'1.0', 'info' => ['style' => 'ROA', 'product' => 'Eiam-developerapi', 'version' => '2022-02-25'], 'directories' => [ [ 'children' => ['ObtainJwtAuthenticationToken', 'FetchOAuthAuthenticationToken', 'GenerateJwtAuthenticationToken', 'ListAuthenticationTokens', 'ObtainJwtAuthenticationTokenByDerivedShortToken', 'ReinstateAuthenticationToken', 'ReinstateAuthenticationTokenByConsumer', 'RevokeAuthenticationToken', 'RevokeAuthenticationTokenByConsumer', 'ValidateAuthenticationToken'], 'type' => 'directory', 'title' => 'Authentication token API', ], [ 'children' => ['CreateUserExclusiveCredential', 'ObtainCredential'], 'type' => 'directory', 'title' => 'Credential API', ], [ 'children' => ['ObtainCloudAccountRoleAccessCredential'], 'type' => 'directory', 'title' => 'Cloud role access credential API', ], [ 'children' => ['GenerateTokenByAuthorizationServer', 'GenerateToken', 'GenerateDeviceCode', 'GetUserInfo', 'RevokeToken'], 'type' => 'directory', 'title' => 'OIDC API', ], [ 'children' => ['GetApplicationProvisioningScope'], 'type' => 'directory', 'title' => 'Authorization scope API', ], [ 'children' => ['CreateOrganizationalUnit', 'PatchOrganizationalUnit', 'GetOrganizationalUnit', 'DeleteOrganizationalUnit', 'ListOrganizationalUnits', 'ListOrganizationalUnitParentIds', 'GetOrganizationalUnitIdByExternalId'], 'type' => 'directory', 'title' => 'Organization management API', ], [ 'children' => ['CreateUser', 'PatchUser', 'GetUser', 'UpdateUserPassword', 'EnableUser', 'DisableUser', 'GetUserIdByEmail', 'GetUserIdByPhoneNumber', 'GetUserIdByUserExternalId', 'GetUserIdByUsername', 'SetUserPrimaryOrganizationalUnit', 'AddUserToOrganizationalUnits', 'RemoveUserFromOrganizationalUnits', 'ListGroupsForUser'], 'type' => 'directory', 'title' => 'Account management API', ], [ 'children' => ['GetGroup', 'PatchGroup', 'AddUsersToGroup', 'ListUsersForGroup'], 'type' => 'directory', 'title' => 'Account group management API', ], [ 'children' => ['CreateGroup', 'DeleteGroup', 'DeleteUser', 'ListGroups', 'ListUsers', 'RemoveUsersFromGroup'], 'title' => 'Others', 'type' => 'directory', ], ], 'components' => [ 'schemas' => [], ], 'apis' => [ 'AddUserToOrganizationalUnits' => [ 'summary' => 'Adds an EIAM account to one or more EIAM organizations. These organizations serve as subordinate organizations for the account. If the account is already a member of a specified organization, no update is performed.', 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}/actions/addUserToOrganizationalUnits', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasCRU1S2'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information.'."\n" .'Format: Bearer ${access\\_token}.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The account ID.', 'type' => 'string', 'required' => true, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'organizationalUnitIds' => [ 'title' => '', 'description' => 'A list of organization IDs.', 'type' => 'array', 'items' => ['description' => 'The organization ID.', 'type' => 'string', 'required' => false, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'required' => true, 'example' => '[ou_wovwffm62xifdziem7an7xxxxx]', ], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'title' => 'AddUserToOrganizationalUnits', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'AddUsersToGroup' => [ 'summary' => 'Adds multiple Employee Identity and Access Management (EIAM) accounts to an EIAM group. If the accounts are already added to the specified group, no update is performed.', 'path' => '/v2/{instanceId}/{applicationId}/groups/{groupId}/actions/addUsersToGroup', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasIEJFYH'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['title' => '', 'description' => 'The authentication information. The value is in the Bearer ${access_token} format. Example: Bearer ATxxxx.'."\n", 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The instance ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The application ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx'], ], [ 'name' => 'groupId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The group ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'group_wovwffm62xifdziem7an7xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.'."\n", 'type' => 'object', 'properties' => [ 'userIds' => [ 'title' => '', 'description' => 'The account IDs.'."\n", 'type' => 'array', 'items' => ['description' => 'The account ID.'."\n", 'type' => 'string', 'required' => false, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], 'required' => true, 'example' => '[user_d6sbsuumeta4h66ec3il7yxxxx}', ], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', 'title' => 'AddUsersToGroup', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], ], 'CreateGroup' => [ 'path' => '/v2/{instanceId}/{applicationId}/groups', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas7VNWU7'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. The value is in the Bearer ${access\\_token} format. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'groupName' => ['description' => 'The organization name.', 'type' => 'string', 'required' => true, 'example' => 'name001', 'title' => ''], 'groupExternalId' => ['description' => 'The external ID.', 'type' => 'string', 'example' => 'group_2bo6lefcewdausyyxxxx', 'title' => '', 'required' => false], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'GroupIdObject', 'description' => 'GroupIdObject', 'type' => 'object', 'properties' => [ 'groupId' => ['description' => 'The group ID.', 'type' => 'string', 'example' => 'group_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'CreateGroup', 'summary' => 'Creates a group.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"groupId\\": \\"group_wovwffm62xifdziem7an7xxxxx\\"\\n}","type":"json"}]', ], 'CreateOrganizationalUnit' => [ 'path' => '/v2/{instanceId}/{applicationId}/organizationalUnits', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas3S4NKL'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'organizationalUnitName' => ['description' => 'The name of the organizational unit.', 'type' => 'string', 'required' => true, 'example' => 'name001', 'title' => ''], 'parentId' => ['description' => 'The ID of the parent organizational unit.', 'type' => 'string', 'required' => true, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'organizationalUnitExternalId' => ['description' => 'The external ID of the organizational unit. The external ID can be used to map external data to the data of the organizational unit in Employee Identity and Access Management (EIAM) of Identity as a Service (IDaaS). By default, the external ID is the organizational unit ID.'."\n" ."\n" .'For organizational units with the same source type and source ID, each organizational unit has a unique external ID.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => '', 'required' => false], 'description' => ['description' => 'The description of the organizational unit.', 'type' => 'string', 'example' => '测试组织', 'title' => '', 'required' => false], ], 'required' => false, 'example' => 'app_xx001', 'title' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'OrganizationalUnitIdObject', 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'organizationalUnitId' => ['description' => 'The ID of the organizational unit.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'CreateOrganizationalUnit', 'summary' => 'Creates an organizational unit.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 400 | OrganizationUnitIdNotInScopes | organizationUnitId : ou_wovwffm62xifdziem7an7xxxxx not in provisioning scope! | 组织不在同步范围内|'."\n" .'| 400 | MissingParameter.OrganizationalUnitName | The specified parameter:OrganizationalUnitName is required! | 缺少组织名称参数|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx| 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:organizational_unit:manage_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"organizationalUnitId\\": \\"ou_wovwffm62xifdziem7an7xxxxx\\"\\n}","type":"json"}]', ], 'CreateUser' => [ 'summary' => 'Creates a new EIAM account in a specified organization.', 'path' => '/v2/{instanceId}/{applicationId}/users', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'create', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasCRU1S2'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information.'."\n" .'Format: `Bearer ${access_token}`.'."\n" .'Example: `Bearer ATxxxx`.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The ID of the instance.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The ID of the application.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'username' => ['description' => 'The username. It can contain letters, digits, and the following special characters: underscore (`_`), period (`.`), at sign (`@`), and hyphen (`-`). The maximum length is 256 characters.', 'type' => 'string', 'required' => true, 'example' => 'name001', 'title' => ''], 'displayName' => ['description' => 'The display name. The maximum length is 128 characters.', 'type' => 'string', 'example' => 'display_name001', 'title' => '', 'required' => false], 'password' => ['description' => 'The account password. For password complexity rules, see the password policy in the IDaaS console.', 'type' => 'string', 'example' => 'xxxxx', 'title' => '', 'required' => false], 'phoneRegion' => ['description' => 'The phone region code. For example, the code for the Chinese mainland is `86`. Do not include a `00` prefix or a plus sign (`+`). This parameter is required if `phoneNumber` is set.', 'type' => 'string', 'example' => '86', 'title' => '', 'required' => false], 'phoneNumber' => ['description' => 'The account phone number. It must be 6 to 15 digits long.', 'type' => 'string', 'example' => '156xxxxxxx', 'title' => '', 'required' => false], 'phoneNumberVerified' => ['description' => 'Specifies whether the phone number is verified. This parameter is required if `phoneNumber` is set. Typically, set this to `true`.', 'type' => 'boolean', 'example' => 'true', 'title' => '', 'required' => false], 'email' => ['description' => 'The email address. The local-part of the address can contain uppercase and lowercase letters, digits, periods (`.