section> Computing
  • Auto Scaling
  • Bare Metal Server
  • Dedicated Host
  • Elastic Cloud Server
  • FunctionGraph
  • Image Management Service
Network
  • Direct Connect
  • Domain Name Service
  • Elastic IP
  • Elastic Load Balancing
  • Enterprise Router
  • NAT Gateway
  • Private Link Access Service
  • Secure Mail Gateway
  • Virtual Private Cloud
  • Virtual Private Network
  • VPC Endpoint
Storage
  • Cloud Backup and Recovery
  • Cloud Server Backup Service
  • Elastic Volume Service
  • Object Storage Service
  • Scalable File Service
  • Storage Disaster Recovery Service
  • Volume Backup Service
Application
  • API Gateway (APIG)
  • Application Operations Management
  • Application Performance Management
  • Distributed Message Service (for Kafka)
  • Simple Message Notification
Data Analysis
  • Cloud Search Service
  • Data Lake Insight
  • Data Warehouse Service
  • DataArts Studio
  • MapReduce Service
  • ModelArts
  • Optical Character Recognition
Container
  • Application Service Mesh
  • Cloud Container Engine
  • Cloud Container Instance
  • Software Repository for Containers
Databases
  • Data Replication Service
  • Distributed Cache Service
  • Distributed Database Middleware
  • Document Database Service
  • GeminiDB
  • Relational Database Service
  • TaurusDB
Management & Deployment
  • Cloud Create
  • Cloud Eye
  • Cloud Trace Service
  • Config
  • Log Tank Service
  • Resource Formation Service
  • Tag Management Service
Security Services
  • Anti-DDoS
  • Cloud Firewall
  • Database Security Service
  • Dedicated Web Application Firewall
  • Host Security Service
  • Identity and Access Management
  • Key Management Service
  • Web Application Firewall
Other
  • Enterprise Dashboard
  • Marketplace
  • Price Calculator
  • Status Dashboard
APIs
  • REST API
  • API Usage Guidelines
  • Endpoints
Development and Automation
  • SDKs
  • Drivers and Tools
  • Terraform
  • Ansible
  • Cloud Create
Architecture Center
  • Best Practices
  • Blueprints
IaaSComputingAuto ScalingBare Metal ServerDedicated HostElastic Cloud ServerFunctionGraphImage Management ServiceNetworkDirect ConnectDomain Name ServiceElastic IPElastic Load BalancingEnterprise RouterNAT GatewayPrivate Link Access ServiceSecure Mail GatewayVirtual Private CloudVirtual Private NetworkVPC EndpointStorageCloud Backup and RecoveryCloud Server Backup ServiceElastic Volume ServiceObject Storage ServiceScalable File ServiceStorage Disaster Recovery ServiceVolume Backup ServicePaaSApplicationAPI Gateway (APIG)Application Operations ManagementApplication Performance ManagementDistributed Message Service (for Kafka)Simple Message NotificationData AnalysisCloud Search ServiceData Lake InsightData Warehouse ServiceDataArts StudioMapReduce ServiceModelArtsOptical Character RecognitionContainerApplication Service MeshCloud Container EngineCloud Container InstanceSoftware Repository for ContainersDatabasesData Replication ServiceDistributed Cache ServiceDistributed Database MiddlewareDocument Database ServiceGeminiDBRelational Database ServiceTaurusDBManagementManagement & DeploymentCloud CreateCloud EyeCloud Trace ServiceConfigLog Tank ServiceResource Formation ServiceTag Management ServiceSecuritySecurity ServicesAnti-DDoSCloud FirewallDatabase Security ServiceDedicated Web Application FirewallHost Security ServiceIdentity and Access ManagementKey Management ServiceWeb Application FirewallOtherOtherEnterprise DashboardMarketplacePrice CalculatorStatus Dashboard

Identity and Access Management

  • API Usage Guidelines
  • Before You Start
  • API Overview
  • Calling APIs
  • APIs
    • Token Management
    • Access Key Management
    • Region Management
    • Project Management
    • Tenant Management
    • User Management
      • Querying a User List
      • Querying User Details
      • Querying User Details (Recommended)
      • Querying the User Group to Which a User Belongs
      • Querying Users in a User Group
      • Creating an IAM User (Recommended)
      • Creating a User
      • Changing a Password
      • Modifying User Information
      • Modifying User Information (Including Email Address and Mobile Number) as the Administrator
      • Deleting a User
      • Deleting a User from a User Group
      • Sending a Welcome Email to a User
    • User Group Management
    • Permission Management
    • Custom Policy Management
    • Agency Management
    • Security Settings
    • Federated Identity Authentication Management
    • Version Information Management
    • Services and Endpoints
  • Permissions Policies and Supported Actions
  • Appendix
  • Change History
  • API Reference
  • APIs
  • User Management
  • Creating an IAM User (Recommended)

Creating an IAM User (Recommended)¶

Function¶

This API is provided for the administrator to create an IAM user.

URI¶

POST /v3.0/OS-USER/users

Request Parameters¶

Table 1 Parameters in the request header¶

Parameter

Mandatory

Type

Description

Content-Type

Yes

String

Fill application/json;charset=utf8 in this field.

X-Auth-Token

Yes

String

Access token issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see "Actions".

Table 2 Parameters in the request body¶

Parameter

Mandatory

Type

Description

user

Yes

Object

IAM user information.

