API Overview
Token Management
|
API |
Description |
|---|---|
|
Obtain a user token through username/password-based authentication. |
|
|
Obtain a user token using a username, password, and virtual MFA code on condition that virtual MFA–based login protection has been enabled. |
|
|
Obtain an agency token. |
|
|
Used by the administrator to verify the token of an IAM user or used by an IAM user to verify their own token. |
Access Key Management
|
API |
Description |
|---|---|
|
Obtaining Temporary Access Keys and Security Tokens of an Agency - CreateTemporaryAccessKeyByAgency |
Obtain a temporary access key and security token by using an agency. |
|
Obtaining Temporary Access Keys and Security Tokens of an IAM User - CreateTemporaryAccessKeyByToken |
Obtain a temporary access key and security token using a token. |
|
Used by the administrator to create a permanent access key for an IAM user or used by an IAM user to create a permanent access key. |
|
|
Used by the administrator to query all permanent access key of an IAM user or used by an IAM user to query all of their own permanent access keys. |
|
|
Used by the administrator to query the specified permanent access key of an IAM user or used by an IAM user to query one of their own permanent access keys. |
|
|
Used by the administrator to modify the specified permanent access key of an IAM user or used by an IAM user to modify one of their own permanent access keys. |
|
|
Used by the administrator to delete the specified permanent access key of an IAM user or used by an IAM user to delete one of their own permanent access keys. |
Region Management
|
API |
Description |
|---|---|
|
Query regions. |
|
|
Query region details. |
Project Management
|
API |
Description |
|---|---|
|
Query project information. |
|
|
Used by the administrator to list the projects accessible to a specified IAM user or used by an IAM user to list accessible projects. |
|
|
Listing Projects Accessible to an IAM User - KeystoneListAuthProjects |
List the projects in which resources are accessible to a specified IAM user. |
|
Provided for the administrator to create a project. |
|
|
Provided for the administrator to modify project information. |
|
|
Query the detailed information about a project based on the project ID. |
|
|
Provided for the administrator to change the status of a specified project. The project status can be normal or suspended. |
|
|
Querying Project Information and Status - ShowProjectDetailsAndStatus |
Provided for the administrator to query project details and status. |
|
Query the quotas of a specified project. |
Account Management
|
API |
Description |
|---|---|
|
Querying Account Information Accessible to an IAM User - KeystoneListAuthDomains |
Query the account information that is accessible to a specified IAM user. |
|
Querying the Password Strength Policy - KeystoneShowSecurityCompliance |
Query the password strength policy, including the regular expression and description, of a specified account. |
|
Querying the Password Strength Policy with Conditions - KeystoneShowSecurityComplianceByOption |
Query the password strength policy, including the regular expression and description, of a specified account based on specified conditions. |
|
Query the quotas of a specified account. |
IAM User Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list all IAM users. |
|
|
Used by the administrator to query the details about a specified IAM user or used by an IAM user to query their own details, including the mobile number and email address. |
|
|
Used by the administrator to query the details about a specified IAM user or used by an IAM user to query their own details, excluding the mobile number and email address. |
|
|
Used by the administrator to query the groups of a specified IAM user or used by an IAM user to query their own groups. |
|
|
Used by the administrator to query the IAM users in a user group. |
|
|
Provided for the administrator to create an IAM user. |
|
|
Provided for the administrator to create an IAM user. |
|
|
Used by an IAM user to change the login password. |
|
|
Modifying IAM User Information (By an IAM User) (Recommended)- UpdateUserInformation |
Used by an IAM user to modify its basic information. |
|
Modifying IAM User Information (By the Administrator) (Recommended)- UpdateUser |
Provided for the administrator to modify IAM user information. |
|
Modifying IAM User Information (By the Administrator) - KeystoneUpdateUserByAdmin |
Provided for the administrator to modify IAM user information. |
|
Provided for the administrator to delete an IAM user. |
|
|
Provided for the administrator to query the MFA device information of IAM users. |
|
|
Used by the administrator to query the MFA device information of a specified IAM user or used by an IAM user to query their own MFA device information. |
|
|
Provided for the administrator to query the login protection configurations of IAM users. |
|
|
Used by the administrator to query the login protection configuration of a specified IAM user or used by an IAM user to query their own login protection configuration. |
|
|
Provided for the administrator to modify the login protection configuration of an IAM user. |
|
|
Bind a virtual MFA device to an IAM user. |
|
|
Unbind the virtual MFA device bound to an IAM user. |
|
