API Overview¶
Token Management¶
API | Description |
|---|---|
Obtain a user token through username/password-based authentication. | |
Obtain an agency token. | |
Check the validity of a specified token. If the token is valid, detailed information about the token will be returned. | |
Provided for the administrator to verify the token of a user or provided for a user to verify their token. The administrator can only verify the token of a user created using the account. If the verified token is valid, 200 is displayed. | |
Delete a token no matter whether the token has expired or not. |
Access Key Management¶
API | Description |
|---|---|
Obtain a temporary access key (AK/SK) and security token. | |
Provided for the administrator to create a permanent access key for a user or provided for a user to create a permanent access key for themselves. | |
Provided for the administrator to list all permanent access key of a user or provided for a user to list all of their permanent access keys. | |
Provided for the administrator to query the specified permanent access key of a user or provided for a user to query one of their permanent access keys. | |
Provided for the administrator to modify the specified permanent access key of a user or provided for a user to modify one of their permanent access keys. | |
Provided for the administrator to delete the specified permanent access key of a user or provided for a user to delete one of their permanent access keys. |
Region Management¶
API | Description |
|---|---|
List all regions. | |
Query region details. |
Project Management¶
API | Description |
|---|---|
Querying Project Information Based on the Specified Criteria | Query project information. |
Query the project list of a specified user. | |
List the projects in which resources are accessible to a specified user. | |
Create a project. | |
Modify the details of a project. | |
Query the detailed information about a project based on the project ID. | |
Change the status of a specified project. The project status can be normal or suspended. | |
Query the details and status of a project. | |
Query the quotas of a specified project. |
Tenant Management¶
API | Description |
|---|---|
Query the list of domains accessible to users. | |
Query the password strength policy, including its regular expression and description. | |
Query the regular expression or description of the password strength policy configured for a specified account. |
User Management¶
API | Description |
|---|---|
List all users. | |
Query the detailed information about a specified user. | |
Provided for the administrator to query the details about a specified user or provided for a user to query their details. | |
Query the information about the groups to which a specified user belongs. | |
Provided for the administrator to query the users in a user group. | |
Provided for the administrator to create a user. | |
Create a user under a domain. | |
Change the password for a user. | |
Modify user information under a domain. | |
Modifying User Information (Including Email Address and Mobile Number) as an IAM User | Provided for users to modify their information. |
Modifying User Information (Including Email Address and Mobile Number) as the Administrator | Provided for the administrator to modify user information. |
Provided for the administrator to delete a user. | |
Delete a user from a user group. | |
Provided for the administrator to query the MFA device information of users. | |
Provided for the administrator to query the MFA device information of a specified user or provided for a user to query their MFA device information. | |
Provided for the administrator to query the login protection configurations of users. | |
Provided for the administrator to query the login protection configuration of a specified user or provided for a user to query their login protection configuration. | |
Bind a virtual MFA device to a user. | |
Unbind the virtual MFA device bound to a user. | |
Create a virtual MFA device for a user. | |
Provided for the administrator to delete the virtual MFA device created for a user. | |
Provided for the administrator to modify the login protection configuration of a user. | |
Provided for the administrator to send a welcome email to a new user. |
User Group Management¶
API | Description |
|---|---|
Provided for the administrator to list all user groups. | |
Provided for the administrator to query user group information. | |
Provided for the administrator to create a user group. | |
Provided for the administrator to add a user to a specified user group. | |
Provided for the administrator to update user group information. | |
Provided for the administrator to delete a user group. | |
Provided for the administrator to check whether a user belongs to a specified user group. |
Permission Management¶
API | Description |
|---|---|
Provided for the administrator to list all permissions. | |
Provided for the administrator to query permission information. | |
This API is used to query permissions assignment records of a specified account. | |
Query the permissions of a specified user group under a domain. | |
Querying Permissions of a User Group Corresponding to a Project | Query the permissions of a specified user group for a project. |
Grant permissions to a specified user group under a domain. | |
Granting Permissions to a User Group Corresponding to a Project | Grant permissions to a specified user group for a project. |
Deleting Permissions of a User Group Corresponding to a Project | Delete permissions of a user group corresponding to a project. |