`), underscores (`_`), and hyphens (`-`). The maximum length is 128 characters.', 'type' => 'string', 'example' => 'example@example.com', 'title' => '', 'required' => false], 'emailVerified' => ['description' => 'Specifies whether the email is verified. This parameter is required if `email` is set. Typically, set this to `true`.', 'type' => 'boolean', 'example' => 'true', 'title' => '', 'required' => false], 'userExternalId' => ['description' => 'The external user ID, used to associate the account with an external system. The maximum length is 128 characters. If unspecified, it defaults to the account ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => '', 'required' => false], 'primaryOrganizationalUnitId' => ['description' => 'The ID of the primary organizational unit.', 'type' => 'string', 'required' => true, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'description' => ['description' => 'The account description. The maximum length is 256 characters.', 'type' => 'string', 'example' => '测试账户', 'title' => '', 'required' => false], 'passwordInitializationConfig' => [ 'title' => '', 'description' => 'The password initialization configuration.', 'type' => 'object', 'properties' => [ 'passwordInitializationPolicyPriority' => ['description' => 'The priority of the password initialization policy. Valid values:'."\n" ."\n" .'- `global`: Uses the instance-level password initialization policy and ignores the custom settings in this request. For more information, see the password initialization policy configuration in the IDaaS console.'."\n" ."\n" .'- `custom`: Uses the custom password initialization policy defined in this request. This includes settings for forced password updates, the initialization type, and notification channels.', 'type' => 'string', 'example' => 'global', 'title' => '', 'required' => false], 'passwordForcedUpdateStatus' => ['description' => 'The password forced update status. By default, this feature is disabled. Valid values:'."\n" ."\n" .'- `enabled`: Enables the feature.'."\n" ."\n" .'- `disabled`: Disables the feature.', 'type' => 'string', 'example' => 'enabled', 'title' => '', 'required' => false], 'userNotificationChannels' => [ 'title' => '', 'description' => 'The user notification channels. Valid values:'."\n" ."\n" .'- `email`: Email'."\n" ."\n" .'- `sms`: SMS', 'type' => 'array', 'items' => ['description' => 'The user notification channel.', 'type' => 'string', 'required' => false, 'example' => 'email', 'title' => ''], 'required' => false, 'example' => 'sms', ], 'passwordInitializationType' => ['description' => 'The password initialization type. Valid values:'."\n" ."\n" .'- `random`: A randomly generated password.', 'type' => 'string', 'example' => 'random', 'title' => '', 'required' => false], ], 'required' => false, 'example' => '', ], 'customFields' => [ 'title' => '', 'description' => 'A list of custom fields for the account.', 'type' => 'array', 'items' => [ 'description' => 'An object containing the name and value of a custom field.', 'type' => 'object', 'properties' => [ 'fieldName' => ['description' => 'The name of the custom field. You can view the field\'s data type and value range in the IDaaS console.', 'type' => 'string', 'example' => 'age', 'title' => '', 'required' => false], 'fieldValue' => ['description' => 'The value of the custom field.', 'type' => 'string', 'example' => 'fieldValue_001', 'title' => '', 'required' => false], ], 'required' => false, 'title' => '', 'example' => '', ], 'required' => false, 'example' => '', ], ], 'required' => false, 'example' => 'app_xx001', 'title' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'description' => 'The response object.', 'type' => 'object', 'properties' => [ 'userId' => ['description' => 'The user ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], 'example' => '', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"userId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\"\\n}","type":"json"}]', 'title' => 'CreateUser', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid_token | Access token is not valid | token无效|'."\n" .'| 400 | invalid_request | Access token application id not match | 请求无效,token信息与参数应用ID不一致|'."\n" .'| 400 | OrganizationUnitIdNotInScopes | organizationUnitId : ou_wovwffm62xifdziem7an7xxxxx not in provisioning scope! | 组织不存在或组织不在同步范围内|'."\n" .'| 404 | instance\\_not\\_found | Instance id not found: idaas_ue2jvisn35ea5lmthk267xxxxx | 实例不存在 |'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:user:manager_all] | 缺少API授权信息 |'."\n" .'| 400 | MissingParameter.Username | The specified parameter:Username is required! | 缺少账户名参数 |'."\n" .'| 400 | MissingParameter.PhoneRegion | The specified parameter:PhoneRegion is required! | 缺少手机区号参数,若已设置手机号,此为必填项 |'."\n" .'| 400 | MissingParameter.PhoneNumberVerified | The specified parameter:PhoneRegion is required! | 缺少手机区号是否已验证参数,若已设置手机号,此为必填项 |'."\n" .'| 400 | MissingParameter.Email | The specified parameter:Email is required! | 缺少邮箱是否已验证参数,若已设置邮箱,此为必填项 |'."\n" .'| 400 | MissingParameter.Username | The specified parameter:Username is required! | 缺少账户名参数 |'."\n" .'| 400 | MissingParameter.PrimaryOrganizationalUnitId | The specified parameter:PrimaryOrganizationalUnitId is required! | 缺少主组织参数 |'."\n" .'| 400 | InvalidParameter.PhoneNumber | The specified parameter:PhoneNumber is invalid. | 无效的手机号 |'."\n" .'| 400 | InvalidParameter.PhoneRegion | The specified parameter:PhoneRegion is invalid. | 无效的手机区号 |'."\n" .'| 400 | InvalidParameter.Password | The specified parameter:Password is invalid. | 密码不符合规则,请参考IDaaS控制台密码规则 |'."\n" .'| 400 | InvalidParameter.Email | The specified parameter:Email is invalid. | 无效的邮箱 |'."\n" .'| 400 | InvalidParameter.DisplayName | The specified parameter:DisplayName is invalid. | 账户显示名过长 |'."\n" .'| 400 | InvalidParameter.Description | The specified parameter:Description is invalid. | 账户描述过长 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], ], 'CreateUserExclusiveCredential' => [ 'summary' => 'Creates a user exclusive credential.', 'path' => '/v2/{instanceId}/credentials/_/actions/createUserExclusive', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. The value must be in the `Bearer ${access_token}` format.'."\n" ."\n" .'> The access token must be issued by IDaaS.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The ID of the IDaaS instance.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'credentialIdentifier' => ['description' => 'The credential identifier.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'credential_identifier_test'], 'credentialName' => ['description' => 'The credential name.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'credential_name'], 'credentialScenarioLabel' => ['description' => 'The use case for the credential. Valid values:'."\n" ."\n" .'- `llm`: Large Language Model (LLM).'."\n" ."\n" .'- `saas`: Third-party Software as a Service (SaaS).', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'llm'], 'credentialType' => ['description' => 'The credential type. Valid values:'."\n" ."\n" .'- `api_key`: API key credential.'."\n" ."\n" .'- `oauth_client`: OAuth client credential.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'api_key'], 'credentialContent' => [ 'type' => 'object', 'properties' => [ 'apiKeyContent' => [ 'type' => 'object', 'properties' => [ 'apiKey' => ['description' => 'The value of the API key. This parameter is required if `credentialType` is set to `api_key`.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'sk-nsklncmwizncxxxx'], ], 'title' => '', 'description' => 'The content of the API key credential. This parameter is required if `credentialType` is set to `api_key`.', 'required' => false, 'example' => '', ], ], 'required' => true, 'title' => '', 'description' => 'The content of the credential.', 'example' => '', ], 'description' => ['description' => 'The description of the credential.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'credential_description'], 'credentialExternalId' => ['type' => 'string', 'description' => '', 'title' => '', 'example' => ''], ], 'description' => 'The request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'type' => 'object', 'properties' => [ 'credentialId' => ['description' => 'The credential ID.', 'type' => 'string', 'title' => '', 'example' => 'cred_mkv7rgt4d7i4u7zqtzev2mxxxx'], 'credentialIdentifier' => ['description' => 'The credential identifier.', 'type' => 'string', 'title' => '', 'example' => 'credential_identifier_test'], ], 'description' => 'The response body.', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'CreateUserExclusiveCredential', 'description' => 'This API operation uses an IDaaS-issued access token for authentication and authorization.'."\n" ."\n" .'The access token must have the "Manage Static Credentials" permission for the built-in Privileged Access Management (PAM) application in IDaaS.'."\n" ."\n" .'> The required scope is `urn:cloud:idaas:pam|credential:manage`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"credentialId\\": \\"cred_mkv7rgt4d7i4u7zqtzev2mxxxx\\",\\n \\"credentialIdentifier\\": \\"credential_identifier_test\\"\\n}","type":"json"}]', ], 'DeleteGroup' => [ 'summary' => 'Deletes a group.', 'path' => '/v2/{instanceId}/{applicationId}/groups/{groupId}', 'methods' => ['delete'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasJ7WKML', 'FEATUREidaas7VNWU7'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['title' => '', 'description' => 'The authentication information. The value is in the Bearer ${access_token} format. Example: Bearer ATxxxx.'."\n", 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The instance ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The application ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx'], ], [ 'name' => 'groupId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The group ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'group_wovwffm62xifdziem7an7xxxxx'], ], ], 'responses' => [ 200 => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', 'title' => 'DeleteGroup', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], ], 'DeleteOrganizationalUnit' => [ 'summary' => 'Deletes an organizational unit.', 'path' => '/v2/{instanceId}/{applicationId}/organizationalUnits/{organizationalUnitId}', 'methods' => ['delete'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas3S4NKL'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij'."\n", 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'organizationalUnitId', 'in' => 'path', 'schema' => ['description' => 'The ID of the organizational unit.', 'type' => 'string', 'required' => true, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], ], 'responses' => [ 200 => [], ], 'title' => 'DeleteOrganizationalUnit', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 400 | OrganizationUnitIdNotInScopes | organizationUnitId : ou_wovwffm62xifdziem7an7xxxxx not in provisioning scope! | 组织不在同步范围内或不存在|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:organizational_unit:manage_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'DeleteUser' => [ 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}', 'methods' => ['delete'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasCRU1S2'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The account ID.', 'type' => 'string', 'required' => true, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], ], 'responses' => [ 200 => [], ], 'title' => 'DeleteUser', 'summary' => 'Deletes an Employee Identity and Access Management (EIAM) account.