|
Create a virtual MFA device for an IAM user. |
|
|
Provided for the administrator to delete the virtual MFA device created for an IAM user. |
User Group Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list all user groups. |
|
|
Provided for the administrator to query user group information. |
|
|
Provided for the administrator to create a user group. |
|
|
Provided for the administrator to update user group information. |
|
|
Provided for the administrator to delete a user group. |
|
|
Checking Whether an IAM User Belongs to a User Group - KeystoneCheckUserInGroup |
Provided for the administrator to check whether an IAM user belongs to a specified user group. |
|
Provided for the administrator to add an IAM user to a specified user group. |
|
|
Removing an IAM User from a User Group - KeystoneRemoveUserFromGroup |
Used by the administrator to remove an IAM user from a specified user group. |
Permissions Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list all permissions. |
|
|
Provided for the administrator to query permission details. |
|
|
Querying Permissions of a User Group for a Global Service Project |
Provided for the administrator to query the permissions of a user group for the global service project. |
|
Querying Permissions of a User Group for a Region-specific Project |
Provided for the administrator to query the permissions of a user group for a region-specific project. |
|
Provided for the administrator to grant permissions to a user group for the global service project. |
|
|
Provided for the administrator to grant permissions to a user group for a region-specific project. |
|
|
Provided for the administrator to check whether a user group has specified permissions for the global service project. |
|
|
Provided for the administrator to check whether a user group has specified permissions for a region-specific project. |
|
|
Querying All Permissions of a User Group - KeystoneListAllProjectPermissionsForGroup |
Provided for the administrator to query all permissions that have been assigned to a user group. |
|
Checking Whether a User Group Has Specified Permissions for All Projects - KeystoneCheckroleForGroup |
Provided for the administrator to check whether a user group has specified permissions for all projects. |
|
Removing Specified Permissions of a User Group in All Projects - DeleteDomainGroupInheritedRole |
Provided for the administrator to remove the specified permissions of a user group for all projects. |
|
Provided for the administrator to remove the specified permissions of a user group for the global service project. |
|
|
Provided for the administrator to remove the specified permissions of a user group for a region-specific project. |
|
|
Granting Permissions to a User Group for All Projects - UpdateDomainGroupInheritRole |
Provided for the administrator to grant permissions to a user group for all projects. |
Custom Policy Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list all custom policies. |
|
|
Provided for the administrator to query the details of a specified custom policy. |
|
|
Creating a Custom Policy for Cloud Services - CreateCloudServiceCustomPolicy |
Provided for the administrator to create a custom policy for cloud services. |
|
Creating a Custom Policy for Agencies - CreateAgencyCustomPolicy |
Provided for the administrator to create a custom policy for agencies. |
|
Modifying a Custom Policy for Cloud Services - UpdateCloudServiceCustomPolicy |
Provided for the administrator to modify a custom policy for cloud services. |
|
Modifying a Custom Policy for Agencies - UpdateAgencyCustomPolicy |
Provided for the administrator to modify a custom policy for agencies. |
|
Provided for the administrator to delete a custom policy. |
Agency Management
|
API |
Description |
|---|---|
|
Provided for the administrator to list agencies that match specified conditions. |
|
|
Provided for the administrator to query the details about an agency. |
|
|
Provided for the administrator to create an agency. |
|
|
Provided for the administrator to modify an agency. |
|
|
Provided for the administrator to delete an agency. |
|
|
Querying Permissions of an Agency for a Global Service Project - ListDomainPermissionsForAgency |
Provided for the administrator to query the permissions of an agency for the global service project. |
|
Querying Permissions of an Agency for a Region-specific Project - ListProjectPermissionsForAgency |
Provided for the administrator to query the permissions of an agency for a region-specific project. |
|
Granting Permissions to an Agency for a Global Service Project - AssociateAgencyWithDomainPermission |
Provided for the administrator to grant permissions to an agency for the global service project. |
|
Provided for the administrator to grant permissions to an agency for a region-specific project. |
|
|
Provided for the administrator to check whether an agency has specified permissions for the global service project. |
|
|
Provided for the administrator to check whether an agency has specified permissions for a region-specific project. |
|
|
Removing Permissions of an Agency for a Global Service Project - RemoveDomainPermissionFromAgency |
Provided for the administrator to remove the specified permissions of an agency for the global service project. |
|
