IAM API

Overview

This API allow you to create child API user and to control to access each API resource.
Account created on business portal can create child API user and can manage role to access each API resource.
We named the account the role manager.
The role manager can create child API users, usergroups, and roles by API. And if you want to validate the role of child API user, you have to make the child API user belong to the usergroup, the role belong to the usergroup.
Immediately after creating, child API user can't use all API because child API user don't belong any usergroups and any roles.

- USER

　Child API user account was created by the roles manager. Child API user can use API in role set by the role manager.

- USERGROUP

Usergroup is a set of child API users.

- ROLE

Role is a set of allowed APIs, source IP address, and others.
The role manager can set some entities* to a role.

*entity: In network service, if you set a network contract ID to a Role, child API user can request only network API had the ID.

Child API user, usergroup, and role relationship

Child API user, usergroup, and role relationship is below the figure.
iam_relation

Evaluation IAM Logic

Child API user can belong to multiple usergroups, usergroup can have multiple roles.
Logic judgment in the case of attached multiple roles is below the figure.
logic
① Written multiple authrise in a role is "OR"
② Attached multiple role with a usergroup is "AND"
③ Attached multiple usergroup with a user is "OR"

Caution of using role manager's API key

The role manager can use all API. You should use the role manager's API key when you use manager's API -e.g. IAM API. We recommend using API key of child API user when you use other API.

How to use this API

Flow of Seting IAM below.

1.Create child API user, usergroup, and role

First, you need to create child API user, usergroup, and role in no particular order.

Create child API user
Create usergroup
Create role

2.Attach child API user to usergroup, role to usergroup

Second, you need to attach child API user to usergroup, role to usergroup in no particular order.

Attach child API user to usergroup
Attach usergroup to role

Resource URL

Please use global common domain ,or the individual region domain.
If you want to use the global common domain, depending on the circumstances of your available points, and then connect to the nearest API gateway.¹

1.Base Path(Global Load Balance)

https://api.ntt.com/v1/oauth/accesstokens

2.Base Path(Region)

https://{region}.api.ntt.com/v1/oauth/accesstokens

region is jp|us|uk
e.g. https://us.api.ntt.com/v1/oauth/accesstokens

Resource Information

Key	Value
Response Format	JSON
Authorization(OAuth)	Yes
Rate Limiting#1	Yes

#1 appropriate flow restriction

Create child API user

Create child API user using API.

POST /v1/iam/users

Request Parameters

Name	Description	Type	Mandatory	Notes
mail	Creating child API user's mail address	JSON	Yes	Mail must be no longer than 60 characters. Mail can contail (-),(_),('),(.).
portalUse	Use of develoerp portal #1	JSON	Yes
distributorFlag	Creating child API user's affiliation #2	JSON	Yes
password	Child API user's developer portal password	JSON	No	If portalUse is "1", password is mandatory. Password must have at least 1 uppercase letter and at least 1 lowercase letter and at least number and at least 8 digits and at most 60 digits.

#1 0: Don't use / 1: use
#2 0: your company's person / 1: enduser of wholesale

Example Request

 POST /v1/iam/users
 [
    {
        "mail":"test@example.com",
        "portalUse":"1",
        "password":"xxxxxx",
        "distributorFlag":"0"
    }
 ]

Response Parameters

Name	Description	type
consumerKey	Child API user's API Key	String
consumerSecret	Child API user's API Secret	String
distributorFlag	Child API user's affiliation	Int
mail	Child API user's mail address	String
portalUse	Child API user's portalUse status	Int
uuid	Child API user's user ID	String

Example Result

{
    "users": [
        {
            "consumerKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 
            "consumerSecret": "xxxxxxxxxxxxxxxx", 
            "distributorFlag": 0, 
            "mail": "test01@example.com", 
            "portalUse": 1, 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Confirm child API list

GET /v1/iam/users

Request Parameters

none

Example Request

 GET /v1/iam/users

Response Parameters

Name	Description	type
distributorFlag	Child API user's affiliation 0:your company's person 1:enduser of wholesale	Int
mail	Child API user's mail address	String
portalUse	Child API user's portalUse status 0:Don't use 1:use	Int
uuid	Child API user's user ID	String