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 404 | ResourceNotFound.User | The specified User resource: user_d6sbsuumeta4h66ec3il7yxxxx not found. | 账户不存在 |'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:user:manager_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'DisableUser' => [ 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}/actions/disable', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas1FXU07'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The account ID.', 'type' => 'string', 'required' => true, 'example' => 'user_001', 'title' => ''], ], ], 'responses' => [ 200 => [], ], 'title' => 'DisableUser', 'summary' => 'Disables an Employee Identity and Access Management (EIAM) account.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid_token | Access token is not valid | '."\n" .'| 404 | ResourceNotFound.User | The specified User resource: user_xxxx not found. | '."\n" .'| 404 | application_not_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | '."\n" .'| 403 | application_disabled | Application is disabled | '."\n" .'| 403 | application_api_disabled | Application api invoke disabled | '."\n" .'| 403 | permission_denied | Require scopes: [urn:alibaba:idaas:scope:user:manager_all] | '."\n" .'| 500 | Internal Server Error | Internal Server Error |', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'EnableUser' => [ 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}/actions/enable', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas1FXU07'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The account ID.', 'type' => 'string', 'required' => true, 'example' => 'user_001', 'title' => ''], ], ], 'responses' => [ 200 => [], ], 'title' => 'EnableUser', 'summary' => 'Enables an Employee Identity and Access Management (EIAM) account.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid_token | Access token is not valid | '."\n" .'| 404 | ResourceNotFound.User | The specified User resource: user_xxxx not found. | '."\n" .'| 404 | application_not_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | '."\n" .'| 403 | application_disabled | Application is disabled | '."\n" .'| 403 | application_api_disabled | Application api invoke disabled | '."\n" .'| 403 | permission_denied | Require scopes: [urn:alibaba:idaas:scope:user:manager_all] | '."\n" .'| 500 | Internal Server Error | Internal Server Error |', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'FetchOAuthAuthenticationToken' => [ 'path' => '/v2/{instanceId}/authenticationTokens/_/actions/fetchOAuthAccessToken', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. The format is \\`Bearer ${access\\_token}\\`.'."\n" ."\n" .'> Enter the access token issued by IDaaS.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'credentialProviderIdentifier' => ['description' => 'The identifier of the credential provider.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'test_example_identifier'], 'scope' => ['description' => 'The scope for the OAuth protocol.'."\n" ."\n" .'> If you do not specify this parameter, the scope of the issued OAuth access token is determined by the scope configuration of the credential provider.'."\n" ."\n" .'>'."\n" ."\n" .'Separate multiple scope values with spaces.'."\n" ."\n" .'>', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'example:test_01 example:test_02'], ], 'description' => 'The request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The instance ID.', 'type' => 'string', 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], 'authenticationTokenId' => ['description' => 'The authentication token ID.', 'type' => 'string', 'title' => '', 'example' => 'atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx'], 'credentialProviderId' => ['description' => 'The credential provider ID.', 'type' => 'string', 'title' => '', 'example' => 'atp_01kr2cmj5gxxx4fvmls2e93dxxxxx'], 'createTime' => ['description' => 'The time when the authentication token was created. This is a UNIX timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'updateTime' => ['description' => 'The time when the authentication token was last updated. This is a UNIX timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'authenticationTokenType' => ['description' => 'The type of the authentication token.'."\n" ."\n" .'> The value is fixed to `oauth_access_token`, which indicates an OAuth access token.', 'type' => 'string', 'title' => '', 'example' => 'oauth_access_token'], 'revoked' => ['description' => 'Indicates whether the authentication token is revoked.', 'type' => 'boolean', 'title' => '', 'example' => 'false'], 'creatorType' => ['description' => 'The type of the creator of the authentication token. Valid value:'."\n" ."\n" .'- \\`application\\`: An application.', 'type' => 'string', 'title' => '', 'example' => 'application'], 'creatorId' => ['description' => 'The ID of the creator of the authentication token.', 'type' => 'string', 'title' => '', 'example' => 'app_ngtkgrrxxxxktg5eao6z4xxxxx'], 'consumerType' => ['description' => 'The type of the consumer of the authentication token. Valid values:'."\n" ."\n" .'- \\`application\\`: An application.'."\n" ."\n" .'- \\`custom\\`: A custom type.', 'type' => 'string', 'title' => '', 'example' => 'application'], 'consumerId' => ['description' => 'The ID of the consumer of the authentication token.', 'type' => 'string', 'title' => '', 'example' => 'app_ngtkgrrxxxxktg5eao6z4xxxxx'], 'expirationTime' => ['description' => 'The time when the authentication token expires. This is a UNIX timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1772693568000'], 'oauthAccessTokenContent' => [ 'type' => 'object', 'properties' => [ 'accessTokenValue' => ['description' => 'The \\`access\\_token\\` field in the response from the token endpoint of the OAuth protocol.', 'type' => 'string', 'title' => '', 'example' => 'DgEBAGP2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'], 'tokenType' => ['description' => 'The \\`token\\_type\\` field in the response from the token endpoint of the OAuth protocol.', 'type' => 'string', 'title' => '', 'example' => 'Bearer'], 'scope' => ['description' => 'The \\`scope\\` field in the response from the token endpoint of the OAuth protocol.', 'type' => 'string', 'title' => '', 'example' => 'example:test_01 example:test_02'], ], 'title' => '', 'description' => 'The content of the OAuth access token.', 'example' => '', ], ], 'description' => 'The details of the OAuth authentication token.', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'FetchOAuthAuthenticationToken', 'summary' => 'Fetches a valid OAuth authentication token.', 'description' => 'This API performs identity authentication and authorization using an access token issued by IDaaS.'."\n" ."\n" .'Ensure that the access token has permission to obtain authentication tokens from the built-in Privileged Access Management (PAM) application in IDaaS.'."\n" ."\n" .'> The corresponding scope is `urn:cloud:idaas:pam|authentication_token:obtain`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"authenticationTokenId\\": \\"atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx\\",\\n \\"credentialProviderId\\": \\"atp_01kr2cmj5gxxx4fvmls2e93dxxxxx\\",\\n \\"createTime\\": 1649830225000,\\n \\"updateTime\\": 1649830225000,\\n \\"authenticationTokenType\\": \\"oauth_access_token\\",\\n \\"revoked\\": false,\\n \\"creatorType\\": \\"application\\",\\n \\"creatorId\\": \\"app_ngtkgrrxxxxktg5eao6z4xxxxx\\",\\n \\"consumerType\\": \\"application\\",\\n \\"consumerId\\": \\"app_ngtkgrrxxxxktg5eao6z4xxxxx\\",\\n \\"expirationTime\\": 1772693568000,\\n \\"oauthAccessTokenContent\\": {\\n \\"accessTokenValue\\": \\"DgEBAGP2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\\",\\n \\"tokenType\\": \\"Bearer\\",\\n \\"scope\\": \\"example:test_01 example:test_02\\"\\n }\\n}","type":"json"}]', ], 'GenerateDeviceCode' => [ 'summary' => 'Generates a device code.', 'path' => '/v2/{instanceId}/{applicationId}/oauth2/device/code', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasUATW0R', 'FEATUREidaasLUEH19'], ], 'parameters' => [ [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'scope', 'in' => 'query', 'schema' => ['description' => 'The authorization scope.', 'type' => 'string', 'example' => 'xxx', 'title' => '', 'required' => false], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'DeviceCodeResponse', 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'device_code' => ['description' => 'The device code.', 'type' => 'string', 'example' => 'xxxxx', 'title' => ''], 'user_code' => ['description' => 'The user authorization code.', 'type' => 'string', 'example' => 'xxxxx', 'title' => ''], 'verification_uri' => ['description' => 'The verification URI.', 'type' => 'string', 'example' => 'https://example.com/authorize/device', 'title' => ''], 'verification_uri_complete' => ['description' => 'The complete verification URI.', 'type' => 'string', 'example' => 'https://example.com/authorize/device?user_code='."\n" .'xxxx', 'title' => ''], 'expires_in' => ['description' => 'The remaining validity period of the device code. Unit: seconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1200', 'title' => ''], 'expires_at' => ['description' => 'The time when the token expires. This value is a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1653288641'], 'interval' => ['description' => 'The timeout period of the request token. Unit: seconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '5', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'GenerateDeviceCode', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_request | Application is not turn device grant flow on| 设备流授权未开启 |'."\n" .'| 400 | invalid\\_request | Invalid client id| client id无效 |'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"device_code\\": \\"xxxxx\\",\\n \\"user_code\\": \\"xxxxx\\",\\n \\"verification_uri\\": \\"https://example.com/authorize/device\\",\\n \\"verification_uri_complete\\": \\"https://example.com/authorize/device?user_code=\\\\nxxxx\\",\\n \\"expires_in\\": 1200,\\n \\"expires_at\\": 1653288641,\\n \\"interval\\": 5\\n}","type":"json"}]', ], 'GenerateJwtAuthenticationToken' => [ 'path' => '/v2/{instanceId}/authenticationTokens/_/actions/generateJwt', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'Authentication information. Format: Bearer ${access\\_token}.'