All Products
Search

This Product

    Identity as a Service:Introduction to API Integration

    Document Center

    Identity as a Service:Introduction to API Integration

    Last Updated:Mar 29, 2023

    1. Overview

    This topic describes the API operations related to organizations and accounts that are provided by Identity as a Service (IDaaS). You can manage IDaaS account and organization data by referring to this topic.

    IDaaS provides four types of API operations:

    1. API operation used to obtain a token. All the other API operations are called based on a token.

    2. API operation used to query and manage accounts.

    3. API operation used to query and manage organizations.

    4. API operation used to obtain synchronization scope. Only accounts and organizations that are in the synchronization scope can be managed.

    2. Call methods

    API Authentication

    You must obtain an access token before you can call most of the API operations provided by IDaaS.

    Obtain the client_id and client_secret on the General tab of the application details page and then obtain a token.

    Note

    Note: Unlike Alibaba Cloud API operations, the Developer API operations provided by IDaaS depend on the secrets of applications in IDaaS for authentication, and users are granted permissions to call operations on the IDaaS API tab. Developer API permissions are not based on Resource Access Management (RAM).

    SDK, sample code, and debugging

    We recommend that you use SDKs to call API operations.

    IDaaS allows you to perform the following SDK-related operations on Alibaba Cloud OpenAPI Explorer:

    • View the detailed API documentation.

    • Debug APIs online.

    • Download and install SDKs for various programming languages, including Java, Python, Go, PHP, C#, C++, and TypeScript.

    • Obtain the sample code for using SDKs for various programming languages to call API operations.

    image

    You can download a complete project by clicking Download Project on the API Debugging page. You can view the project to learn how to install SDKs and call API operations.

    API operation calls

    IDaaS also allows you to use development and testing tools to directly call API operations.

    For more information about API operations, see Alibaba Cloud IDaaS API operations.

    API operations

    For more information, see the detailed API documentation.

    Category

    Scenario

    API operations

    Permission value (set on the IDaaS API tab)

    Token

    Obtain a token

    • Obtain a token: GenerateToken

    -

    Account

    Manage accounts

    • Create an account: CreateUser

    • Update an account: PatchUser

    • Delete an account: DeleteUser

    • Enable an account: EnableUser

    • Disable an account: DisableUser

    urn:alibaba:idaas:scope:user:manager_all

    Query accounts

    • Query account information: GetUser

    • Query accounts: ListUsers

    • Query a password policy: GetUserPasswordPolicy

    urn:alibaba:idaas:scope:user:read_all

    Organization

    Manage organizations

    • Create an organization: CreateOrganizationalUnit

    • Modify organization information: PatchOrganizationalUnit

    • Delete an organization: DeleteOrganizationalUnit

    urn:alibaba:idaas:scope:organizational_unit:manager_all

    Query organizations

    • Query organization information: GetOrganizationalUnit

    • Query organizations: ListOrganizationalUnits

    • Query parent IDs of an organization: ListOrganizationalUnitParentIds

    urn:alibaba:idaas:scope:organizational_unit:read_all

    Synchronization Scope

    Query synchronization scope

    • Query the synchronization scope: GetApplicationProvisioningScope

    -