User management API

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
All documents
menu
No results found, please re-enter

IAM IAM

  • API Reference
    • Common request header and common response header
    • Data type
    • Error code
    • Feature Update Records
    • General Description
    • Introduction
    • Service domain
    • STS-Related Interfaces
  • API Reference_IAM
    • Common request header and common response header
    • Data type
    • Error code
    • General Description
    • Group management API
    • Introduction
    • Policy management API
    • Role Management Interfaces
    • Service domain
    • User management API
  • FAQs
    • Common Questions Overview
    • FAQs related to IAM users
    • FAQs related to product permissions
  • Function Release Records
  • Operation guide
    • Account Security Audit
    • Enterprise Account Integration
      • Federated Login Overview
      • IAM Role-based SSO
      • IAM User-based SSO
    • Group Management
    • Message Center
    • Permission Policies
      • ACL
      • Authorization
      • Managing IAM Policies
      • Permission Policy Overview
      • Policy Authentication Evaluation Logic
      • Strategy type
      • Tag-Based Authorization and Authentication
    • Role Management
      • Common scenarios
      • Create role
      • FAQs
      • Managing Roles
      • Overview
      • Related concepts
      • Using Roles
    • Settings
    • User
      • IAM User Operations
      • Two-Factor Authentication
      • User management
    • User Anomaly Behavior Analysis (Public Beta)
      • Risk Behavior Management
  • Operation records
    • Cloud Trail (Public Beta)
  • Product Announcement
    • Baidu Intelligent Cloud Enables Login Protection MFA Multi-Factor Authentication Notification for All Users
  • Product Description
    • Application scenarios
    • Concepts
    • Currently Supported Product Lines
    • Product functions
    • Product overview
    • System Restrictions
    • Enterprise Organization vs Identity and Access Management
  • Product pricing
    • Product pricing
  • Quick Start
    • Create groups and grant permissions
    • Creating IAM User Administrators
  • SDK
    • Go-SDK
      • Error handling
      • Group management API
      • Initialize SDK
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Java-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
    • Python-SDK
      • Error code
      • Group management API
      • Initialization
      • Install the SDK Package
      • Overview
      • Policy management API
      • Role Management Interfaces
      • User management API
      • Version Change Records
  • Testing Knowledge Base SDK
  • Typical Practices
    • Baidu Intelligent Cloud Partner Guide to Creating IAM Users
    • User Management and Permission Assignment
  • Document center
  • arrow
  • IAMIAM
  • arrow
  • API Reference_IAM
  • arrow
  • User management API
Table of contents on this page
  • Create User
  • Query user
  • Update user
  • Delete user
  • List users
  • Configure console login for the user
  • Query console login configuration
  • Disable console login configuration
  • Modify IAM user operation protection
  • Modify IAM User Password
  • Create user's AccessKey
  • Disable user's AccessKey
  • Enable user's AccessKey
  • Delete user's AccessKey
  • List user's AccessKeys
  • Query the last usage time of AccessKey by the user
  • Unbind virtual MFA of the IAM User
  • Query IAM user-based SSO information
  • Update user-based SSO status
  • Update IAM user-based SSO configuration
  • Delete IAM user-based SSO configuration
  • Query root account overview information

User management API

Updated at:2025-10-27

Create User

API description

Create a user.

Request structure

Plain Text 
1POST /v1/user HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
name String RequestBody Username Yes
description String RequestBody User description No

Response headers

There are no special headers required beyond the common headers.

Response parameters

[UserModel](IAM/API Reference_IAM/Data type.md#UserModel) object

Request example

Plain Text 
1  POST /v1/user HTTP/1.1
2  Host: iam.bj.baidubce.com
3  content-type: application/json
4  Content-Length: 20
5  Authorization: AuthorizationString
6  
7  {"name":"test-user"}

Response example

Plain Text 
1	HTTP/1.1 201 Created     
2  Content-Type: application/json;charset=UTF-8     
3  X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4  Server: BWS           
5 {
6     "id": "f4225c39ba2247b692eec7b461835aa1",
7     "createTime": "2019-06-06T03:42:13Z",
8     "name": "test-user"
9 }

Query user

API description

Query a user.

