API Overview
Token Management
API | Description |
|---|---|
Obtain a user token through username/password-based authentication. | |
Obtain an agency token. | |
Check the validity of a specified token. If the token is valid, detailed information about the token will be returned. | |
Provided for the administrator to verify the token of a user or provided for a user to verify their token. The administrator can only verify the token of a user created using the account. If the verified token is valid, 200 is displayed. | |
Delete a token no matter whether the token has expired or not. |
Access Key Management
API | Description |
|---|---|
Obtain a temporary access key (AK/SK) and security token. | |
Provided for the administrator to create a permanent access key for a user or provided for a user to create a permanent access key for themselves. | |
Provided for the administrator to list all permanent access key of a user or provided for a user to list all of their permanent access keys. | |
Provided for the administrator to query the specified permanent access key of a user or provided for a user to query one of their permanent access keys. | |
Provided for the administrator to modify the specified permanent access key of a user or provided for a user to modify one of their permanent access keys. | |
Provided for the administrator to delete the specified permanent access key of a user or provided for a user to delete one of their permanent access keys. |
Region Management
API | Description |
|---|---|
List all regions. | |
Query region details. |
Project Management
API | Description |
|---|---|
Query project information. | |
Query the project list of a specified user. | |
List the projects in which resources are accessible to a specified user. | |
Create a project. | |
Modify the details of a project. | |
Query the detailed information about a project based on the project ID. | |
Change the status of a specified project. The project status can be normal or suspended. | |
Query the details and status of a project. | |
Query the quotas of a specified project. |
Tenant Management
API | Description |
|---|---|
Query the list of domains accessible to users. | |
Query the password strength policy, including its regular expression and description. | |
Query the regular expression or description of the password strength policy configured for a specified account. | |
Query a resource quota. You can query the quota of users, user groups, identity providers, agencies, and policies. |
User Management
API | Description |
|---|---|
List all users. | |
Query the detailed information about a specified user. | |
Provided for the administrator to query the details about a specified user or provided for a user to query their details. | |
Query the information about the groups which a specified user belongs to. | |
Provided for the administrator to query the users in a user group. | |
Provided for the administrator to create a user. | |
Create a user under a domain. | |
Change the password for a user. | |
Modify user information under a domain. | |
Provided for users to modify their information. | |
Provided for the administrator to modify user information. | |
Provided for the administrator to delete a user. | |
Delete a user from a user group. |
User Group Management
API | Description |
|---|---|
Provided for the administrator to list all user groups. | |
Provided for the administrator to query user group information. | |
Provided for the administrator to create a user group. | |
Provided for the administrator to add a user to a specified user group. | |
Provided for the administrator to update user group information. | |
Provided for the administrator to delete a user group. | |
Provided for the administrator to check whether a user belongs to a specified user group. |
Permission Management
API | Description |
|---|---|
Provided for the administrator to list all permissions. | |
Provided for the administrator to query permission information. | |
Query the permissions of a specified user group under a domain. | |
Query the permissions of a specified user group for a project. | |
Grant permissions to a specified user group under a domain. | |
Grant permissions to a specified user group for a project. | |
Delete permissions of a user group corresponding to a project. | |
Delete permissions of a specified user group of a domain. | |
Query whether a specified user group under a domain has specific permissions. | |
Query whether a user group corresponding to a project has specific permissions. | |
Grant permissions to a user group. | |
Provided for the administrator to remove the specified permissions of a user group in all projects. | |
Provided for the administrator to check whether a user group has specified permissions for all projects. | |
Provided for the administrator to query all permissions that have been assigned to a user group. |
Custom Policy Management
API | Description |
|---|---|
Provided for the administrator to list all custom policies. | |
Provided for the administrator to query custom policy details. | |
Provided for the administrator to create a custom policy for cloud services. | |
Provided for the administrator to create a custom policy for agencies. | |
Provided for the administrator to modify a custom policy for cloud services. | |
Provided for the administrator to modify a custom policy for agencies. | |
Provided for the administrator to delete a custom policy. |
Agency Management
API | Description |
|---|---|
Create an agency. | |
Query an agency list based on the specified conditions. | |
Query the details of a specified agency. | |
Modify agency information, including the trust_domain_id, description, and trust_domain_name parameters. | |
Delete an agency. | |
Grant permissions to an agency for a project. | |
Check whether an agency has the specified permissions on a project. | |
Query the list of permissions of an agency on a project. | |
Delete permissions of an agency on a project. | |
