All Products
Search
Document Center

Identity as a Service:Introduction to API Integration

Last Updated:Nov 28, 2024

1. Overview

This topic describes the API operations related to organizations and accounts that are provided by Identity as a Service (IDaaS). You can manage IDaaS account and organization data by referring to this topic.

IDaaS provides four types of API operations:

  1. API operation used to obtain a token. All the other API operations are called based on a token.

  2. API operation used to query and manage accounts.

  3. API operation used to query and manage organizations.

  4. API operation used to obtain synchronization scope. Only accounts and organizations that are in the synchronization scope can be managed.

2. Call methods

API Authentication

You must obtain an access token before you can call most of the API operations provided by IDaaS.

Obtain the client_id and client_secret on the General tab of the application details page and then obtain a token.

Note

Note: Unlike Alibaba Cloud API operations, the Developer API operations provided by IDaaS depend on the secrets of applications in IDaaS for authentication, and users are granted permissions to call operations on the IDaaS API tab. Developer API permissions are not based on Resource Access Management (RAM).

SDK, sample code, and debugging

We recommend that you use SDKs to call API operations.

IDaaS allows you to perform the following SDK-related operations on Alibaba Cloud OpenAPI Explorer:

  • View the detailed API documentation.

  • Debug APIs online.

  • Download and install SDKs for various programming languages, including Java, Python, Go, PHP, C#, C++, and TypeScript.

  • Obtain the sample code for using SDKs for various programming languages to call API operations.

image

You can download a complete project by clicking Download Project on the API Debugging page. You can view the project to learn how to install SDKs and call API operations.

API operation calls

IDaaS also allows you to use development and testing tools to directly call API operations.

For more information about API operations, see Alibaba Cloud IDaaS API operations.

API operations

For more information, see the detailed API documentation.

Category

Scenario

API operations

Permission value (set on the IDaaS API tab)

Token

Obtain a token

  • Obtain a token: GenerateToken

-

Account

Manage accounts

  • Create an account: CreateUser

  • Update an account: PatchUser

  • Delete an account: DeleteUser

  • Enable an account: EnableUser

  • Disable an account: DisableUser

urn:alibaba:idaas:scope:user:manager_all

Query accounts

  • Query account information: GetUser

  • Query accounts: ListUsers

  • Query a password policy: GetUserPasswordPolicy

urn:alibaba:idaas:scope:user:read_all

Organization

Manage organizations

  • Create an organization: CreateOrganizationalUnit

  • Modify organization information: PatchOrganizationalUnit

  • Delete an organization: DeleteOrganizationalUnit

urn:alibaba:idaas:scope:organizational_unit:manager_all

Query organizations

  • Query organization information: GetOrganizationalUnit

  • Query organizations: ListOrganizationalUnits

  • Query parent IDs of an organization: ListOrganizationalUnitParentIds

urn:alibaba:idaas:scope:organizational_unit:read_all

Synchronization Scope

Query synchronization scope

  • Query the synchronization scope: GetApplicationProvisioningScope

-