Request structure

Plain Text 
1  GET /v1/user/{userName} HTTP/1.1
2  Host: iam.bj.baidubce.com
3  Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[UserModel](IAM/API Reference_IAM/Data type.md#UserModel) object

Request example

Plain Text 
1GET /v1/user/test-user HTTP/1.1
2Host: iam.bj.baidubce.com
3content-type: application/json
4Authorization: AuthorizationString

Response example

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

{ "id": "f4225c39ba2247b692eec7b461835aa1", "createTime": "2019-06-06T03:42:13Z", "name": "test-user" }

Update user

API description

Update a user.

Request structure

Plain Text 
1 PUT /v1/user/{userName} HTTP/1.1
2 Host: iam.bj.baidubce.com
3 Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes
name String RequestBody Updated user name No
description String RequestBody User description No

Response headers

There are no special headers required beyond the common headers.

Response parameters

[UserModel](IAM/API Reference_IAM/Data type.md#UserModel) object

Request example

Plain Text 
1 PUT /v1/user/test-user HTTP/1.1
2 Host: iam.bj.baidubce.com
3 content-type: application/json
4 Content-Length: 34
5 Authorization: AuthorizationString
6 
7 {"description":"update user demo"}

Response example

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
Server: BWS

{ "id": "f4225c39ba2247b692eec7b461835aa1", "createTime": "2019-06-06T03:42:13Z", "name": "test-user" }

Delete user

API description

Delete a user.

Note: Before deleting an IAM user, the user must disassociate all related objects, including permission policies, groups, and AccessKeys.

Request structure

Plain Text 
1DELETE /v1/user/{userName} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

User object

Request example

Plain Text 
1DELETE /v1/user/test-user HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 204 No Content
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
3Server: BWS

List users

API description

List all users.

Request structure

Plain Text 
1GET /v1/user HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

None. Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
users List<[UserModel](IAM/API Reference_IAM/Data type.md#UserModel)> List of user objects

Request example

Plain Text 
1GET /v1/user HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
4Server: BWS
5{
6    "users": [
7        {
8            "id": "f4225c39ba2247b692eec7b461835aa1",
9            "createTime": "2019-06-06T03:42:13Z",
10            "name": "test-user"
11        }
12    ]
13}

Configure console login for the user

API description

Set up console login for a user, which includes configuring a login password, enabling MFA for login, and binding third-party accounts.

Request structure

Plain Text 
1PUT /v1/user/{userName}/loginProfile HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes
loginProfile [LoginProfile](IAM/API Reference_IAM/Data type.md#LoginProfile) RequestBody Console login configuration Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[LoginProfile](IAM/API Reference_IAM/Data type.md#LoginProfile) object

Request example

Plain Text 
1PUT /v1/user/test-user/loginProfile HTTP/1.1
2Host: iam.bj.baidubce.com
3content-type: application/json
4Content-Length: 76
5Authorization: AuthorizationString
6{"password":"Pa$$word4Demo", "enabledLoginMfa":true, "loginMfaType":"PHONE",
7"thirdPartyType":"PASSPORT", "thirdPartyAccount":"test-passportAccount"}

Note: If setting enabledLoginMfa":true, it is necessary to specify loginMfaType.

Response example

Plain Text 
1HTTP/1.1 200 OK     
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS     
5{
6    "enabledLogin": true,
7    "enabledLoginMfa": true,
8    "loginMfaType": "PHONE",
9    "thirdPartyType":"PASSPORT",
10    "thirdPartyAccount":"test-passportAccount"
11}

Query console login configuration

API description

View the console login configuration for a user.