."\n" ."\n" .'> Enter the Access Token issued by IDaaS.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'Instance ID.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'credentialProviderIdentifier' => ['description' => 'Credential provider identity.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'test_example_identifier'], 'issuer' => ['description' => 'The \\`iss\\` field of the JWT.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'https://test.issuer.com'], 'subject' => ['description' => 'The \\`sub\\` field of the JWT.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'test_jwt_subject'], 'audiences' => [ 'type' => 'array', 'items' => ['description' => 'JWT audience.', 'type' => 'string', 'required' => false, 'example' => 'test_jwt_audience', 'title' => ''], 'required' => true, 'title' => '', 'description' => 'The \\`aud\\` field of the JWT.', 'example' => '', ], 'customClaims' => [ 'type' => 'object', 'additionalProperties' => ['description' => 'Custom claim key-value pairs.', 'type' => 'any', 'title' => '', 'example' => '-'], 'title' => '', 'description' => 'Custom claims.'."\n" ."\n" .'>'."\n" ."\n" .'Key-value pairs. Keys must be strings.'."\n" ."\n" .'>', 'required' => false, 'example' => '', ], 'expiration' => ['description' => 'The validity period of the JWT, in seconds.', 'type' => 'integer', 'format' => 'int32', 'minimum' => '0', 'exclusiveMinimum' => true, 'title' => '', 'required' => false, 'example' => '900'], 'includeDerivedShortToken' => ['description' => 'Whether the generated JWT needs to include a "derived short token".', 'type' => 'boolean', 'title' => '', 'required' => false, 'example' => 'true'], ], 'description' => 'Request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'Instance ID.', 'type' => 'string', 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], 'authenticationTokenId' => ['description' => 'Authentication token ID.', 'type' => 'string', 'title' => '', 'example' => 'atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx'], 'credentialProviderId' => ['description' => 'Credential provider ID.', 'type' => 'string', 'title' => '', 'example' => 'atp_01kr2cmj5gxxx4fvmls2e93dxxxxx'], 'createTime' => ['description' => 'The creation time of the authentication token, UNIX timestamp, in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'updateTime' => ['description' => 'The update time of the authentication token, UNIX timestamp, in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'authenticationTokenType' => ['description' => 'Authentication token type.'."\n" ."\n" .'> The value is fixed as `jwt`, indicating a JWT authentication token.', 'type' => 'string', 'title' => '', 'example' => 'jwt'], 'revoked' => ['description' => 'Whether the authentication token is revoked.', 'type' => 'boolean', 'title' => '', 'example' => 'false'], 'creatorType' => ['description' => 'Authentication token creator type. Valid values:'."\n" ."\n" .'- application: Application', 'type' => 'string', 'title' => '', 'example' => 'application'], 'creatorId' => ['description' => 'Authentication token creator ID.', 'type' => 'string', 'title' => '', 'example' => 'app_ngtkgrrxxxxktg5eao6z4xxxxx'], 'consumerType' => ['description' => 'Authentication token consumer type. Valid values:'."\n" ."\n" .'- application: Application'."\n" ."\n" .'- custom: Custom type', 'type' => 'string', 'title' => '', 'example' => 'custom'], 'consumerId' => ['description' => 'Authentication token consumer ID.', 'type' => 'string', 'title' => '', 'example' => 'test_jwt_subject'], 'expirationTime' => ['description' => 'Authentication token expiration time, UNIX timestamp, in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1772693568000'], 'jwtContent' => [ 'type' => 'object', 'properties' => [ 'jwtValue' => ['description' => 'JWT content.', 'type' => 'string', 'title' => '', 'example' => 'eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'], 'derivedShortToken' => ['description' => 'The derived short token of the JWT.', 'type' => 'string', 'title' => '', 'example' => 'sk-Nx2vzxxxxxxxxxxxxxxxxx'], ], 'title' => '', 'description' => 'JWT authentication token content.', 'example' => '', ], ], 'description' => 'JWT authentication token details.', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'GenerateJwtAuthenticationToken', 'summary' => 'Generates a JSON Web Token (JWT) authentication token.', 'description' => 'This API performs identity authentication and authorization using the Access Token issued by IDaaS.'."\n" ."\n" .'Ensure that the provided Access Token has the authorization to access the "Obtain Authentication Token" feature of the built-in Privileged Access Management (PAM) application in IDaaS.'."\n" ."\n" .'> The corresponding scope is `urn:cloud:idaas:pam|authentication_token:obtain`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"authenticationTokenId\\": \\"atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx\\",\\n \\"credentialProviderId\\": \\"atp_01kr2cmj5gxxx4fvmls2e93dxxxxx\\",\\n \\"createTime\\": 1649830225000,\\n \\"updateTime\\": 1649830225000,\\n \\"authenticationTokenType\\": \\"jwt\\",\\n \\"revoked\\": false,\\n \\"creatorType\\": \\"application\\",\\n \\"creatorId\\": \\"app_ngtkgrrxxxxktg5eao6z4xxxxx\\",\\n \\"consumerType\\": \\"custom\\",\\n \\"consumerId\\": \\"test_jwt_subject\\",\\n \\"expirationTime\\": 1772693568000,\\n \\"jwtContent\\": {\\n \\"jwtValue\\": \\"eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\\",\\n \\"derivedShortToken\\": \\"sk-Nx2vzxxxxxxxxxxxxxxxxx\\"\\n }\\n}","type":"json"}]', ], 'GenerateToken' => [ 'summary' => 'Generates an access token for an application in a specified IDaaS instance based on credential information.', 'path' => '/v2/{instanceId}/{applicationId}/oauth2/token', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'produces' => [], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], ], 'parameters' => [ [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'client_id', 'in' => 'query', 'schema' => ['description' => 'The client ID.', 'type' => 'string', 'required' => false, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'client_secret', 'in' => 'query', 'schema' => ['description' => 'The client secret. This parameter is required when \\`grant\\_type\\` is \\`client\\_credentials\\` and the \\`client\\_secret\\_post\\` method is used.', 'type' => 'string', 'required' => false, 'example' => 'CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx', 'title' => ''], ], [ 'name' => 'grant_type', 'in' => 'query', 'schema' => [ 'description' => 'The authorization grant type. The following types are supported:'."\n" ."\n" .'- \\`client\\_credentials\\`: Client credentials grant. Requires \\`client\\_id\\` and \\`client\\_secret\\`.'."\n" ."\n" .'- \\`refresh\\_token\\`: Refresh token grant.'."\n" ."\n" .'- \\`authorization\\_code\\`: Authorization code grant.'."\n" ."\n" .'- \\`urn:ietf:params:oauth:grant-type:device\\_code\\`: Device flow.'."\n" ."\n" .'- \\`password\\`: Password grant.', 'enumValueTitles' => [], 'type' => 'string', 'required' => true, 'enum' => ['authorization_code', 'urn:ietf:params:oauth:grant-type:device_code', 'refresh_token', 'client_credentials', 'password'], 'title' => '', 'example' => 'client_credentials', ], ], [ 'name' => 'code', 'in' => 'query', 'schema' => ['description' => 'The authorization code. This parameter is required when \\`grant\\_type\\` is \\`authorization\\_code\\`.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'xxxx'], ], [ 'name' => 'username', 'in' => 'query', 'schema' => ['description' => 'The username. This parameter is required for the password grant type.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'uesrname_001'], ], [ 'name' => 'password', 'in' => 'query', 'schema' => ['description' => 'The username. This parameter is required for password mode.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'xxxxxx'], ], [ 'name' => 'device_code', 'in' => 'query', 'schema' => ['description' => 'The device code. This parameter is required when \\`grant\\_type\\` is \\`urn:ietf:params:oauth:grant-type:device\\_code\\` (device flow).', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'xxxx'], ], [ 'name' => 'redirect_uri', 'in' => 'query', 'schema' => ['description' => 'The redirection URI. This parameter is required for the authorization code grant type. It must match the redirection URI in the request to get the authorization code.', 'type' => 'string', 'example' => 'xxx', 'title' => '', 'required' => false], ], [ 'name' => 'refresh_token', 'in' => 'query', 'schema' => ['description' => 'The refresh token. This parameter is required when \\`grant\\_type\\` is \\`refresh\\_token\\` (refresh token grant).', 'type' => 'string', 'example' => 'ATxxx', 'title' => '', 'required' => false], ], [ 'name' => 'code_verifier', 'in' => 'query', 'schema' => ['description' => 'The code verifier. This is used in the authorization code grant type when PKCE is enabled.', 'type' => 'string', 'example' => 'xxx', 'title' => '', 'required' => false], ], [ 'name' => 'exclusive_tag', 'in' => 'query', 'schema' => ['description' => 'The excluded tag.', 'type' => 'string', 'example' => 'ATxxx', 'title' => '', 'required' => false], ], [ 'name' => 'scope', 'in' => 'query', 'schema' => ['description' => 'The scope. This parameter is optional. Multiple values are supported. Separate multiple values with spaces.'."\n" .'Valid values:'."\n" ."\n" .'- openid'."\n" ."\n" .'- email'."\n" ."\n" .'- phone'."\n" ."\n" .'- profile', 'type' => 'string', 'example' => 'xxxx', 'title' => '', 'required' => false], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'description' => 'The response.', 'type' => 'object', 'properties' => [ 'token_type' => [ 'description' => 'The token type. Valid values:'."\n" .'Basic - Basic type'."\n" .'Bearer - Bearer type', 'enumValueTitles' => ['Basic' => 'Basic', 'Bearer' => 'Bearer'], 'type' => 'string', 'title' => '', 'example' => 'Bearer', ], 'access_token' => ['title' => 'access_token', 'description' => 'The access token.', 'type' => 'string', 'example' => 'ATxxx'], 'refresh_token' => ['title' => 'refresh_token', 'description' => 'The refresh token.', 'type' => 'string', 'example' => 'RTxxx'], 'expires_in' => ['description' => 'The validity period of the token in seconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1200'], 'expires_at' => ['description' => 'The expiration time. The value is a UNIX timestamp in seconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1653288641'], 'id_token' => ['title' => 'id_token', 'description' => 'The ID token.', 'type' => 'string', 'example' => 'xxxxx'], ], 'example' => '', ], ], ], 'title' => 'GenerateToken', 'description' => 'The following methods are supported: Authorization Code, Device Flow, Refresh Token, Client Credentials, and Password.'