A Resource Access Management (RAM) user must be subject to authentication rules when requesting access to the domain resources of the Alibaba Cloud account by using the Domains API. This topic describes the authentication rules for the Domains API.
When a RAM user requests access to the domain resources of an Alibaba Cloud account by using the Domains API, Domains sends a request to the RAM user for authentication. This is to ensure that the RAM user is authorized by the resource owner to access the resources.
For each Domains API operation, the resources to check are determined by the involved
resources and the semantics of the API operation. The following table lists the authentication
rules for each API operation.
Note $accountid indicates the account ID. You can log on to your Alibaba Cloud account to view the account ID.
| Operation | Authenticated action | Resource |
|---|---|---|
| SaveSingleTaskForUpdatingContactInfo | domain:DomainInfoModification | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForUpdatingContactInfo | acs:domain:*:$accountid:domain/$domainName | |
| TransferInReenterTransferAuthorizationCode | domain:DomainTransferInOperation | acs:domain:*:$accountid:domain/$domainName |
| TransferInRefetchWhoisEmail | acs:domain:*:$accountid:domain/$domainName | |
| TransferInResendMailToken | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCancelingTransferIn | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForCancelingTransferOut | domain:DomainTransferOutOperation | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForQueryingTransferAuthorizationCode | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForModifyingDnsHost | domain:DnsHostModification | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForCreatingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForSynchronizingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForDeletingDnsHost | acs:domain:*:$accountid:domain/$domainName | |
| SaveBatchTaskForModifyingDomainDns | domain:DnsModification | acs:domain:*:$accountid:domain/$domainName |
| SaveSingleTaskForTransferProhibitionLock | domain:SecuritySetting | acs:domain:*:$accountid:domain/$domainName |
| SaveBatchTaskForTransferProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
| SaveSingleTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName | |
| SaveBatchTaskForUpdateProhibitionLock | acs:domain:*:$accountid:domain/$domainName |
| Operation | Authenticated action | Resource |
|---|---|---|
| QueryDomainList | domain:QueryCommonInfo | acs:domain:*:$accountid:* |
| QueryDomainByInstanceId | acs:domain:*:$accountid:* | |
| QueryContactInfo | acs:domain:*:$accountid:* | |
| VerifyContactField | acs:domain:*:$accountid:* | |
| QueryTaskList | domain:QueryDomainTask | acs:domain:*:$accountid:* |
| QueryTaskInfoHistory | acs:domain:*:$accountid:* | |
| QueryTaskDetailList | acs:domain:*:$accountid:* | |
| QueryTaskDetailHistory | acs:domain:*:$accountid:* | |
| PollTaskResult | acs:domain:*:$accountid:* | |
| QueryChangeLogList | domain:QueryChangeLog | acs:domain:*:$accountid:* |
| QueryTransferInByInstanceId | domain:QueryDomainTransferIn | acs:domain:*:$accountid:* |
| QueryTransferInList | acs:domain:*:$accountid:* | |
| CheckTransferInFeasibility | acs:domain:*:$accountid:* | |
| TransferInCheckMailToken | domain:TransferInCheckMailToken | acs:domain:*:$accountid:* |
| QueryTransferOutInfo | domain:QueryDomainTransferOut | acs:domain:*:$accountid:* |
| QueryDnsHost | domain:QueryDnsHost | acs:domain:*:$accountid:* |
| QueryRegistrantProfiles | domain:QueryRegistrantProfile | acs:domain:*:$accountid:* |
| ListEmailVerification | domain:QueryEmailVerification | acs:domain:*:$accountid:* |
| AcknowledgeTaskResult | domain:AcknowledgeTaskResult | acs:domain:*:$accountid:* |
| SaveRegistrantProfile | domain:RegistrantProfileOperation | acs:domain:*:$accountid:* |
| DeleteRegistrantProfile | acs:domain:*:$accountid:* | |
| DeleteEmailVerification | domain:EmailVerificationOperation | acs:domain:*:$accountid:* |
| VerifyEmail | acs:domain:*:$accountid:* | |
| ResendEmailVerification | acs:domain:*:$accountid:* | |
| SubmitEmailVerification | acs:domain:*:$accountid:* |
| Operation | Authenticated action | Resource |
|---|---|---|
| * | domain:* | acs:domain:*:$accountid:* |