All Products
Search

This Product

    Drive and Photo Service:User systems supported by PDS

    Document Center

    Drive and Photo Service:User systems supported by PDS

    Last Updated:Jan 20, 2025

    Photo and Drive Service (PDS) supports a variety of user systems, including mobile numbers, email addresses, DingTalk, RAM users, and lightweight directory access protocol (LDAP) accounts, to meet different business requirements. The PDS API supports access by using an access token generated by an OAuth process or an access token calculated by a custom private key. This facilitates access while ensuring security. Regardless of whether you use a PDS native user system or a third-party user system, PDS provides flexible access solutions, such as JSON Web Token (JWT) and AccessKey-based API operations, to facilitate integration and use.

    Note

    You can access the PDS API by using access tokens. Access tokens are used to verify user identities. If your application uses an OAuth user system of PDS, access tokens are generated by the OAuth service after the authentication is complete. If your application uses a custom user system, access tokens are generated by using trusted private keys.

    1. OAuth user systems supported by PDS

    (1) Configure an OAuth user system for a domain

    PDS supports the following OAuth user systems:

    • Mobile numbers: a native user system of PDS. Users can register with and log on to applications to access PDS by using mobile numbers.

    • Email addresses: a native user system of PDS. Users can register with and log on to applications by using email addresses.

    • DingTalk: Users can log on to applications by scanning DingTalk QR codes or entering DingTalk accounts and passwords.

    • Resource Access Management (RAM) users: Users can log on to applications as Alibaba Cloud RAM users.

    • LDAP accounts: Users can log on to applications by using LDAP accounts that are based on Active Directory (AD).

    p1

    For more information about how to configure these user systems, see the following topics:

    (2) Example of an OAuth logon page

    After you configure user systems for a domain, you can find the corresponding logon methods on the OAuth logon page.

    11

    (3) Enable OAuth logon for an application

    BasicUI supports OAuth logon. On the Applications tab of the domain details page, find BasicUI and click Allow Access in the Actions column. In the message that appears, click OK. Then, log on to BasicUI as the super administrator to synchronize data.

    For more information about how to configure OAuth logon for self-managed applications, see the following topics:

    2. Custom user systems

    A custom application can use a trusted private key to calculate an access token that is generated. This allows you to configure a custom user system to access PDS. The following access solutions are provided.

    (1) Use JWT (recommended)

    Use standard JWT to generate access tokens for PDS. For more information, see Access for JWT applications.

    (2) Call AccessKey-based API operations

    Call AccessKey-based API operations to obtain access tokens for PDS. For more information, see Access by calling AccessKey-based API operations.