Example Result

{
    "count": 3, 
    "users": [
        {
            "distributorFlag": 0, 
            "mail": "test01@example.com", 
            "portalUse": 1, 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }, 
        {
            "distributorFlag": 0, 
            "mail": "test02@example.com", 
            "portalUse": 1, 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }, 
        {
            "distributorFlag": 0, 
            "mail": "test03@example.com", 
            "portalUse": 0, 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Confirm child API user's information

GET /v1/iam/users/{userId}

Request Parameters

Name	Description	Type	Mandatory	Notes
userId	Child API user's user ID	Path	Yes

Example Request

 GET /v1/iam/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type
distributorFlag	Child API user's affiliation 0:your company's person 1:enduser of wholesale	Int
mail	Child API user's mail address	String
portalUse	Child API user's portalUse status 0:Don't use 1:use	Int
uuid	Child API user's user ID	String

Example Result

{
    "users": [
        {
            "distributorFlag": 0, 
            "mail": "test03@example.com", 
            "portalUse": 0, 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Modify child API user's information

Child API user's information can be changed is only portalUse status.

PUT /v1/iam/users/{userId}

Request Parameters

Name	Description	Type	Mandatory	Notes
userId	Target child API user's user ID	Path	Yes
portalUse	Child API user’s portalUse status 0:Don't use 1:use	JSON	Yes

Example Request

 PUT /v1/iam/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    {
        "portalUse": "1"
    }

Response Parameters

Name	Description	type
distributorFlag	Child API user's affiliation	Int
mail	Child API user's mail address	String
portalUse	Child API user’s portalUse status	Int
uuid	Child API user's UUID	String

Example Result

{
    "users": [
        {
            "distributorFlag": 0, 
            "mail": "test03@example.com", 
            "portalUse": 1, 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

DELETE API user

DELETE /v1/iam/users/{userId}

Request Parameters

Name	Description	Type	Mandatory	Notes
userId	deleted child API user's uuid	Path	Yes

Example Request

 DELETE /v1/iam/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type	mandatory
uuid	deleted child API user's userId	String

Example Result

{
    "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Confirm child API user's API key information

GET /v1/iam/users/{userId}/keys

Request Parameters

Name	Description	Type	Mandatory	Notes
userId	Child API user ID confirmed API Key	Path	Yes

Example Request

 GET /v1/iam/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/keys

Response Parameters

Name	Description	type
consumerKey	Child API user's API Key	String
consumerSecret	Child API user's API Secret	String
status	API Key status (approved/revoke)	String
uuid	Child API user's UUID confirmed API Key	String

Example Result

{
    "consumerKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 
    "consumerSecret": "xxxxxxxxxxxxxxxx", 
    "status": "approved", 
    "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Regenerate child API user's API Key

POST /v1/iam/users/{userId}/keys

Request Parameters

Name	Description	Type	Mandatory	Notes
userId	Child API user ID regenerated API Key	Path	Yes

Example Request

 POST /v1/iam/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/keys

Response Parameters

Name	Description	type
consumerKey	Child API user's new API Key	String
consumerSecret	Child API user's new API Secret	String
uuid	Child API user's UUID regenerated API Key	String

Example Result

{
    "consumerKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 
    "consumerSecret": "xxxxxxxxxxxxxxxx", 
    "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Change approval status of API Key

POST /v1/iam/users/{userId}/keys/{API Key}

Request Parameters

Name	Description	Type	Mandatory
userId	Target child API user's user ID	Path	Yes
API Key	API Key changed approval status	Path	Yes
action	Approval status　(approve/revoke)	query argument	Yes

Example Request

 POST /v1/iam/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/keys/***********

Response Parameters

Name	Description	type
consumerKey	Child API user's API Key	String
consumerSecret	Child API user's API Secret	String
status	Approval status of API Key　(approved/revoked)	String
uuid	Child API user's UUID changed approval status of API key	String

Example Result

{
    "consumerKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 
    "consumerSecret": "xxxxxxxxxxxxxxxx", 
    "status": "revoked", 
    "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Create usergroup

POST /v1/iam/groups

Request Parameters

Name	Description	Type	Mandatory	Notes
groupName	A creating usergroup's name	JSON	Yes

Example Request

 POST /v1/iam/groups
{
    "groupName":"example_group"
}

Response Parameters

Name	Description	type	mandatory
groupName	A created usergroup's name	String
uuid	A created usergroup's groupId	String

