API Overview

Token Management

API

Description

Obtaining a User Token

Obtain a user token through username/password-based authentication.

Obtaining an Agency Token

Obtain an agency token.

Verifying a Token and Returning a Valid Token

Check the validity of a specified token. If the token is valid, detailed information about the token will be returned.

Verifying a Token

Provided for the administrator to verify the token of a user or provided for a user to verify their token. The administrator can only verify the token of a user created using the account. If the verified token is valid, 200 is displayed.

Deleting a User Token

Delete a token no matter whether the token has expired or not.

Access Key Management

API

Description

Obtaining a Temporary AK/SK

Obtain a temporary access key (AK/SK) and security token.

Creating a Permanent Access Key

Provided for the administrator to create a permanent access key for a user or provided for a user to create a permanent access key for themselves.

Listing Permanent Access Keys

Provided for the administrator to list all permanent access key of a user or provided for a user to list all of their permanent access keys.

Querying a Permanent Access Key

Provided for the administrator to query the specified permanent access key of a user or provided for a user to query one of their permanent access keys.

Modifying a Permanent Access Key

Provided for the administrator to modify the specified permanent access key of a user or provided for a user to modify one of their permanent access keys.

Deleting a Permanent Access Key

Provided for the administrator to delete the specified permanent access key of a user or provided for a user to delete one of their permanent access keys.

Region Management

API

Description

Querying a Region List

List all regions.

Querying Region Details

Query region details.

Project Management

API

Description

Querying Project Information Based on the Specified Criteria

Query project information.

Querying a User Project List

Query the project list of a specified user.

Querying the List of Projects Accessible to Users

List the projects in which resources are accessible to a specified user.

Creating a Project

Create a project.

Modifying Project Data

Modify the details of a project.

Querying Information About a Specified Project

Query the detailed information about a project based on the project ID.

Setting the Status of a Specified Project

Change the status of a specified project. The project status can be normal or suspended.

Querying Information and Status of a Specified Project

Query the details and status of a project.

Deleting a Project

Delete a project.

Querying the Quotas of a Project

Query the quotas of a specified project.

Tenant Management

API

Description

Querying the List of Domains Accessible to Users

Query the list of domains accessible to users.

Querying the Password Strength Policy

Query the password strength policy, including its regular expression and description.

Querying the Password Strength Policy by Option

Query the regular expression or description of the password strength policy configured for a specified account.

Querying a Resource Quota

Query a resource quota. You can query the quota of users, user groups, identity providers, agencies, and policies.

User Management

API

Description

Querying a User List

List all users.

Querying User Details

Query the detailed information about a specified user.

Querying User Details (Recommended)

Provided for the administrator to query the details about a specified user or provided for a user to query their details.

Querying the User Group to Which a User Belongs

Query the information about the groups which a specified user belongs to.

Querying Users in a User Group

Provided for the administrator to query the users in a user group.

Creating an IAM User (Recommended)

Provided for the administrator to create a user.

Creating a User

Create a user under a domain.

Changing a Password

Change the password for a user.

Modifying User Information

Modify user information under a domain.

Modifying User Information (Including Email Address and Mobile Number) as the Administrator

Provided for the administrator to modify user information.

Deleting a User

Provided for the administrator to delete a user.

Deleting a User from a User Group

Delete a user from a user group.

Sending a Welcome Email to a User

Provided for the administrator to send a welcome email to a new user.

User Group Management

API

Description

Listing User Groups

Provided for the administrator to list all user groups.

Querying User Group Details

Provided for the administrator to query user group information.

Creating a User Group

Provided for the administrator to create a user group.

Adding a User to a User Group

Provided for the administrator to add a user to a specified user group.

Updating a User Group

Provided for the administrator to update user group information.

Deleting a User Group

Provided for the administrator to delete a user group.

Querying Whether a User Belongs to a User Group

Provided for the administrator to check whether a user belongs to a specified user group.

Permission Management

API

Description

Querying a Role List

Provided for the administrator to list all permissions.

Querying Role Details

Provided for the administrator to query permission information.

Querying Permission Assignment Records

Query permission assignment records of a specified account.