."\n" ."\n" .'### 1. Authorization Code'."\n" ."\n" .'Scenario: This is the standard OAuth 2.0 authorization code flow, which is suitable for web applications with frontend interaction.'."\n" .'Example call:'."\n" ."\n" .'```'."\n" .'POST /v2/{instanceId}/{applicationId}/oauth2/token'."\n" .'Content-Type: application/x-www-form-urlencoded'."\n" ."\n" .'grant_type=authorization_code'."\n" .'&code={authorization_code}'."\n" .'&redirect_uri={redirect_uri}'."\n" .'&client_id={client_id}'."\n" .'&client_secret={client_secret}'."\n" .'```'."\n" ."\n" .'Parameters:'."\n" ."\n" .'● code: The authorization code obtained from the authorization endpoint.'."\n" ."\n" .'● redirect\\_uri: Must be the same as the redirect\\_uri that was used to obtain the authorization code.'."\n" ."\n" .'### 1.1 Authorization Code for public clients'."\n" ."\n" .'Scenario: This scenario is suitable for applications that cannot securely store a secret, such as single-page applications (SPAs) or native applications. In this flow, a client\\_secret is not required, but you must use the Proof Key for Code Exchange (PKCE) mechanism. Example call:'."\n" ."\n" .'```'."\n" .'POST /v2/{instanceId}/{applicationId}/oauth2/token'."\n" .'Content-Type: application/x-www-form-urlencoded'."\n" ."\n" .'grant_type=authorization_code'."\n" .'&code={authorization_code}'."\n" .'&redirect_uri={redirect_uri}'."\n" .'&client_id={client_id}'."\n" .'&code_verifier={code_verifier}'."\n" .'```'."\n" ."\n" .'Parameters:'."\n" ."\n" .'● code\\_verifier: The code verifier for the PKCE mechanism. The client generates it when initiating an authorization request and uses it to derive the \\`code\\_challenge\\`. When exchanging for a token, you must submit this value. It must be identical to the value used to generate the \\`code\\_challenge\\`.'."\n" ."\n" .'Java example for generating a code\\_verifier and code\\_challenge:'."\n" ."\n" .'```java'."\n" .'String codeVerifier = Base64.getUrlEncoder().withoutPadding().encodeToString(new SecureRandom().generateSeed(43));'."\n" .'String codeChallenge = Base64.getUrlEncoder().withoutPadding().encodeToString(java.security.MessageDigest.getInstance("SHA-256").digest(codeVerifier.getBytes()));'."\n" .'```'."\n" ."\n" .'### 2. Device Flow'."\n" ."\n" .'Scenario: This scenario is suitable for input-constrained devices, such as TVs and IoT devices. Example call:'."\n" ."\n" .'```'."\n" .'POST /v2/{instanceId}/{applicationId}/oauth2/token'."\n" .'Content-Type: application/x-www-form-urlencoded'."\n" ."\n" .'grant_type=urn:ietf:params:oauth:grant-type:device_code'."\n" .'&device_code={device_code}'."\n" .'&client_id={client_id}'."\n" .'&client_secret={client_secret}'."\n" .'```'."\n" ."\n" .'To obtain the device code, first call `/oauth2/device/code` to retrieve the device\\_code and user\\_code.'."\n" ."\n" .'### 2.1 Device Flow for public clients'."\n" ."\n" .'Scenario: This scenario is used when interactive logon is not convenient and the client is a public client. Example call:'."\n" ."\n" .'```'."\n" .'POST /v2/{instanceId}/{applicationId}/oauth2/token'."\n" .'Content-Type: application/x-www-form-urlencoded'."\n" ."\n" .'grant_type=urn:ietf:params:oauth:grant-type:device_code'."\n" .'&device_code={device_code}'."\n" .'&client_id={client_id}'."\n" .'```'."\n" ."\n" .'### 3. Refresh Token'."\n" ."\n" .'Scenario: This scenario uses a refresh\\_token to obtain a new access\\_token. Example call:'."\n" ."\n" .'```'."\n" .'POST /v2/{instanceId}/{applicationId}/oauth2/token'."\n" .'Content-Type: application/x-www-form-urlencoded'."\n" ."\n" .'grant_type=refresh_token'."\n" .'&refresh_token={refresh_token}'."\n" .'&client_id={client_id}'."\n" .'&client_secret={client_secret}'."\n" .'```'."\n" ."\n" .'### 4. Client Credentials'."\n" ."\n" .'Scenario: This scenario is for server-to-server authentication without user involvement. Example call:'."\n" ."\n" .'```'."\n" .'POST /v2/{instanceId}/{applicationId}/oauth2/token'."\n" .'Content-Type: application/x-www-form-urlencoded'."\n" ."\n" .'grant_type=client_credentials'."\n" .'&client_id={client_id}'."\n" .'&client_secret={client_secret}'."\n" .'&scope={scope}'."\n" .'```'."\n" ."\n" .'### 5. Password'."\n" ."\n" .'Scenario: This scenario uses traditional username and password authentication. Use this method with caution. Example call:'."\n" ."\n" .'```'."\n" .'POST /v2/{instanceId}/{applicationId}/oauth2/token'."\n" .'Content-Type: application/x-www-form-urlencoded'."\n" ."\n" .'grant_type=password'."\n" .'&username={username}'."\n" .'&password={password}'."\n" .'&client_id={client_id}'."\n" .'&scope={scope}'."\n" .'```', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_grant | Invalid or not supported grant\\_type: client\\_credentials| 应用API未开放 |'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"token_type\\": \\"Bearer\\",\\n \\"access_token\\": \\"ATxxx\\",\\n \\"refresh_token\\": \\"RTxxx\\",\\n \\"expires_in\\": 1200,\\n \\"expires_at\\": 1653288641,\\n \\"id_token\\": \\"xxxxx\\"\\n}","type":"json"}]', ], 'GenerateTokenByAuthorizationServer' => [ 'path' => '/v2/{instanceId}/authorizationServer/{authorizationServerId}/oauth2/token', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'produces' => ['application/json'], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], ], 'parameters' => [ [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'Instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'authorizationServerId', 'in' => 'path', 'schema' => ['description' => 'Authorization server ID.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'iauths_system'], ], [ 'name' => 'grant_type', 'in' => 'query', 'schema' => ['description' => 'Grant type.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'authorization_code'], ], [ 'name' => 'client_id', 'in' => 'query', 'schema' => ['description' => 'Client ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'code', 'in' => 'query', 'schema' => ['description' => 'Authorization code. Required when grant\\_type is authorization\\_code.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'CO541xY59EsKniV2wvWDXZ4jiKxxxxx'], ], [ 'name' => 'username', 'in' => 'query', 'schema' => ['description' => 'Username.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'userxxxxx'], ], [ 'name' => 'password', 'in' => 'query', 'schema' => ['description' => 'Password.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'testxxxxx'], ], [ 'name' => 'device_code', 'in' => 'query', 'schema' => ['description' => 'Device code. Required when grant\\_type is urn:ietf:params:oauth:grant-type:device\\_code.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'DCxxxxxx'], ], [ 'name' => 'redirect_uri', 'in' => 'query', 'schema' => ['description' => 'Redirection URI. Required when grant\\_type is authorization\\_code. Must match the redirect\\_uri used in the authorization code request.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'https://example.com/xxxxx'], ], [ 'name' => 'refresh_token', 'in' => 'query', 'schema' => ['description' => 'Refresh token.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'RTxxxxx'], ], [ 'name' => 'scope', 'in' => 'query', 'schema' => ['description' => 'Scope.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => 'openid'], ], [ 'name' => 'code_verifier', 'in' => 'query', 'schema' => ['description' => 'You can validate the code.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'xxxxx'], ], [ 'name' => 'client_assertion', 'in' => 'query', 'schema' => ['description' => 'Client assertion.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'eyJraWQiOiJLRVlLZ0Iyxxxxx'], ], [ 'name' => 'client_assertion_type', 'in' => 'query', 'schema' => ['description' => 'Client assertion type.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'], ], [ 'name' => 'application_federated_credential_name', 'in' => 'query', 'schema' => ['description' => 'Federated application credential name.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'testxxxxx'], ], [ 'name' => 'client_x509', 'in' => 'query', 'schema' => ['description' => 'Client certificate.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'testxxxxx'], ], [ 'name' => 'client_x509_chain', 'in' => 'query', 'schema' => ['description' => 'Intermediate certificate list.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'testxxxxx'], ], [ 'name' => 'client_secret', 'in' => 'query', 'schema' => ['description' => 'Client key.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'CSEHDcHcrUKHw1CuxkJEHPveWRxxxxx'], ], ], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ 'token_type' => ['description' => 'Token type.', 'type' => 'string', 'example' => 'Bearer', 'title' => ''], 'access_token' => ['description' => 'Access credential.', 'type' => 'string', 'example' => 'eyJraWQiOiJLRVlLZ0Iyxxxxx'."\n", 'title' => ''], 'refresh_token' => ['description' => 'Refresh token.', 'type' => 'string', 'example' => 'ATxxxxx', 'title' => ''], 'expires_in' => ['description' => 'Validity period of the access credential, in seconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1200', 'title' => ''], 'expires_at' => ['description' => 'Expiration time of the access credential, as a UNIX timestamp in seconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1653288641', 'title' => ''], 'id_token' => ['description' => 'Identity credential.', 'type' => 'string', 'example' => 'eyJraWQiOiJLRVlLZ0Iyxxxxx'."\n", 'title' => ''], 'scope' => ['description' => 'Scope.', 'type' => 'string', 'example' => 'openid', 'title' => ''], ], 'title' => '', 'description' => 'Token information.', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'GenerateTokenByAuthorizationServer', 'summary' => 'The token endpoint for an instance-level authorization server.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"token_type\\": \\"Bearer\\",\\n \\"access_token\\": \\"eyJraWQiOiJLRVlLZ0Iyxxxxx\\\\n\\",\\n \\"refresh_token\\": \\"ATxxxxx\\",\\n \\"expires_in\\": 1200,\\n \\"expires_at\\": 1653288641,\\n \\"id_token\\": \\"eyJraWQiOiJLRVlLZ0Iyxxxxx\\\\n\\",\\n \\"scope\\": \\"openid\\"\\n}","type":"json"}]', ], 'GetApplicationProvisioningScope' => [ 'path' => '/v2/{instanceId}/{applicationId}/provisioningScope', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas60YEMV'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information.'."\n" .'Format: Bearer ${access\\_token}.'."\n" .'Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => ' '."\n" .'