Updated on 2023-07-18 GMT+08:00

Creating an IAM User

Function

This API is provided for the administrator to create an IAM user. An IAM user needs to change its password at the first login.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

Restrictions

When you use this API to create an IAM user, you cannot specify a mobile number or email address for the IAM user. To specify a mobile number and email address, used the API described in Creating an IAM User (Recommended).

URI

POST /v3/users

Request Parameters

Table 1 Parameters in the request header

Parameter

Mandatory

Type

Description

Content-Type

Yes

String

Fill application/json;charset=utf8 in this field.

X-Auth-Token

Yes

String

Access token issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see Actions.

Table 2 Parameters in the request body

Parameter

Mandatory

Type

Description

user

Yes

Object

User information.

Table 3 user

Parameter

Mandatory

Type

Description

name

Yes

String

IAM user name, which consists of 1 to 32 characters. It can contain letters, digits, spaces, hyphens (-), underscores (_), and periods (.) and cannot start with a digit or space.

domain_id

No

String

ID of the account to which the IAM user belongs.

password

No

String

Password of the user. The password must meet the following requirements:

  • Can contain 6 to 32 characters. The default minimum password length is 6 characters.
  • Must contain at least two of the following character types: uppercase letters, lowercase letters, digits, and special characters.
  • Must meet the password requirements defined in the password policy.

enabled

No

Boolean

Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.

description

No

String

Description of the IAM user.

Response Parameters

Table 4 Parameters in the response body

Parameter

Type

Description

user

Object

IAM user information.

Table 5 user

Parameter

Type

Description

enabled

Boolean

Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.

id

String

IAM user ID.

domain_id

String

ID of the account to which the IAM user belongs.

name

String

IAM user name.

links

Object

IAM user resource link information.

password_expires_at

String

Password expiration time. If this parameter is set to null, the password will never expire.

NOTE:

The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssssZ format, for example, 2023-06-28T08:56:33.710000Z. For details about the date and timestamp formats, see ISO-8601.

description

String

Description of the IAM user.

Example Request

Request for an administrator to create an IAM user named IAMUser

POST https://iam.myhuaweicloud.com/v3/users
{
    "user": {
        "name": "IAMUser",
        "domain_id": "d78cbac186b744899480f25bd02...",
        "enabled": true,
        "password": "IAMPassword@",
        "description": "IAMDescription"
    }
}

Example Response

Status code: 201

The IAM user is created successfully.

{
    "user": {
        "description": "IAMDescription",
        "name": "IAMUser",
        "enabled": true,
        "links": {
            "self": "https://iam.myhuaweicloud.com/v3/users/076598a17b0010e21fdec003f3a2aa45"
        },
        "domain_id": "d78cbac186b744899480f25b...",
        "id": "076598a17b0010e21fdec003f3a2a..."
    }
}

Status Codes

Status Code

Description

201

The IAM user is created successfully.

400

Invalid parameters.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

405

The method specified in the request is not allowed for the requested resource.

409

A resource conflict occurs.

413

The request entity is too large.

500

Internal server error.

503

Service unavailable.

Error Codes

For details, see Error Codes.