Request structure

Plain Text 
1GET /v1/user/{userName}/loginProfile HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[LoginProfile](IAM/API Reference_IAM/Data type.md#LoginProfile) object

Request example

Plain Text 
1GET /v1/user/test-user/loginProfile HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK     
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS     
5{
6    "enabledLogin": true,
7    "enabledLoginMfa": true,
8    "loginMfaType": "PHONE",
9    "thirdPartyType":"PASSPORT",
10    "thirdPartyAccount":"test-passportAccount"
11}

Disable console login configuration

API description

Disable a user's console login configuration, effectively deactivating their console login access.

Request structure

Plain Text 
1DELETE /v1/user/{userName}/loginProfile HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1DELETE /v1/user/test-user/loginProfile HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK     
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
3Server: BWS

Modify IAM user operation protection

API description

Change the IAM user operation protection settings, such as enabling or disabling this feature.

Request structure

Plain Text 
1POST /v1/user/operation/mfa/switch HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String RequestBody Username of the IAM User to be updated Yes
enabledMfa Boolean RequestBody Enable or disable IAM User Operation Protection Yes
mfaType String RequestBody IAM user operation protection type No

Response headers

There are no special headers required beyond the common headers.

Response parameters

None.

Request example

Plain Text 
1POST /v1/user/operation/mfa/switch HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString
4{"userName":"test-username", "enabledMfa":true, "mfaType":"PHONE,TOTP"}

Note: If setting "enabledMfa":true, it is necessary to specify mfaType.

Response example

Plain Text 
1HTTP/1.1 200 OK     
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
3Server: BWS

Modify IAM User Password

API description

Change an IAM user's password without modifying the existing console login configurations for IAM user access.

Request structure

Plain Text 
1PUT /v1/subUser/{userName}/update HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes
password String RequestBody Updated password No

Response headers

There are no special headers required beyond the common headers.

Response parameters

[UserModel](IAM/API Reference_IAM/Data type.md#UserModel) object

Request example

Plain Text 
1PUT /v1/subUser/test-username/update HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString
4{
5    "password": "passwordDemo@$$"
6}

Response example

Plain Text 
1HTTP/1.1 200 OK     
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
3Server: BWS     
4{
5    "id": "f4225c39ba2247b692eec7b461835aa1",
6    "name": test-username,
7    "createTime": "2023-02-19T03:42:13Z",
8    "enable":"true",
9    "description":"test update sub user password"
10}

Create user's AccessKey

API description

Generate a set of AccessKeys for a user.

Request structure

Plain Text 
1POST /v1/user/{userName}/accesskey HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[AccessKey](IAM/API Reference_IAM/Data type.md#AccessKey) object

Request example

Plain Text 
1POST /v1/user/test-user/accesskey HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 201 Created
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS     
5{
6    "secret": "0f005450fd4e4b329050edc5955da477",
7    "id": "e767c68b72194dba9ed71883c7b284b3",
8    "createTime": "2019-06-06T07:33:51Z"
9}

Disable user's AccessKey

API description

Disable a specified set of AccessKeys for a user.

Request structure

Plain Text 
1PUT /user/{userName}/accesskey/{accessKeyId}?disable HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes
accessKeyId String URL parameter AccessKey ID Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[AccessKey](IAM/API Reference_IAM/Data type.md#AccessKey) object

Request example

Plain Text 
1PUT /v1/user/test-user/accesskey/e767c68b72194dba9ed71883c7b284b3?disable HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS
5{
6    "enabled": false,
7    "id": "e767c68b72194dba9ed71883c7b284b3",
8    "createTime": "2019-06-06T07:33:51Z"
9}

Enable user's AccessKey

API description

Restore the specified set of AccessKeys for a user to "Enabled" status.