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'description' => 'The response.', 'type' => 'object', 'properties' => [ 'organizationalUnitIds' => [ 'title' => '', 'description' => 'The list of organization IDs.', 'type' => 'array', 'items' => ['description' => 'The organization ID.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'example' => '[ou_xxx001]', ], 'groupIds' => [ 'description' => 'The list of group IDs.', 'type' => 'array', 'items' => ['description' => 'The group ID.', 'type' => 'string', 'example' => 'group_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'title' => '', 'example' => '', ], ], 'example' => '', ], ], ], 'title' => 'GetApplicationProvisioningScope', 'summary' => 'The GetApplicationProvisioningScope operation retrieves the synchronization scope of an application in a specific instance.', 'description' => '> - You can set the synchronization scope in Application Management in the IDaaS console. After you create an application, you have permission to call this API by default.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_001| 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:user:read_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"organizationalUnitIds\\": [\\n \\"ou_wovwffm62xifdziem7an7xxxxx\\"\\n ],\\n \\"groupIds\\": [\\n \\"group_wovwffm62xifdziem7an7xxxxx\\"\\n ]\\n}","type":"json"}]', ], 'GetGroup' => [ 'summary' => 'Retrieves the details of a group.', 'path' => '/v2/{instanceId}/{applicationId}/groups/{groupId}', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas1LGU5E'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. The value is in the Bearer ${access\\_token} format. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'groupId', 'in' => 'path', 'schema' => ['description' => 'The group ID.', 'type' => 'string', 'required' => true, 'example' => 'group_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'DeveloperGroupDTO', 'description' => 'DeveloperGroupDTO', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The instance ID.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'groupId' => ['description' => 'The group ID.', 'type' => 'string', 'example' => 'group_ufdsasn35ea5lmthk267xxxxx', 'title' => ''], 'groupName' => ['description' => 'The group name.', 'type' => 'string', 'example' => 'name_test', 'title' => ''], 'description' => ['description' => 'The group description.', 'type' => 'string', 'example' => 'description_demo', 'title' => ''], 'groupExternalId' => ['description' => 'The external ID of the group.', 'type' => 'string', 'example' => 'group_ufdsasn35ea5lmthk267xxxxx', 'title' => ''], 'groupSourceType' => ['description' => 'The source type of the group. Valid values: build\\_in, ding\\_talk, ad, and ldap.', 'type' => 'string', 'example' => 'build_in', 'title' => ''], 'groupSourceId' => ['description' => 'The source ID of the group.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'createTime' => ['description' => 'The time when the group was created. The value is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'updateTime' => ['description' => 'The time when the group was last updated. The value is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], ], 'example' => '', ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"groupId\\": \\"group_ufdsasn35ea5lmthk267xxxxx\\",\\n \\"groupName\\": \\"name_test\\",\\n \\"description\\": \\"description_demo\\",\\n \\"groupExternalId\\": \\"group_ufdsasn35ea5lmthk267xxxxx\\",\\n \\"groupSourceType\\": \\"build_in\\",\\n \\"groupSourceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"createTime\\": 1652085686179,\\n \\"updateTime\\": 1652085686179\\n}","type":"json"}]', 'title' => 'GetGroup', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], ], 'GetOrganizationalUnit' => [ 'summary' => 'Retrieves the information about an organizational unit.', 'path' => '/v2/{instanceId}/{applicationId}/organizationalUnits/{organizationalUnitId}', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas3S4NKL'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'organizationalUnitId', 'in' => 'path', 'schema' => ['description' => 'The ID of the organizational unit.', 'type' => 'string', 'required' => true, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'DeveloperOrganizationalUnitDTO', 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The instance ID.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'organizationalUnitId' => ['description' => 'The ID of the organizational unit.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'organizationalUnitName' => ['description' => 'The name of the organizational unit.', 'type' => 'string', 'example' => 'name001', 'title' => ''], 'parentId' => ['description' => 'The ID of the parent organizational unit.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'organizationalUnitExternalId' => ['description' => 'The external ID of the organizational unit.', 'type' => 'string', 'example' => 'id_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'organizationalUnitSourceType' => ['description' => 'The source type of the organizational unit. Valid values:'."\n" ."\n" .'- build\\_in: The organizational unit was created in Identity as a Service (IDaaS).'."\n" ."\n" .'- ding\\_talk: The organizational unit was imported from DingTalk.'."\n" ."\n" .'- ad: The organizational unit was imported from Microsoft Active Directory (AD).'."\n" ."\n" .'- ldap: The organizational unit was imported from a Lightweight Directory Access Protocol (LDAP) service.', 'type' => 'string', 'example' => 'build_in', 'title' => ''], 'organizationalUnitSourceId' => ['description' => 'The source ID of the organizational unit.', 'type' => 'string', 'example' => 'id_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'createTime' => ['description' => 'The time when the organizational unit was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652083425923', 'title' => ''], 'updateTime' => ['description' => 'The time when the organizational unit was last updated. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652083425923', 'title' => ''], 'description' => ['description' => 'The description of the organizational unit.', 'type' => 'string', 'example' => 'xxxxx', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'GetOrganizationalUnit', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 400 | OrganizationUnitIdNotInScopes | organizationUnitId : ou_wovwffm62xifdziem7an7xxxxx not in provisioning scope! | 组织不在同步范围内|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:organizational_unit:read_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"organizationalUnitId\\": \\"ou_wovwffm62xifdziem7an7xxxxx\\",\\n \\"organizationalUnitName\\": \\"name001\\",\\n \\"parentId\\": \\"ou_wovwffm62xifdziem7an7xxxxx\\",\\n \\"organizationalUnitExternalId\\": \\"id_wovwffm62xifdziem7an7xxxxx\\",\\n \\"organizationalUnitSourceType\\": \\"build_in\\",\\n \\"organizationalUnitSourceId\\": \\"id_wovwffm62xifdziem7an7xxxxx\\",\\n \\"createTime\\": 1652083425923,\\n \\"updateTime\\": 1652083425923,\\n \\"description\\": \\"xxxxx\\"\\n}","type":"json"}]', ], 'GetOrganizationalUnitIdByExternalId' => [ 'summary' => 'Obtains the ID of an organizational unit based on the external ID', 'path' => '/v2/{instanceId}/{applicationId}/organizationalUnits/_/actions/getOrganizationalUnitIdByExternalId', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasZCZ2SC'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij'."\n", 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'organizationalUnitExternalId' => ['description' => 'The external ID of the organizational unit. The external ID can be used to map external data to the data of the organizational unit in Employee Identity and Access Management (EIAM) of Identity as a Service (IDaaS). By default, the external ID is the organizational unit ID.'."\n" ."\n" .'Note: For organizational units with the same source type and source ID, each organizational unit has a unique external ID.', 'type' => 'string', 'required' => true, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'organizationalUnitSourceType' => ['description' => 'The source type of the organizational unit. Valid values:'."\n" ."\n" .'- build\\_in: The organizational unit was created in IDaaS.'."\n" ."\n" .'- ding\\_talk: The organizational unit was imported from DingTalk.'."\n" ."\n" .'- ad: The organizational unit was imported from Microsoft Active Directory (AD).'."\n" ."\n" .'- ldap: The organizational unit was imported from a Lightweight Directory Access Protocol (LDAP) service.', 'type' => 'string', 'required' => true, 'example' => 'build_in', 'title' => ''], 'organizationalUnitSourceId' => ['description' => 'The source ID of the organizational unit.'."\n" ."\n" .'If the organizational unit was created in IDaaS, its source ID is the ID of the IDaaS instance. If the organizational unit was imported, its source ID is the enterprise ID in the source. For example, if the organizational unit was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], 'required' => false, 'example' => 'xxx001', 'title' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'OrganizationalUnitIdObject', 'description' => 'OrganizationalUnitIdObject', 'type' => 'object', 'properties' => [ 'organizationalUnitId' => ['description' => 'The ID of the organizational unit.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'GetOrganizationalUnitIdByExternalId', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"organizationalUnitId\\": \\"ou_wovwffm62xifdziem7an7xxxxx\\"\\n}","type":"json"}]', ], 'GetUser' => [ 'summary' => 'Retrieves the details of an Employee Identity and Access Management (EIAM) account.', 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasY4QW79'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. The value is in the Bearer ${access\\_token} format. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The account ID.', 'type' => 'string', 'required' => true, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'DeveloperUserDetailDTO', 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The instance ID.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'organizationalUnits' => [ 'title' => '', 'description' => 'The organizational units to which the account belongs.', 'type' => 'array', 'items' => [ 'description' => 'The organizational unit.', 'type' => 'object', 'properties' => [ 'organizationalUnitId' => ['description' => 'The ID of the organizational unit.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'organizationalUnitName' => ['description' => 'The name of the organizational unit.', 'type' => 'string', 'example' => 'name001', 'title' => ''], 'primary' => ['description' => 'Indicates whether the organizational unit is the primary organizational unit.