Grant permissions to an agency on a domain. | |
Check whether an agency has the specified permissions on a domain. | |
Query the list of permissions of an agency on a domain. | |
Delete permissions of an agency on a domain. | |
Provided for the administrator to query all permissions that have been assigned to an agency. | |
Provided for the administrator to grant specified permissions to an agency for all projects. | |
Provided for the administrator to check whether an agency has specified permissions. | |
Provided for the administrator to remove the specified permissions of an agency in all projects. |
Security Settings
API | Description |
|---|---|
Query the operation protection policy. | |
Provided for the administrator to modify the operation protection policy. | |
Query the password policy. | |
Provided for the administrator to modify the password policy. | |
Query the login authentication policy. | |
Provided for the administrator to modify the login authentication policy. | |
Query the ACL for console access. | |
Provided for the administrator to modify the ACL for console access. | |
Query the ACL for API access. | |
Provided for the administrator to modify the ACL for API access. | |
Provided for the administrator to query the MFA device information of users. | |
Provided for the administrator to query the MFA device information of a specified user or provided for a user to query their MFA device information. | |
Provided for the administrator to query the login protection configurations of users. | |
Used by the administrator to query the login protection configuration of a specified user or used by a user to query their login protection configuration. | |
Provided for the administrator to modify the login protection configuration of a user. | |
Bind a virtual MFA device to a user. | |
Unbind the virtual MFA device bound to a user. | |
Create a virtual MFA device for a user. | |
Provided for the administrator to delete the virtual MFA device created for a user. |
Enterprise Project Management
API | Description |
|---|---|
Query the user groups associated with the enterprise project of a specified ID. | |
Query the permissions of a user group associated with the enterprise project of a specified ID. | |
Grant permissions to a user group associated with the enterprise project of a specified ID. | |
Remove the permissions of a user group associated with an enterprise project. | |
Query the enterprise projects associated with a user group. | |
Query the enterprise projects associated with a user. | |
Query the users directly associated with a specified enterprise project. | |
Query the permissions of a user directly associated with a specified enterprise project. | |
Grant permissions to a user for an enterprise project. | |
Remove the permissions of a user directly associated with a specified enterprise project. |
Federated Identity Authentication Management
API | Description |
|---|---|
Obtain a federated authentication token using the OpenStack Client or ShibbolethECP Client. | |
Obtain a federated authentication token in the IdP-initiated mode. The Client4ShibbolethIdP script is used as an example. | |
List all identity providers. | |
Query the details about an identity provider. | |
Provided for the administrator to create an identity provider. | |
Provided for the administrator to create an OpenID Connect identity provider. | |
Provided for the administrator to update an identity provider. | |
Provided for the administrator to modify an OpenID Connect identity provider. | |
Provided for the administrator to query an OpenID Connect identity provider. | |
Provided for the administrator to delete an identity provider. | |
List all mappings. | |
Query the information about a mapping. | |
Provided for the administrator to register a mapping. | |
Provided for the administrator to update a mapping. | |
Provided for the administrator to delete a mapping. | |
List all protocols. | |
Query the details of a protocol. | |
Provided for the administrator to register a protocol, that is, to associate a protocol with an identity provider. | |
Provided for the administrator to update the protocol associated with a specified identity provider. | |
Provided for the administrator to delete the protocol associated with a specified identity provider. | |
Provided for the administrator to query the metadata file imported to IAM for an identity provider. | |
Query the metadata file of Keystone. | |
Provided for the administrator to import a metadata file. | |
Obtain an unscoped token through SP-initiated federated identity authentication. | |
Obtain an unscoped token through IdP-initiated federated identity authentication. | |
Obtain a scoped token through federated identity authentication. | |
Obtain a federated identity authentication token using an OpenID Connect ID token. | |
Obtain an unscoped token using an OpenID Connect ID token. | |
List the accounts whose resources are accessible to federated users. | |
List the projects in which resources are accessible to federated users. |
Custom Identity Brokers
API | Description |
|---|---|
Obtain a token for logging in through a custom identity broker. |
Version Information Management
API | Description |
|---|---|
Query the version information of Keystone APIs. | |
Obtain the information about Keystone API 3.0. |
Services and Endpoints
API | Description |
|---|---|
List all services. | |
Query the details of a service. | |
Query the service catalog corresponding to X-Auth-Token contained in the request. | |
List all endpoints. | |
Query the details of an endpoint. |
- Token Management
- Access Key Management
- Region Management
- Project Management
- Tenant Management
- User Management
- User Group Management
- Permission Management
- Custom Policy Management
- Agency Management
- Security Settings
- Enterprise Project Management
- Federated Identity Authentication Management
- Custom Identity Brokers
- Version Information Management
- Services and Endpoints