Querying Role Assignments (Discarded)

Query the user groups to which a specified role has been assigned.

Querying Permissions of a User Group Under a Domain

Query the permissions of a specified user group under a domain.

Querying Permissions of a User Group Corresponding to a Project

Query the permissions of a specified user group for a project.

Granting Permissions to a User Group of a Domain

Grant permissions to a specified user group under a domain.

Granting Permissions to a User Group Corresponding to a Project

Grant permissions to a specified user group for a project.

Deleting Permissions of a User Group Corresponding to a Project

Delete permissions of a user group corresponding to a project.

Deleting Permissions of a User Group of a Domain

Delete permissions of a specified user group of a domain.

Querying Whether a User Group Under a Domain Has Specific Permissions

Query whether a specified user group under a domain has specific permissions.

Querying Whether a User Group Corresponding to a Project Has Specific Permissions

Query whether a user group corresponding to a project has specific permissions.

Granting Permissions to a User Group for All Projects

Grant permissions to a user group.

Removing Specified Permissions of a User Group in All Projects

Provided for the administrator to remove the specified permissions of a user group in all projects.

Checking Whether a User Group Has Specified Permissions for All Projects

Provided for the administrator to check whether a user group has specified permissions for all projects.

Querying All Permissions of a User Group

Provided for the administrator to query all permissions that have been assigned to a user group.

Custom Policy Management

API

Description

Listing Custom Policies

Provided for the administrator to list all custom policies.

Querying Custom Policy Details

Provided for the administrator to query custom policy details.

Creating a Custom Policy for Cloud Services

Provided for the administrator to create a custom policy for cloud services.

Creating a Custom Policy

Provided for the administrator to create a custom policy.

Modifying a Custom Policy for Cloud Services

Provided for the administrator to modify a custom policy for cloud services.

Modifying a Custom Policy

Provided for the administrator to modify a custom policy.

Deleting a Custom Policy

Provided for the administrator to delete a custom policy.

Agency Management

API

Description

Creating an Agency

Create an agency.

Querying an Agency List Based on the Specified Conditions

Query an agency list based on the specified conditions.

Obtaining Details of a Specified Agency

Query the details of a specified agency.

Modifying an Agency

Modify agency information, including the trust_domain_id, description, and trust_domain_name parameters.

Deleting an Agency

Delete an agency.

Granting Permissions to an Agency for a Project

Grant permissions to an agency for a project.

Checking Whether an Agency Has the Specified Permissions on a Project

Check whether an agency has the specified permissions on a project.

Querying the List of Permissions of an Agency on a Project

Query the list of permissions of an agency on a project.

Deleting Permissions of an Agency on a Project

Delete permissions of an agency on a project.

Granting Permissions to an Agency on a Domain

Grant permissions to an agency on a domain.

Checking Whether an Agency Has the Specified Permissions on a Domain

Check whether an agency has the specified permissions on a domain.

Querying the List of Permissions of an Agency on a Domain

Query the list of permissions of an agency on a domain.

Deleting Permissions of an Agency on a Domain

Delete permissions of an agency on a domain.

Querying All Permissions of an Agency

Provided for the administrator to query all permissions that have been assigned to an agency.

Granting Specified Permissions to an Agency for All Projects

Provided for the administrator to grant specified permissions to an agency for all projects.

Checking Whether an Agency Has Specified Permissions

Provided for the administrator to check whether an agency has specified permissions.

Removing Specified Permissions of an Agency in All Projects

Provided for the administrator to remove the specified permissions of an agency in all projects.

Security Settings

API

Description

Querying the Operation Protection Policy

Query the operation protection policy.

Modifying the Operation Protection Policy

Provided for the administrator to modify the operation protection policy.

Querying the Password Policy

Query the password policy.

Modifying the Password Policy

Provided for the administrator to modify the password policy.

Querying the Login Authentication Policy

Query the login authentication policy.

Modifying the Login Authentication Policy

Provided for the administrator to modify the login authentication policy.

Querying the ACL for Console Access

Query the ACL for console access.

Modifying the ACL for Console Access

Provided for the administrator to modify the ACL for console access.