Request structure

Plain Text 
1PUT /user/{userName}/accesskey/{accessKeyId}?enable HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes
accessKeyId String URL parameter AccessKey ID Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

[AccessKey](IAM/API Reference_IAM/Data type.md#AccessKey) object

Request example

Plain Text 
1PUT /v1/user/test-user/accesskey/e767c68b72194dba9ed71883c7b284b3?enable HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS
5{
6    "enabled": true,
7    "id": "e767c68b72194dba9ed71883c7b284b3",
8    "createTime": "2019-06-06T07:33:51Z"
9}

Delete user's AccessKey

API description

Remove a specified set of AccessKeys for the user.

Request structure

Plain Text 
1DELETE /user/{userName}/accesskey/{accessKeyId} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes
accessKeyId String URL parameter AccessKey ID Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

None

Request example

Plain Text 
1DELETE /v1/user/test-user/accesskey/e767c68b72194dba9ed71883c7b284b3 HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 204 No Content
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
4Server: BWS

List user's AccessKeys

API description

Display all AccessKeys of a user.

Request structure

Plain Text 
1GET /v1/user/{userName}/accesskey HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
accessKeys List<[AccessKey](IAM/API Reference_IAM/Data type.md#AccessKey)> User AccessKey list

Request example

Plain Text 
1GET /v1/user/test-user/accesskey HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK     
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7     
3Server: BWS     
4{
5    "accessKeys": [
6        {
7            "id": "e0eedb7fc40c45a597c4c80516a918bd",
8            "createTime": "2019-06-06T07:37:21Z",
9            "lastUsedTime": "2021-10-14T07:37:21Z",
10            "enabled": true,
11 "description": "Test"
12        }
13    ]
14}

Query the last usage time of AccessKey by the user

API description

Check the last usage time of an AccessKey provided by the user.

Note: IAM users with the system policy IAMManageAccessKeyPolicy permission can view the last usage time of their own AccessKeys; IAM users with system policies IAMFullControlAccessPolicy or IAMReadAccessPolicy permission can view the last usage time of all AccessKeys under the account of the IAM user.

Request structure

Plain Text 
1GET /v1/accesskey/{accessKeyId}/lastusedtime HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
accessKeyId String URL parameter AccessKey ID Yes

Response parameters

Name Types Description
accessKeyId String AccessKey ID
lastUsedTime String Last usage time of AccessKey ID

Request example

Plain Text 
1GET /v1/accesskey/e767c68b72194dba9ed71883c7b284b3/lastusedtime HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK     
2Content-Type: application/json;charset=UTF-8     
3X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7      
4Server: BWS     
5{
6    "accessKeyId": "e767c68b72194dba9ed71883c7b284b3",
7    "lastUsedTime": "2024-10-25T08:27:43.000Z"
8}

Unbind virtual MFA of the IAM User

API description

Unbind virtual MFA of the IAM User

Request structure

Plain Text 
1DELETE /v1/user/{userName}/mfaType/{mfaType} HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
userName String URL parameter Username Yes
mfaType String URL parameter MFA type, fixed as TOTP Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

None

Request example

Plain Text 
1DELETE /v1/user/test2/mfaType/TOTP HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: AuthorizationString

Response example

Plain Text 
1HTTP/1.1 204 No Content
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
3Server: BWS

Query IAM user-based SSO information

API description

Retrieve IAM user-based SSO details, aligning with the content of the menu: Identity and Access Management - Enterprise Account Integration - IAM User-based SSO.

Request structure

Plain Text 
1GET /v1/subUser/idp/query HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

None

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
idp [Idp](IAM/API Reference_IAM/Data type.md#Idp) Current account IAM user-based SSO configuration

Request example

Plain Text 
1GET /v1/subUser/idp/query HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
3Server: BWS
4{
5    "status": "enable",
6    "auxiliaryDomain": "www.baidu.com",
7    "domainId": "91b4ee8f04f84c7dae51bc159c9cabcd",
8    "encodeMetadata": "xxx",
9    "fileName": "xxx.xml",
10    "createTime": "2024-01-30T11:57:11.000Z",
11    "updateTime": "2024-01-30T11:57:11.000Z"
12}

Update user-based SSO status

API description

Change the user-based SSO status.