Delete permissions of a specified user group of a domain. | |
Querying Whether a User Group Under a Domain Has Specific Permissions | Query whether a specified user group under a domain has specific permissions. |
Querying Whether a User Group Corresponding to a Project Has Specific Permissions | Query whether a user group corresponding to a project has specific permissions. |
Removing Specified Permissions of a User Group in All Projects | Provided for the administrator to remove the specified permissions of a user group in all projects. |
Checking Whether a User Group Has Specified Permissions for All Projects | Provided for the administrator to check whether a user group has specified permissions for all projects. |
Provided for the administrator to query all permissions that have been assigned to a user group. |
Custom Policy Management¶
API | Description |
|---|---|
Provided for the administrator to list all custom policies. | |
Provided for the administrator to query custom policy details. | |
Provided for the administrator to create a custom policy for cloud services. | |
Provided for the administrator to create a custom policy for agencies. | |
Provided for the administrator to modify a custom policy for cloud services. | |
Provided for the administrator to modify a custom policy for agencies. | |
Provided for the administrator to delete a custom policy. |
Agency Management¶
API | Description |
|---|---|
Create an agency. | |
Query an agency list based on the specified conditions. | |
Query the details of a specified agency. | |
Modify agency information, including the trust_domain_id, description, and trust_domain_name parameters. | |
Delete an agency. | |
Grant permissions to an agency for a project. | |
Checking Whether an Agency Has the Specified Permissions on a Project | Check whether an agency has the specified permissions on a project. |
Query the list of permissions of an agency on a project. | |
Delete permissions of an agency on a project. | |
Grant permissions to an agency on a domain. | |
Checking Whether an Agency Has the Specified Permissions on a Domain | Check whether an agency has the specified permissions on a domain. |
Query the list of permissions of an agency on a domain. | |
Delete permissions of an agency on a domain. | |
Provided for the administrator to query all permissions that have been assigned to an agency. | |
Granting Specified Permissions to an Agency for All Projects | Provided for the administrator to grant specified permissions to an agency for all projects. |
Security Settings¶
API | Description |
|---|---|
Query the operation protection policy. | |
Provided for the administrator to modify the operation protection policy. | |
Query the password policy. | |
Provided for the administrator to modify the password policy. | |
Query the login authentication policy. | |
Provided for the administrator to modify the login authentication policy. | |
Query the ACL for console access. | |
Provided for the administrator to modify the ACL for console access. | |
Query the ACL for API access. |
Federated Identity Authentication Management¶
API | Description |
|---|---|
Obtain a federated authentication token using the OpenStack Client or ShibbolethECP Client. | |
Obtain a federated authentication token in the IdP-initiated mode. The Client4ShibbolethIdP script is used as an example. | |
List all identity providers. | |
Query the details about an identity provider. | |
Provided for the administrator to create an identity provider. | |
Provided for the administrator to update an identity provider. | |
Provided for the administrator to delete an identity provider. | |
Provided for the administrator to create an OpenID Connect identity provider. | |
Provided for the administrator to modify an OpenID Connect identity provider. | |
Provided for the administrator to query an OpenID Connect identity provider. | |
List all mappings. | |
Query the information about a mapping. | |
Provided for the administrator to register a mapping. | |
Provided for the administrator to update a mapping. | |
Provided for the administrator to delete a mapping. | |
List all protocols. | |
Query the details of a protocol. | |
Provided for the administrator to register a protocol, that is, to associate a protocol with an identity provider. | |
Provided for the administrator to update the protocol associated with a specified identity provider. | |
Provided for the administrator to delete the protocol associated with a specified identity provider. | |
Provided for the administrator to query the metadata file imported to IAM for an identity provider. | |
Query the metadata file of Keystone. | |
Provided for the administrator to import a metadata file. | |
Obtain an unscoped token through IdP-initiated federated identity authentication. | |
Obtain a scoped token through federated identity authentication. | |
Obtain a federated identity authentication token using an OpenID Connect ID token. | |
Obtain an unscoped token using an OpenID Connect ID token. | |
List the accounts whose resources are accessible to federated users. | |
List the projects in which resources are accessible to federated users. |
Version Information Management¶
API | Description |
|---|---|
Query the version information of Keystone APIs. | |
Obtain the information about Keystone API 3.0. |
Services and Endpoints¶
API | Description |
|---|---|
List all services. | |
Query the details of a service. | |
Query the service catalog corresponding to X-Auth-Token contained in the request. | |
List all endpoints. | |
Query the details of an endpoint. |