Table 3 user¶

Parameter

Mandatory

Type

Description

name

Yes

String

IAM username, which consists of 1 to 64 characters. It can contain letters (case-sensitive), digits, spaces, hyphens (-), underscores (_), and periods (.), and cannot start with a digit or space.

domain_id

Yes

String

Account ID. For details about how to obtain the account ID, see Obtaining User, Account, User Group, Project, and Agency Information.

password

No

String

Password of the user.

email

No

String

Valid email address with a maximum of 255 characters.

areacode

No

String

Country code. The country code must be used together with a mobile number.

phone

No

String

Mobile number with a maximum of 32 digits. The mobile number must be used together with a country code.

enabled

No

Boolean

Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.

pwd_status

No

Boolean

Indicates whether password reset is required at the first login. By default, password reset is required.

xuser_type

No

String

Type of the IAM user in the external system. The user type can contain a maximum of 64 characters. xuser_type must be used together with xuser_id and will be verified based on xaccount_type and xdomain_type of the same account. Currently, the parameter value can only be TenantIdp.

Note

An external system refers to an enterprise management system connected to the cloud platform. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud platform. Please contact your enterprise administrator.

xuser_id

No

String

ID of the IAM user in the external system. The user ID can contain a maximum of 128 characters, and must be used together with xuser_type. Due to the latency, the IAM console may not be able to display the external identity ID you have set in real time. Refresh the page later.

Note

An external system refers to an enterprise management system connected to the cloud platform. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud platform. Please contact your enterprise administrator.

description

No

String

Description of the IAM user.

Response Parameters¶

Table 4 Parameters in the response body¶

Parameter

Type

Description

user

Object

IAM user information.

Table 5 user¶

Parameter

Type

Description

status

Integer

Status of the IAM user.

pwd_status

Boolean

Indicates whether password reset is required at the first login.

xuser_id

String

ID of the IAM user in the external system.

Note

An external system refers to an enterprise management system connected to the cloud platform. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud platform. Please contact your enterprise administrator.

xuser_type

String

Type of the IAM user in the external system.

Note

An external system refers to an enterprise management system connected to the cloud platform. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud platform. Please contact your enterprise administrator.

description

String

Description of the IAM user.

name

String

IAM username, which consists of 1 to 32 characters. It can contain letters (case-sensitive), digits, spaces, hyphens (-), underscores (_), and periods (.), and cannot start with a digit or space.

phone

String

Mobile number with a maximum of 32 digits. The mobile number must be used together with a country code.

is_domain_owner

Boolean

Indicates whether the IAM user is an administrator.

domain_id

String

ID of the account used to create the IAM user.

enabled

Boolean

Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.

areacode

String

Country code.

email

String

Email address.

create_time

String

Time when the IAM user was created.

Note

The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssss format, for example, 2023-06-28T08:56:33.710000.

xdomain_id

String

Customer code of the business entity.

xdomain_type

String

Business entity.

default_project_id

String

Default project ID.

id

String

IAM user ID that contains 32 characters.

password_expires_at

String

Password expiration time. If this parameter is set to null, the password will never expire.

Note

The value is a UTC time in the YYYY-MM-DDTHH:mm:ss.ssssss format, for example, 2023-06-28T08:56:33.710000.

Example Request¶

Request for an administrator to create an IAM user named IAMUser, with the email address IAMEmail@example.com and mobile number 0012312345678910 bound, and with both programmatic access and management console access

POST https://sample.domain.com/v3.0/OS-USER/users
{
    "user": {
        "domain_id": "d78cbac186b744899480f25...",
        "name": "IAMUser",
        "password": "IAMPassword@",
        "email": "IAMEmail@example.com",
        "areacode": "00123",
        "phone": "12345678910",
        "enabled": true,
        "pwd_status": false,
        "xuser_type": "",
        "xuser_id": "",

        "description": "IAMDescription"
    }
}

Example Response¶

Status code: 201

The IAM user is created successfully.

{
    "user": {
        "pwd_status": false,
        "xuser_id": "",
        "xuser_type": "",

        "description": "IAMDescription",
        "name": "IAMUser",
        "phone": "12345678910",
        "is_domain_owner": false,
        "enabled": true,
        "domain_id": "d78cbac186b744899480f25bd...",
        "areacode": "00123",
        "email": "IAMEmail@example.com",
        "create_time": "2020-01-06T08:05:16.000000",
        "xdomain_id": "",
        "xdomain_type": "",
        "id": "07664aec578026691f00c003a...",
        "status": null,
        "password_expires_at": null,
        "default_project_id": null
    }
}

Status Codes¶

Status Code

Description

201

The IAM user is created successfully.

400

Invalid parameters.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

405

The method specified in the request is not allowed for the requested resource.

409

A resource conflict occurs.

413

The request entity is too large.

500

Internal server error.

503

Service unavailable.

Error Codes¶

See "Error Codes".

  • Prev
  • Next
last updated: 2025-07-21 13:53 UTC - commit: 2cd37c11859db788ffb42d85dd7ac026f32a0cce
Edit pageReport Documentation Bug
Page Contents
  • Creating an IAM User (Recommended)
    • Function
    • URI
    • Request Parameters
    • Response Parameters
    • Example Request
    • Example Response
    • Status Codes
    • Error Codes
© T-Systems International GmbH
  • Contact
  • Data privacy
  • Disclaimer of Liabilities
  • Imprint