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], ], 'title' => '', 'example' => '', ], 'example' => '', ], 'primaryOrganizationalUnitId' => ['description' => 'The ID of the primary organizational unit of the account.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'customFields' => [ 'title' => '', 'description' => 'The extended fields of the account.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ 'fieldName' => ['description' => 'The name of the extended field.', 'type' => 'string', 'example' => 'xxxx', 'title' => ''], 'fieldValue' => ['description' => 'The value of the extended field. Field values are returned as strings regardless of the data types of the fields. For example, true or false is returned for a Boolean field.', 'type' => 'string', 'example' => '字段数据值', 'title' => ''], ], 'title' => '', 'example' => '', ], 'example' => '', ], 'userId' => ['description' => 'The account ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], 'username' => ['description' => 'The username of the account.', 'type' => 'string', 'example' => 'name001', 'title' => ''], 'displayName' => ['description' => 'The display name of the account.', 'type' => 'string', 'example' => 'display_name001', 'title' => ''], 'passwordSet' => ['description' => 'Indicates whether the password is set.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'phoneRegion' => ['description' => 'The country code of the mobile number. For example, the country code of China is 86 without 00 or +.', 'type' => 'string', 'example' => '86', 'title' => ''], 'phoneNumber' => ['description' => 'The mobile number of the user who owns the account.', 'type' => 'string', 'example' => '156xxxxxxx', 'title' => ''], 'phoneNumberVerified' => ['description' => 'Indicates whether the mobile number has been verified. A value of true indicates that the mobile number has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the mobile number has not been verified.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'email' => ['description' => 'The email address of the user.', 'type' => 'string', 'example' => 'example@example.com', 'title' => ''], 'emailVerified' => ['description' => 'Indicates whether the email address has been verified. A value of true indicates that the email address has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the email address has not been verified.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'userExternalId' => ['description' => 'The external ID of the account. The external ID can be used to map external data to the data of the account in EIAM of Identity as a Service (IDaaS). By default, the external ID is the account ID.'."\n" ."\n" .'Note: For accounts with the same source type and source ID, each account has a unique external ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], 'userSourceType' => ['description' => 'The source type of the account. Valid values:'."\n" ."\n" .'- build\\_in: The account was created in IDaaS.'."\n" ."\n" .'- ding\\_talk: The account was imported from DingTalk.'."\n" ."\n" .'- ad: The account was imported from Microsoft Active Directory (AD).'."\n" ."\n" .'- ldap: The account was imported from a Lightweight Directory Access Protocol (LDAP) service.', 'type' => 'string', 'example' => 'build_in', 'title' => ''], 'userSourceId' => ['description' => 'The source ID of the account.'."\n" ."\n" .'If the account was created in IDaaS, its source ID is the ID of the IDaaS instance. If the account was imported, its source ID is the enterprise ID in the source. For example, if the account was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'status' => ['description' => 'The status of the account. Valid values: enabled disabled', 'type' => 'string', 'example' => 'enabled', 'title' => ''], 'accountExpireTime' => ['description' => 'The time when the account expires. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'registerTime' => ['description' => 'The time when the account was registered. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'lockExpireTime' => ['description' => 'The time when the account lock expires. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'createTime' => ['description' => 'The time when the account was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'updateTime' => ['description' => 'The time when the account was last modified. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'description' => ['description' => 'The description of the account.', 'type' => 'string', 'example' => '测试账户', 'title' => ''], 'groups' => [ 'title' => '', 'description' => 'The groups to which the account belongs.', 'type' => 'array', 'items' => [ 'description' => 'The information about the group to which the account belongs.', 'type' => 'object', 'properties' => [ 'groupId' => ['description' => 'The group ID.', 'type' => 'string', 'example' => 'group_ufdsasn35ea5lmthk267xxxxx', 'title' => ''], 'groupName' => ['description' => 'The group name.', 'type' => 'string', 'example' => 'name_test', 'title' => ''], 'description' => ['description' => 'The group description.', 'type' => 'string', 'example' => 'description_demo', 'title' => ''], ], 'title' => '', 'example' => '', ], 'example' => '', ], ], 'example' => '', ], ], ], 'title' => 'GetUser', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 400 | MissingParameter.xxxx | The specified parameter:xxx is required! | 缺少xxxx参数 |'."\n" .'| 400 | InvalidParameter.xxxx | The specified parameter:xxxx is required! | xxxx参数无效 |'."\n" .'| 404 | ResourceNotFound.User | The specified User resource: user_d6sbsuumeta4h66ec3il7yxxxx not found. | 账户不存在 |'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:user:read_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"organizationalUnits\\": [\\n {\\n \\"organizationalUnitId\\": \\"ou_wovwffm62xifdziem7an7xxxxx\\",\\n \\"organizationalUnitName\\": \\"name001\\",\\n \\"primary\\": true\\n }\\n ],\\n \\"primaryOrganizationalUnitId\\": \\"ou_wovwffm62xifdziem7an7xxxxx\\",\\n \\"customFields\\": [\\n {\\n \\"fieldName\\": \\"xxxx\\",\\n \\"fieldValue\\": \\"字段数据值\\"\\n }\\n ],\\n \\"userId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\",\\n \\"username\\": \\"name001\\",\\n \\"displayName\\": \\"display_name001\\",\\n \\"passwordSet\\": true,\\n \\"phoneRegion\\": \\"86\\",\\n \\"phoneNumber\\": \\"156xxxxxxx\\",\\n \\"phoneNumberVerified\\": true,\\n \\"email\\": \\"example@example.com\\",\\n \\"emailVerified\\": true,\\n \\"userExternalId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\",\\n \\"userSourceType\\": \\"build_in\\",\\n \\"userSourceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"status\\": \\"enabled\\",\\n \\"accountExpireTime\\": 1652085686179,\\n \\"registerTime\\": 1652085686179,\\n \\"lockExpireTime\\": 1652085686179,\\n \\"createTime\\": 1652085686179,\\n \\"updateTime\\": 1652085686179,\\n \\"description\\": \\"测试账户\\",\\n \\"groups\\": [\\n {\\n \\"groupId\\": \\"group_ufdsasn35ea5lmthk267xxxxx\\",\\n \\"groupName\\": \\"name_test\\",\\n \\"description\\": \\"description_demo\\"\\n }\\n ]\\n}","type":"json"}]', ], 'GetUserIdByEmail' => [ 'path' => '/v2/{instanceId}/{applicationId}/users/_/actions/getUserIdByEmail', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasY4QW79'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'email' => ['description' => 'The email address of the user who owns the account.', 'type' => 'string', 'required' => true, 'example' => 'example@example.com', 'title' => ''], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'userId' => ['description' => 'The account ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'GetUserIdByEmail', 'summary' => 'Queries the ID of an Employee Identity and Access Management (EIAM) account by email address.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid_token | Access token is not valid | token无效|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:user:manager_all] | 缺少API授权信息 |'."\n" .'| 400 | MissingParameter.Email | The specified parameter: Email is required! | 缺少Email参数 |'."\n" .'| 400 | ResourceNotFound.UserId| The specified UserId resource: %s not found. | 账户ID不存在 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"userId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\"\\n}","type":"json"}]', ], 'GetUserIdByPhoneNumber' => [ 'path' => '/v2/{instanceId}/{applicationId}/users/_/actions/getUserIdByPhoneNumber', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasY4QW79'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij'."\n", 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'phoneNumber' => ['description' => 'The mobile number of the user who owns the account.', 'type' => 'string', 'required' => true, 'example' => '156xxxxxxx', 'title' => ''], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'userId' => ['description' => 'The account ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'GetUserIdByPhoneNumber', 'summary' => 'Queries the ID of an Employee Identity and Access Management (EIAM) account based on the mobile number.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid_token | Access token is not valid | token无效|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:user:manager_all] | 缺少API授权信息 |'."\n" .'| 400 | MissingParameter.PhoneNumber| The specified parameter: PhoneNumber is required! | 缺少Email参数 |'."\n" .'| 400 | ResourceNotFound.UserId| The specified UserId resource: %s not found. | 账户ID不存在 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"userId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\"\\n}","type":"json"}]', ], 'GetUserIdByUserExternalId' => [ 'path' => '/v2/{instanceId}/{applicationId}/users/_/actions/getUserIdByExternalId', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasY4QW79'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'userExternalId' => ['description' => 'The external ID of the account.', 'type' => 'string', 'required' => true, 'example' => 'xxx001', 'title' => ''], 'userSourceType' => ['description' => 'The source type of the account. Valid values:'."\n" ."\n" .'- build\\_in: The account was created in Identity as a Service (IDaaS).'."\n" ."\n" .'- ding\\_talk: The account was imported from DingTalk.'."\n" ."\n" .'- ad: The account was imported from Microsoft Active Directory (AD).'."\n" ."\n" .'- ldap: The account was imported from a Lightweight Directory Access Protocol (LDAP) service.', 'type' => 'string', 'required' => true, 'example' => 'build_in', 'title' => ''], 'userSourceId' => ['description' => 'The source ID of the account. If the account was created in IDaaS, its source ID is the ID of the IDaaS instance. If the account was imported, its source ID is the enterprise ID in the source. For example, if the account was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'userId' => ['description' => 'The account ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'GetUserIdByUserExternalId', 'summary' => 'Queries the ID of an Employee Identity and Access Management (EIAM) account based on the external ID.