Request structure

Plain Text 
1POST /v1/subUser/idp/updateStatus HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Name Types Location Description Required or not
status String RequestParam parameters Function status, enabled as "enable", disabled as "disable" Yes

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
idp [Idp](IAM/API Reference_IAM/Data type.md#Idp) Updated current account IAM user-based SSO configuration

Request example

Plain Text 
1POST /v1/subUser/idp/updateStatus?status=enable HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
3Server: BWS
4{
5    "status": "enable",
6    "auxiliaryDomain": "www.baidu.com",
7    "domainId": "91b4ee8f04f84c7dae51bc159c9cabcd",
8    "encodeMetadata": "xxx",
9    "fileName": "xxx.xml",
10    "createTime": "2024-01-30T11:57:11.000Z",
11    "updateTime": "2024-01-30T11:57:11.000Z"
12}

Update IAM user-based SSO configuration

API description

Modify IAM user-based SSO settings.

Request structure

Plain Text 
1POST /v1/subUser/idp/update HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request parameters

Name Types Location Description Required or not
updateSubUserIdpRequest [UpdateSubUserIdpRequest](IAM/API Reference_IAM/Data type.md#UpdateSubUserIdpRequest) RequestBody Update IAM user-based SSO configuration request entity Yes

Request headers

There are no special headers required beyond the common headers.

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
idp [Idp](IAM/API Reference_IAM/Data type.md#Idp) Updated current account IAM user-based SSO configuration

Request example

Plain Text 
1POST /v1/subUser/idp/update HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
3Server: BWS
4{
5    "status": "enable",
6    "auxiliaryDomain": "www.baidu.com",
7    "domainId": "91b4ee8f04f84c7dae51bc159c9cabcd",
8    "encodeMetadata": "xxx",
9    "fileName": "xxx.xml",
10    "createTime": "2024-01-30T11:57:11.000Z",
11    "updateTime": "2024-01-30T11:57:11.000Z"
12}

Delete IAM user-based SSO configuration

API description

Remove IAM user-based SSO function settings.

Request structure

Plain Text 
1POST /v1/subUser/idp/delete HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

None

Response headers

There are no special headers required beyond the common headers.

Response parameters

None

Request example

Plain Text 
1POST /v1/subUser/idp/delete HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
3Server: BWS

Query root account overview information

API description

Query root account overview information

Request structure

Plain Text 
1GET /v1/account/summary HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

None

Response headers

There are no special headers required beyond the common headers.

Response parameters

Name Types Description
accountId String Root account ID
limitInfo [AccountLimitInfo](IAM/API Reference_IAM/Data type.md#AccountLimitInfo) Account quota information
countInfo [AccountCountInfo](IAM/API Reference_IAM/Data type.md#AccountCountInfo) Account count information

Request example

Plain Text 
1GET /v1/account/summary HTTP/1.1
2Host: iam.bj.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2X-Bce-Request-Id: 8d51a788-e79d-4ced-a9e0-0662ec85b7f7
3Server: BWS
4{
5    "accountId": "4e990ca9cbc34089902f0a2a354037b4",
6    "limitInfo": {
7        "userLimit": 500,
8        "policyLimit": 1000,
9        "contactsLimit": 500,
10        "groupLimit": 100,
11        "subUserOfGroupLimit": 100,
12        "akskLimit": 20,
13        "akskLeakLimitHour": 1,
14        "akskLeakLimitNumber": 1,
15        "groupMaxAttachPolicyLimit": 5,
16        "userRolePerAccountLimit": 100,
17        "roleMaxAttachSystemPolicyLimit": 20,
18        "roleMaxAttachCustomPolicyLimit": 10
19    },
20    "countInfo": {
21        "userCount": 6,
22        "groupCount": 1,
23        "policyCount": 1
24    }
25}

Previous
Service domain
Next
FAQs