Removing Permissions of an Agency for a Region-specific Project - RemoveProjectPermissionFromAgency |
Provided for the administrator to remove the specified permissions of an agency for a region-specific project. |
|
Querying All Project Permissions of an Agency - ListAllProjectsPermissionsForAgency |
Provided for the administrator to query all permissions that have been assigned to an agency. |
|
Provided for the administrator to grant specified permissions to an agency for all projects. |
|
|
Checking Whether an Agency Has All Project Permissions - CheckAllProjectsPermissionForAgency |
Provided for the administrator to check whether an agency has specified permissions. |
|
Removing Specified Permissions of an Agency in All Projects - RemoveAllProjectsPermissionFromAgency |
Provided for the administrator to remove the specified permissions of an agency in all projects. |
Enterprise Project Management
|
API |
Description |
|---|---|
|
Querying User Groups Associated with an Enterprise Project - ListGroupsForEnterpriseProject |
Query the user groups associated with the enterprise project of a specified ID. |
|
Query the permissions of a user group associated with the enterprise project of a specified ID. |
|
|
Grant permissions to a user group associated with the enterprise project of a specified ID. |
|
|
Remove the permissions of a user group associated with an enterprise project. |
|
|
Querying the Enterprise Projects Associated with a User Group - ListEnterpriseProjectsForGroup |
Query the enterprise projects associated with a user group. |
|
Query the enterprise projects associated with an IAM user. |
|
|
Querying Users Directly Associated with an Enterprise Project - ListUsersForEnterpriseProject |
Query the users directly associated with a specified enterprise project. |
|
Query the permissions of a user directly associated with a specified enterprise project. |
|
|
Grant permissions to a user for an enterprise project. |
|
|
Removing Permissions of a User Directly Associated with an Enterprise Project |
Remove the permissions of a user directly associated with a specified enterprise project. |
Security Settings
Federated Identity Authentication Management
|
API |
Description |
|---|---|
|
Obtain a federated authentication token using the OpenStack Client or ShibbolethECP Client. |
|
|
Obtain a federated authentication token in the IdP-initiated mode. The Client4ShibbolethIdP script is used as an example. |
|
|
List all identity providers. |
|
|
Querying Identity Provider Details - KeystoneShowIdentityProvider |
Query the details about an identity provider. |
|
Creating an Identity Provider - KeystoneCreateIdentityProvider |
Provided for the administrator to register an identity provider. |
|
Modifying a SAML Identity Provider - KeystoneUpdateIdentityProvider |
Provided for the administrator to update an identity provider. |
|
Deleting a SAML Identity Provider - KeystoneDeleteIdentityProvider |
Provided for the administrator to delete an identity provider. |
|
List all mappings. |
|
|
Query the details of a mapping. |
|
|
Provided for the administrator to register a mapping. |
|
|
Provided for the administrator to update a mapping. |
|
|
Provided for the administrator to delete a mapping. |
|
|
List all protocols. |
|
|
Query the details of a protocol. |
|
|
Provided for the administrator to register a protocol, that is, to associate a protocol with an identity provider. |
|
|
Provided for the administrator to update the protocol associated with a specified identity provider. |
|
|
Provided for the administrator to delete the protocol associated with a specified identity provider. |
|
|
Provided for the administrator to query the metadata file imported to IAM for an identity provider. |
|
|
Querying the Metadata File of Keystone - ShowKeystoneMetadataFile |
Query the metadata file of Keystone. |
|
Provided for the administrator to import a metadata file. |
|
|
Obtain an unscoped token through IdP-initiated federated identity authentication. |
|
|
This API is used to obtain a scoped token through federated identity authentication. |
|
|
Obtaining a Token with an OpenID Connect ID Token - CreateTokenWithIdToken |
Obtain a federated identity authentication token using an OpenID Connect ID token. |
|
Obtaining an Unscoped Token with an OpenID Connect ID Token - CreateUnscopedTokenWithIdToken |
Obtain an unscoped token using an OpenID Connect ID token. |
|
Listing Accounts Accessible to Federated Users - KeystoneListFederationDomains |
List the accounts whose resources are accessible to federated users. |
Custom Identity Brokers
|
API |
Description |
|---|---|
|
Obtain a token for logging in through a custom identity broker. |
Version Information Management
|
API |
Description |
|---|---|
|
Querying the Version Information of Keystone APIs - KeystoneListVersions |
Query the version information of Keystone APIs. |
|
Querying Information About Keystone API 3.0 - KeystoneShowVersion |
Obtain the information about Keystone API 3.0. |
Services and Endpoints
|
API |
Description |
|---|---|
|
List all services. |
|
|
Query the details of a service. |
|
|
Query the service catalog corresponding to X-Auth-Token contained in the request. |
|
|
List all endpoints. |
|
|
Query the details of an endpoint. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