Example Result

{
    "groups": [
        {
            "groupName": "example_group", 
            "roles": [], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Confirm usergroup list

GET /v1/iam/groups

Request Parameters

none

Example Request

 GET /v1/iam/groups

Response Parameters

Name	Description	type
groupName	Usergroup's name	String
roleId	Role's UUID to which the usergroup belongs	String
uuid	Usergroup's group ID	String

Example Result

{
    "count": 10, 
    "cursor": "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX", 
    "groups": [
        {
            "groupName": "example_group01", 
            "roles": [
                {
                    "roleId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }, 
        {
            "groupName": "example_group02", 
            "roles": [
                {
                    "roleId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }, 
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
        {
            "groupName": "example_group09", 
            "roles": [
                {
                    "roleId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }, 
        {
            "groupName": "example_group10", 
            "roles": [
                {
                    "roleId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Confirm the usergroup

GET /v1/iam/groups/{groupId}

Request Parameters

Name	Description	Type	Mandatory	Notes
groupId	Usergroup's UUID	Path	Yes

Example Request

 GET /v1/iam/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type
groupName	Usergroup's name	String
roleId	Role's UUID to which the usergroup belongs	String
uuid	Usergroup's group ID	String

Example Result

{
    "groups": [
        {
            "groupName": "example_group", 
            "roles": [
                {
                    "roleId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Update usergroup's name

PUT /v1/iam/groups/{groupId}

Request Parameters

Name	Description	Type	Mandatory	Notes
groupId	Usergroup's UUID	Path	Yes
groupName	Usergroup's name of post-update	JSON	Yes

Example Request

 PUT /v1/iam/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
{
"groupName": "new_group_name"
}

Response Parameters

Name	Description	type
groupName	Updated usergroup's name	String
roleId	Role's UUID to which the usergroup belongs	String
uuid	Updated usergroup's groupId	String

{
    "groups": [
        {
            "groupName": "new_group_name", 
            "roles": [
                {
                    "roleId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Delete usergroup

*You need braking away the role from usergroup before delete usergroup.

DELETE /v1/iam/groups/{groupId}

Request Parameters

Name	Description	Type	Mandatory	Notes
groupId	Deleting usergroup's UUID	Path	Yes

Example Request

 DELETE /v1/iam/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type	mandatory
groupName	Deleted usergroup's name	String
uuid	Deleted usergroup's groupId	String

{
    "groups": [
        {
            "groupName": "example_group", 
            "resources": [], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Confirm child API user list to belong to a particular group

GET /v1/iam/groups/{groupId}/users

Request Parameters

Name	Description	Type	Mandatory	Notes
groupId	Usergroup's UUID	Path	Yes

Example Request

 GET /v1/iam/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/users

Response Parameters

Name	Description	type	mandatory
userId	User's UUID to which the usergroup belongs	String
uuid	Usergroup's groupId	String

{
    "count": 1, 
    "groups": [
        {
            "users": [
                {
                    "userId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Attach user to usergroup

PUT /v1/iam/groups/{groupId}/users/{userId}

Request Parameters

Name	Description	Type	Mandatory	Notes
groupId	Usergroup's UUID attaching user	Path	Yes
userId	Attaching child API user's UUID	Path	Yes

Example Request

 PUT /v1/iam/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type	mandatory
userId	Attached child API user's UUID	String
uuid	Usergroup's groupId attached user	String

{
    "groups": [
        {
            "users": [
                {
                    "userId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Detach user from usergroup

DELETE /v1/iam/groups/{groupId}/users/{userId}

Request Parameters

Name	Description	Type	Mandatory	Notes
groupId	Usergroup's UUID	Path	Yes
userId	Detaching child API user's UUID	Path	Yes

Example Request

 DELETE /v1/iam/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type	mandatory
userId	Detached child API user's UUID	String
uuid	Usergroup's groupId	String

{
    "groups": [
        {
            "users": [
                {
                    "userId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Confirm status of attaching user to usergroup

GET /v1/iam/groups/{groupId}/users/{userId}

Request Parameters

Name	Description	Type	Mandatory	Notes
groupId	Usergroup's UUID	Path	Yes
userId	child API user's UUID	Path	Yes

Example Request

 GET /v1/iam/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type	mandatory
userId	Child API user's UUID	String
uuid	Usergroup's groupId	String