Querying the ACL for API Access

Query the ACL for API access.

Modifying the ACL for API Access

Provided for the administrator to modify the ACL for API access.

Querying MFA Device Information of Users

Provided for the administrator to query the MFA device information of users.

Querying the MFA Device Information of a User

Provided for the administrator to query the MFA device information of a specified user or provided for a user to query their MFA device information.

Querying Login Protection Configurations of Users

Provided for the administrator to query the login protection configurations of users.

Querying the Login Protection Configuration of a User

Used by the administrator to query the login protection configuration of a specified user or used by a user to query their login protection configuration.

Modifying the Login Protection Configuration of a User

Provided for the administrator to modify the login protection configuration of a user.

Binding a Virtual MFA Device

Bind a virtual MFA device to a user.

Unbinding a Virtual MFA Device

Unbind the virtual MFA device bound to a user.

Creating a Virtual MFA Device

Create a virtual MFA device for a user.

Deleting a Virtual MFA Device

Provided for the administrator to delete the virtual MFA device created for a user.

Federated Identity Authentication Management

API

Description

SP Initiated

Obtain a federated authentication token using the OpenStack Client or ShibbolethECP Client.

IdP Initiated

Obtain a federated authentication token in the IdP-initiated mode. The Client4ShibbolethIdP script is used as an example.

Querying the Identity Provider List

List all identity providers.

Querying an Identity Provider

Query the details about an identity provider.

Creating an Identity Provider

Provided for the administrator to create an identity provider.

Creating an OpenID Connect Identity Provider

Provided for the administrator to create an OpenID Connect identity provider.

Updating a SAML Identity Provider

Provided for the administrator to update an identity provider.

Updating an OpenID Connect Identity Provider

Provided for the administrator to modify an OpenID Connect identity provider.

Querying an OpenID Connect Identity Provider

Provided for the administrator to query an OpenID Connect identity provider.

Deleting an Identity Provider

Provided for the administrator to delete an identity provider.

Querying the Mapping List

List all mappings.

Querying a Mapping

Query the information about a mapping.

Creating a Mapping

Provided for the administrator to register a mapping.

Updating a Mapping

Provided for the administrator to update a mapping.

Deleting a Mapping

Provided for the administrator to delete a mapping.

Querying the Protocol List

List all protocols.

Querying a Protocol

Query the details of a protocol.

Registering a Protocol

Provided for the administrator to register a protocol, that is, to associate a protocol with an identity provider.

Updating a Protocol

Provided for the administrator to update the protocol associated with a specified identity provider.

Deleting a Protocol

Provided for the administrator to delete the protocol associated with a specified identity provider.

Querying a Metadata File

Provided for the administrator to query the metadata file imported to IAM for an identity provider.

Querying the Metadata File of Keystone

Query the metadata file of Keystone.

Importing a Metadata File

Provided for the administrator to import a metadata file.

Obtaining an Unscoped Token (SP Initiated)

Obtain an unscoped token through SP-initiated federated identity authentication.

Obtaining an Unscoped Token (IdP Initiated)

Obtain an unscoped token through IdP-initiated federated identity authentication.

Obtaining a Scoped Token

Obtain a scoped token through federated identity authentication.

Obtaining a Token with an OpenID Connect ID Token

Obtain a federated identity authentication token using an OpenID Connect ID token.

Obtaining an Unscoped Token with an OpenID Connect ID Token

Obtain an unscoped token using an OpenID Connect ID token.

Querying the List of Domains Accessible to Federated Users

List the accounts whose resources are accessible to federated users.

Querying the List of Projects Accessible to Federated Users

List the projects in which resources are accessible to federated users.

Version Information Management

API

Description

Querying Keystone API Version Information

Query the version information of Keystone APIs.

Querying Information About Keystone API Version 3.0

Obtain the information about Keystone API 3.0.

Services and Endpoints

API

Description

Querying Services

List all services.

Querying Service Details

Query the details of a service.

Querying the Service Catalog

Query the service catalog corresponding to X-Auth-Token contained in the request.

Querying Endpoints

List all endpoints.

Querying Endpoint Details

Query the details of an endpoint.