Creating an IAM User (Recommended)¶

Function¶

This API is provided for the administrator to create an IAM user.

URI¶

POST /v3.0/OS-USER/users

Request Parameters¶

**Table 1** Parameters in the request header¶
Parameter	Mandatory	Type	Description
Content-Type	Yes	String	Fill application/json;charset=utf8 in this field.
X-Auth-Token	Yes	String	Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see "Actions".

**Table 2** Parameters in the request body¶
Parameter	Mandatory	Type	Description
user	Yes	Object	IAM user information.

**Table 3** user¶
Parameter	Mandatory	Type	Description
name	Yes	String	IAM username, which consists of 1 to 64 characters. It can contain letters (case-sensitive), digits, spaces, hyphens (-), underscores (_), and periods (.), and cannot start with a digit or space.
domain_id	Yes	String	Account ID. For details about how to obtain the account ID, see Obtaining User, Account, User Group, Project, and Agency Information.
password	No	String	Password of the user.
email	No	String	Valid email address with a maximum of 255 characters.
areacode	No	String	Country code. The country code must be used together with a mobile number.
phone	No	String	Mobile number with a maximum of 32 digits. The mobile number must be used together with a country code.
enabled	No	Boolean	Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.
pwd_status	No	Boolean	Indicates whether password reset is required at the first login. By default, password reset is required.
xuser_type	No	String	Type of the IAM user in the external system. The user type can contain a maximum of 64 characters. xuser_type must be used together with xuser_id and will be verified based on xaccount_type and xdomain_type of the same account. Currently, the parameter value can only be TenantIdp. Note An external system refers to an enterprise management system connected to the cloud platform. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud platform. Please contact your enterprise administrator.
xuser_id	No	String	ID of the IAM user in the external system. The user ID can contain a maximum of 128 characters, and must be used together with xuser_type. Due to the latency, the IAM console may not be able to display the external identity ID you have set in real time. Refresh the page later. Note An external system refers to an enterprise management system connected to the cloud platform. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud platform. Please contact your enterprise administrator.
description	No	String	Description of the IAM user.

Response Parameters¶

**Table 4** Parameters in the response body¶
Parameter	Type	Description
user	Object	IAM user information.

**Table 5** user¶
Parameter	Type	Description
status	Integer	Status of the IAM user.
pwd_status	Boolean	Indicates whether password reset is required at the first login.
xuser_id	String	ID of the IAM user in the external system. Note An external system refers to an enterprise management system connected to the cloud platform. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud platform. Please contact your enterprise administrator.
xuser_type	String	Type of the IAM user in the external system. Note An external system refers to an enterprise management system connected to the cloud platform. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud platform. Please contact your enterprise administrator.
description	String	Description of the IAM user.
name	String	IAM username, which consists of 1 to 32 characters. It can contain letters (case-sensitive), digits, spaces, hyphens (-), underscores (_), and periods (.), and cannot start with a digit or space.
phone	String	Mobile number with a maximum of 32 digits. The mobile number must be used together with a country code.
is_domain_owner	Boolean	Indicates whether the IAM user is an administrator.
domain_id	String	ID of the account used to create the IAM user.
enabled	Boolean	Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.
areacode	String	Country code.
email	String	Email address.
create_time	String	Time when the IAM user was created. Note The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssss format, for example, 2023-06-28T08:56:33.710000.
xdomain_id	String	Customer code of the business entity.
xdomain_type	String	Business entity.
default_project_id	String	Default project ID.
id	String	IAM user ID that contains 32 characters.
password_expires_at	String	Password expiration time. If this parameter is set to null, the password will never expire. Note The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssss format, for example, 2023-06-28T08:56:33.710000.

Example Request¶

Request for an administrator to create an IAM user named IAMUser, with the email address IAMEmail@example.com and mobile number 0012312345678910 bound, and with both programmatic access and management console access

POST https://sample.domain.com/v3.0/OS-USER/users

{
    "user": {
        "domain_id": "d78cbac186b744899480f25...",
        "name": "IAMUser",
        "password": "IAMPassword@",
        "email": "IAMEmail@example.com",
        "areacode": "00123",
        "phone": "12345678910",
        "enabled": true,
        "pwd_status": false,
        "xuser_type": "",
        "xuser_id": "",

        "description": "IAMDescription"
    }
}

Example Response¶

Status code: 201

The IAM user is created successfully.

{
    "user": {
        "pwd_status": false,
        "xuser_id": "",
        "xuser_type": "",

        "description": "IAMDescription",
        "name": "IAMUser",
        "phone": "12345678910",
        "is_domain_owner": false,
        "enabled": true,
        "domain_id": "d78cbac186b744899480f25bd...",
        "areacode": "00123",
        "email": "IAMEmail@example.com",
        "create_time": "2020-01-06T08:05:16.000000",
        "xdomain_id": "",
        "xdomain_type": "",
        "id": "07664aec578026691f00c003a...",
        "status": null,
        "password_expires_at": null,
        "default_project_id": null
    }
}

Status Codes¶

Status Code	Description
201	The IAM user is created successfully.
400	Invalid parameters.
401	Authentication failed.
403	Access denied.
404	The requested resource cannot be found.
405	The method specified in the request is not allowed for the requested resource.
409	A resource conflict occurs.
413	The request entity is too large.
500	Internal server error.
503	Service unavailable.

Error Codes¶

See "Error Codes".

last updated: 2025-07-21 13:53 UTC - commit: 2cd37c11859db788ffb42d85dd7ac026f32a0cce