{
    "count": 1, 
    "groups": [
        {
            "users": [
                {
                    "userId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Attach role to usergroup

PUT /v1/iam/groups/{groupId}/roles/{roleId}

Request Parameters

Name	Description	Type	Mandatory	Notes
groupId	Usergroup's UUID	Path	Yes
roleId	Role's UUID	Path	Yes

Example Request

 PUT /v1/iam/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/roles/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type
groupName	Usergroup's name	String
roleId	Role's UUID	String
uuid	Usergroup's groupId	String

{
    "groups": [
        {
            "groupName": "example_group01", 
            "roles": [
                {
                    "roleId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                }
            ], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Detach role from usergroup

DELETE /v1/iam/groups/{groupId}/roles/{roleId}

Request Parameters

Name	Description	Type	Mandatory	Notes
groupId	Usergroup's UUID	Path	Yes
roleId	Role's UUID	Path	Yes

Example Request

 DELETE /v1/iam/groups/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/roles/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type	mandatory
groupName	Usergroup's name	String
uuid	Usergroup's groupId	String

{
    "groups": [
        {
            "groupName": "example_group01", 
            "roles": [], 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Create role

You can create API role by white list.

POST /v1/iam/roles

Request Parameters

Name	Description	Type	Mandatory	Notes
roleName	Role's name	JSON	Yes
basePath	API's name #1	JSON	Yes	Wildcard is *.
ipAddress	Source IP address #2	JSON	Yes	Wildcard is *.
path	API resource name #3	JSON	Yes	Wildcard is *.
verb	Method name #4	JSON	Yes	Wildcard is *.

#1 How to write basePath

API Name	value
Business Process API	/business-process
APILog API	/apilog
Cloudⁿ Compute API	/cloudn
Arcstar Universal One Mobile Global M2M API	/global-m2m
Enterprise Cloud API	/ec-vcd/api
Nexcenter API	/nexcenter

#2 How to write ipAddress
192.168.0.10/24 or 192.168.0.2

#3 How to write path

API Name	value
Business Process API	/contracts, /tickets, etc
APILog API	-
Cloudⁿ Compute API	/compute
Arcstar Universal One Mobile Global M2M API	/connectivitydirectory, /subscriptionstatus, etc
Enterprise Cloud API	/login, /vAPP, etc
Nexcenter	/data_centers, /entry_apply, etc

#4 GET,POST,PUT,DELETE

Example Request

 POST /v1/iam/roles
{
    "resources": [
        {
            "basePath": "*", 
            "ipAddress": "*", 
            "path": "*", 
            "verb": "*"
        }
    ], 
    "roleName": "example_role01"
}

Response Parameters

Name	Description	type	mandatory
roleName	Role's name	JSON	Yes
basePath	API's name	JSON
ipAddress	Source IP address	JSON
path	API resource name	JSON
verb	Method name	JSON
uuid	Role's roleId	JSON	Yes

Example Result

{
    "roles": [
        {
            "resources": [
                {
                    "basePath": "*", 
                    "ipAddress": "*", 
                    "path": "*", 
                    "verb": "*"
                }
            ], 
            "roleName": "example_role01", 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Confirm role list

GET /v1/iam/roles

Request Parameters

None

Example Request

 GET /v1/iam/roles

Response Parameters

Name	Description	type	mandatory
basePath	API's name	JSON
ipAddress	Source IP address	JSON
path	API resource name	JSON
verb	Method name	JSON
roleName	Role's name	String	Yes
uuid	Role's roleId	JSON	Yes

Example Result

{
    "count": 10, 
    "cursor": "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX", 
    "roles": [
        {
            "resources": [
                {
                    "basePath": "*", 
                    "ipAddress": "*", 
                    "path": "*", 
                    "verb": "*"
                }
            ], 
            "roleName": "example_role01", 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        },
        {
            "resources": [
                {
                    "basePath": "/v1/business-process", 
                    "ipAddress": "xx.xx.xx.xx/xx", 
                    "path": "/contracts", 
                    "verb": "GET"
                }
            ], 
            "roleName": "example_role02", 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }, 
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
        {
            "resources": [], 
            "roleName": "example_role09", 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }, 
        {
            "resources": [
                {
                    "basePath": "/v1/cloudn", 
                    "ipAddress": "*", 
                    "path": "/compute", 
                    "verb": "*"
                }
            ], 
            "roleName": "example_role10", 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        },
    ]
}

