided for the administrator to remove the specified permissions of an agency in all projects.

Enterprise Project Management

API

Description

Querying User Groups Associated with an Enterprise Project

Query the user groups associated with the enterprise project of a specified ID.

Querying the Permissions of a User Group Associated with an Enterprise Project

Query the permissions of a user group associated with the enterprise project of a specified ID.

Granting Permissions to a User Group Associated with an Enterprise Project

Grant permissions to a user group associated with the enterprise project of a specified ID.

Removing Permissions of a User Group Associated with an Enterprise Project

Remove the permissions of a user group associated with an enterprise project.

Querying the Enterprise Projects Associated with a User Group

Query the enterprise projects associated with a user group.

Querying the Enterprise Projects Directly Associated with an IAM User

Query the enterprise projects associated with an IAM user.

Querying Users Directly Associated with an Enterprise Project

Query the users directly associated with a specified enterprise project.

Querying Permissions of a User Directly Associated with an Enterprise Project

Query the permissions of a user directly associated with a specified enterprise project.

Granting a User Permissions for an Enterprise Project

Grant a user permissions for an enterprise project.

Removing Permissions of a User Directly Associated with an Enterprise Project

Remove the permissions of a user directly associated with a specified enterprise project.

Security Settings

API

Description

Modifying the Operation Protection Policy

Provided for the administrator to modify the operation protection policy.

Querying the Operation Protection Policy

Query the operation protection policy.

Modifying the Password Policy

Provided for the administrator to modify the password policy.

Querying the Password Policy of an Account

Query the password policy.

Modifying the Login Authentication Policy

Provided for the administrator to modify the login authentication policy.

Querying the Login Authentication Policy

Query the login authentication policy.

Modifying the ACL for Console Access

Provided for the administrator to modify the ACL for console access.

Querying the ACL for Console Access

Query the ACL for console access.

Modifying the ACL for API Access

Provided for the administrator to modify the ACL for API access.

Querying the ACL for API Access

Query the ACL for API access.

Federated Identity Authentication Management

API

Description

SP Initiated

Obtain a federated authentication token using the OpenStack Client or ShibbolethECP Client.

IdP Initiated

Obtain a federated authentication token in the IdP-initiated mode. The Client4ShibbolethIdP script is used as an example.

Listing Identity Providers

List all identity providers.

Querying Identity Provider Details

Query the details about an identity provider.

Creating an Identity Provider

Provided for the administrator to register an identity provider.

Modifying a SAML Identity Provider

Provided for the administrator to update an identity provider.

Deleting a SAML Identity Provider

Provided for the administrator to delete an identity provider.

Listing Mappings

List all mappings.

Querying Mapping Details

Query the details of a mapping.

Registering a Mapping

Provided for the administrator to register a mapping.

Updating a Mapping

Provided for the administrator to update a mapping.

Deleting a Mapping

Provided for the administrator to delete a mapping.

Listing Protocols

List all protocols.

Querying Protocol Details

Query the details of a protocol.

Registering a Protocol

Provided for the administrator to register a protocol, that is, to associate a protocol with an identity provider.

Updating a Protocol

Provided for the administrator to update the protocol associated with a specified identity provider.

Deleting a Protocol

Provided for the administrator to delete the protocol associated with a specified identity provider.

Querying a Metadata File

Provided for the administrator to query the metadata file imported to IAM for an identity provider.

Querying the Metadata File of Keystone

Query the metadata file of Keystone.

Importing a Metadata File

Provided for the administrator to import a metadata file.

Obtaining an Unscoped Token (IdP Initiated)

Obtain an unscoped token through IdP-initiated federated identity authentication.

Obtaining a Scoped Token

Obtain a scoped token through federated identity authentication.

Obtaining a Token with an OpenID Connect ID Token

Obtain a federated identity authentication token using an OpenID Connect ID token.

Obtaining an Unscoped Token with an OpenID Connect ID Token

Obtain an unscoped token using an OpenID Connect ID token.

Listing Accounts Accessible to Federated Users

List the accounts whose resources are accessible to federated users.

Custom Identity Brokers

API

Description

Obtaining a Login Token

Obtain a token for logging in through a custom identity broker.

Version Information Management

API

Description

Querying the Version Information of Keystone APIs

Query the version information of Keystone APIs.

Querying Information About Keystone API 3.0

Obtain the information about Keystone API 3.0.

Services and Endpoints

API

Description

Listing Services

List all services.

Querying Service Details

Query the details of a service.

Querying the Service Catalog

Query the service catalog corresponding to X-Auth-Token contained in the request.

Listing Endpoints

List all endpoints.

Querying Endpoint Details

Query the details of an endpoint.