Confirm a specific role

GET /v1/iam/roles/{roleId}

Request Parameters

Name	Description	Type	Mandatory	Notes
roleId	Role's UUID	Path	Yes

Example Request

 GET /v1/iam/roles/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type	mandatory
basePath	API's name	JSON
ipAddress	Source IP address	JSON
path	API resource name	JSON
verb	Method name	JSON
roleName	Role's name	String	Yes
uuid	Role's roleId	JSON	Yes

Example Result

{
    "roles": [
        {
            "resources": [
                {
                    "basePath": "*", 
                    "ipAddress": "*", 
                    "path": "*", 
                    "verb": "*"
                }
            ], 
            "roleName": "example_role01", 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Update a specific role

PUT /v1/iam/roles/{roleId}

Request Parameters

Name	Description	Type	Mandatory
roleId	Role's UUID	Path	Yes
roleName	Role's name	JSON
basePath	API's name	JSON
ipAddress	Source IP address	JSON
path	API resource name	JSON
verb	Method name	JSON

You have to send all data with the data to be changed.

Example Request

Pattern 1

 PUT /v1/iam/roles/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
{
    "roleName": "new_role_name"
}

Pattern 2

 PUT /v1/iam/roles/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
{
    "resources": [
        {
            "basePath": "*", 
            "ipAddress": "*", 
            "path": "/compute", 
            "verb": "*"
        }
    ]
}

Response Parameters

Name	Description	type	mandatory
basePath	API's name	JSON
ipAddress	Source IP address	JSON
path	API resource name	JSON
verb	Method name	JSON
roleName	Role's name	String	Yes
uuid	Role's roleId	JSON	Yes

Example Result

{
    "roles": [
        {
            "resources": [
                {
                    "basePath": "*", 
                    "ipAddress": "*", 
                    "path": "/compute", 
                    "verb": "*"
                }
            ], 
            "roleName": "new_role_name", 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Delete role

DELETE /v1/iam/roles/{roleId}

Request Parameters

Name	Description	Type	Mandatory	Notes
roleId	Role's UUID	Path	Yes

Example Request

 DELETE /v1/iam/roles/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Response Parameters

Name	Description	type	mandatory
basePath	API's name	JSON
ipAddress	Source IP address	JSON
path	API resource name	JSON
verb	Method name	JSON
roleName	Role's name	String	Yes
uuid	Role's roleId	JSON	Yes

Example Result

{
    "roles": [
        {
            "resources": [
                {
                    "basePath": "*", 
                    "ipAddress": "*", 
                    "path": "*", 
                    "verb": "*"
                }
            ], 
            "roleName": "example_role01", 
            "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    ]
}

Dec. 2014 currently, DNS round robin operation. Apr. 2015 or later, API request will automatically connect to geographically close API gateway ↩

Search form

You are here

Overview

- USER

- USERGROUP

- ROLE

Child API user, usergroup, and role relationship

Evaluation IAM Logic

Caution of using role manager's API key

How to use this API

1.Create child API user, usergroup, and role

2.Attach child API user to usergroup, role to usergroup

Resource URL

Resource Information

Create child API user

Request Parameters

Example Request

Response Parameters

Example Result

Confirm child API list

Request Parameters

Example Request

Response Parameters

Example Result

Confirm child API user's information

Request Parameters

Example Request

Response Parameters

Example Result

Modify child API user's information

Request Parameters

Example Request

Response Parameters

Example Result

DELETE API user

Request Parameters

Example Request

Response Parameters

Example Result

Confirm child API user's API key information

Request Parameters

Example Request

Response Parameters

Example Result

Regenerate child API user's API Key

Request Parameters

Example Request

Response Parameters

Example Result

Change approval status of API Key

Request Parameters

Example Request

Response Parameters

Example Result

Create usergroup

Request Parameters

Example Request

Response Parameters

Example Result

Confirm usergroup list

Request Parameters

Example Request

Response Parameters

Example Result

Confirm the usergroup

Request Parameters

Example Request

Response Parameters

Example Result

Update usergroup's name

Request Parameters

Example Request

Response Parameters

Delete usergroup

Request Parameters

Example Request

Response Parameters

Confirm child API user list to belong to a particular group

Request Parameters