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid_token | Access token is not valid | token无效|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:user:manager_all] | 缺少API授权信息 |'."\n" .'| 400 | MissingParameter.UserExternalId | The specified parameter: UserExternalId is required! | 缺少UserExternalId参数 |'."\n" .'| 400 | MissingParameter.UserSourceType | The specified parameter: UserSourceType is required! | 缺少UserSourceType参数 |'."\n" .'| 400 | MissingParameter.UserSourceId | The specified parameter: UserSourceId is required! | 缺少UserSourceId参数 |'."\n" .'| 400 | ResourceNotFound.UserId| The specified UserId resource: %s not found. | 账户ID不存在 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"userId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\"\\n}","type":"json"}]', ], 'GetUserIdByUsername' => [ 'path' => '/v2/{instanceId}/{applicationId}/users/_/actions/getUserIdByUsername', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasY4QW79'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'username' => ['description' => 'The username of the account.', 'type' => 'string', 'required' => true, 'example' => 'username_001', 'title' => ''], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'userId' => ['description' => 'The account ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'GetUserIdByUsername', 'summary' => 'Queries the ID of an Employee Identity and Access Management (EIAM) account based on the username.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"userId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\"\\n}","type":"json"}]', ], 'GetUserInfo' => [ 'summary' => 'Retrieves the information about a user by using the user token.', 'path' => '/v2/{instanceId}/{applicationId}/oauth2/userinfo', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasY4QW79'], ], 'parameters' => [ [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Map', 'description' => 'The response parameters.', 'type' => 'object', 'additionalProperties' => ['description' => 'The user information.', 'type' => 'any', 'example' => '无', 'title' => ''], 'example' => '', ], ], ], 'title' => 'GetUserInfo', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_request | Application is not OIDC application| 非OIDC应用 |'."\n" .'| 400 | invalid\\_token | Invalid token| token无效 |'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"key\\": \\"无\\"\\n}","type":"json"}]', ], 'ListAuthenticationTokens' => [ 'summary' => 'Lists authentication tokens.', 'path' => '/v2/{instanceId}/authenticationTokens', 'methods' => ['get'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'Authentication information. Format: Bearer ${access\\_token}.'."\n" ."\n" .'> Enter an IDaaS-issued Access Token.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'Instance ID.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'nextToken', 'in' => 'query', 'schema' => ['description' => 'Token that marks the start of the next page in a paged query.', 'type' => 'string', 'example' => 'NTxxxxxexample', 'title' => '', 'required' => false], ], [ 'name' => 'maxResults', 'in' => 'query', 'schema' => ['description' => 'Maximum number of records to return in this paged query.', 'type' => 'integer', 'format' => 'int64', 'example' => '20', 'default' => '20', 'title' => '', 'required' => false], ], [ 'name' => 'consumerId', 'in' => 'query', 'schema' => ['description' => 'ID of the authentication token consumer.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'app_ngtkgrrxxxxktg5eao6z4xxxxx'], ], [ 'name' => 'credentialProviderIdentifier', 'in' => 'query', 'schema' => ['description' => 'Credential provider identifier.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'test_example_identifier'], ], [ 'name' => 'revoked', 'in' => 'query', 'schema' => ['description' => 'Indicates whether the authentication token is revoked.', 'type' => 'boolean', 'title' => '', 'required' => false, 'example' => 'false'], ], [ 'name' => 'expired', 'in' => 'query', 'schema' => ['description' => 'Indicates whether the authentication token is expired.', 'type' => 'boolean', 'title' => '', 'required' => false, 'example' => 'false'], ], ], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ 'entities' => [ 'description' => 'List of resource entities.', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'Instance ID.', 'type' => 'string', 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], 'authenticationTokenId' => ['description' => 'Authentication token ID.', 'type' => 'string', 'title' => '', 'example' => 'atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx'], 'credentialProviderId' => ['description' => 'Credential provider ID.', 'type' => 'string', 'title' => '', 'example' => 'atp_01kr2cmj5gxxx4fvmls2e93dxxxxx'], 'createTime' => ['description' => 'Creation time of the authentication token, as a UNIX timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'updateTime' => ['description' => 'Last update time of the authentication token, as a UNIX timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'authenticationTokenType' => ['description' => 'Authentication token type. Valid values:'."\n" ."\n" .'- jwt: JWT authentication token'."\n" ."\n" .'- oauth\\_access\\_token: OAuth Access Token authentication token', 'type' => 'string', 'title' => '', 'example' => 'jwt'], 'revoked' => ['description' => 'Indicates whether the authentication token is revoked.', 'type' => 'boolean', 'title' => '', 'example' => 'false'], 'creatorType' => ['description' => 'Type of the authentication token creator. Valid values:'."\n" ."\n" .'- application: Application', 'type' => 'string', 'title' => '', 'example' => 'application'], 'creatorId' => ['description' => 'ID of the authentication token creator.', 'type' => 'string', 'title' => '', 'example' => 'app_ngtkgrrxxxxktg5eao6z4xxxxx'], 'consumerType' => ['description' => 'Type of the authentication token consumer. Valid values:'."\n" ."\n" .'- application: Application'."\n" ."\n" .'- custom: Custom type', 'type' => 'string', 'title' => '', 'example' => 'custom'], 'consumerId' => ['description' => 'ID of the authentication token consumer.', 'type' => 'string', 'title' => '', 'example' => 'test_jwt_subject'], 'expirationTime' => ['description' => 'Expiration time of the authentication token, as a UNIX timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1772693568000'], ], 'title' => '', 'description' => 'Authentication token details.', 'example' => '', ], 'title' => '', 'example' => '', ], 'totalCount' => ['description' => 'Total number of resource entities that match the query criteria.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '100'], 'nextToken' => ['description' => 'Token returned by this call. Use it for the next paged query to get the next page.', 'type' => 'string', 'title' => '', 'example' => 'NTxxxexample'], 'maxResults' => ['description' => 'Maximum number of records returned in this query.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '20'], ], 'description' => 'Paged query result.', 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ListAuthenticationTokens', 'description' => 'This API uses an Access Token issued by IDaaS for identity authentication and authorization.'."\n" ."\n" .'Ensure that the Access Token you provide has the Query authentication tokens permission for the built-in Privileged Access Management (PAM) application in IDaaS.'."\n" ."\n" .'> The required scope is `urn:cloud:idaas:pam|authentication_token:read`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"entities\\": [\\n {\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"authenticationTokenId\\": \\"atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx\\",\\n \\"credentialProviderId\\": \\"atp_01kr2cmj5gxxx4fvmls2e93dxxxxx\\",\\n \\"createTime\\": 1649830225000,\\n \\"updateTime\\": 1649830225000,\\n \\"authenticationTokenType\\": \\"jwt\\",\\n \\"revoked\\": false,\\n \\"creatorType\\": \\"application\\",\\n \\"creatorId\\": \\"app_ngtkgrrxxxxktg5eao6z4xxxxx\\",\\n \\"consumerType\\": \\"custom\\",\\n \\"consumerId\\": \\"test_jwt_subject\\",\\n \\"expirationTime\\": 1772693568000\\n }\\n ],\\n \\"totalCount\\": 100,\\n \\"nextToken\\": \\"NTxxxexample\\",\\n \\"maxResults\\": 20\\n}","type":"json"}]', ], 'ListGroups' => [ 'summary' => 'Retrieves information about Employee Identity and Access Management (EIAM) groups by page.', 'path' => '/v2/{instanceId}/{applicationId}/groups', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas1LGU5E'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. The value is in the Bearer ${access\\_token} format. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'groupNameStartWith', 'in' => 'query', 'schema' => ['description' => 'The prefix of the group name.', 'type' => 'string', 'example' => 'group_xxx', 'title' => '', 'required' => false], ], [ 'name' => 'nextToken', 'in' => 'query', 'schema' => ['title' => 'nextToken', 'description' => 'nextToken', 'type' => 'string', 'example' => 'NTxxx', 'required' => false], ], [ 'name' => 'maxResults', 'in' => 'query', 'schema' => ['description' => 'The number of entries per page. Default value: 20.', 'type' => 'integer', 'format' => 'int32', 'example' => '20', 'title' => '', 'required' => false], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'DeveloperNextTokenResponse', 'description' => 'DeveloperNextTokenResponse', 'type' => 'object', 'properties' => [ 'totalCount' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int64', 'example' => '1000', 'title' => ''], 'data' => [ 'description' => 'The returned data.', 'type' => 'array', 'items' => [ 'description' => 'The returned data.', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The instance ID.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'groupId' => ['description' => 'The group ID.', 'type' => 'string', 'example' => 'group_ufdsasn35ea5lmthk267xxxxx', 'title' => ''], 'groupName' => ['description' => 'The group name.', 'type' => 'string', 'example' => 'name_test', 'title' => ''], 'description' => ['description' => 'The group description.', 'type' => 'string', 'example' => 'description_demo', 'title' => ''], 'groupExternalId' => ['description' => 'The external ID of the group.', 'type' => 'string', 'example' => 'group_ufdsasn35ea5lmthk267xxxxx', 'title' => ''], 'groupSourceType' => ['description' => 'The source type of the group. Valid values: build\\_in, ding\\_talk, ad, and ldap.', 'type' => 'string', 'example' => 'build_in', 'title' => ''], 'groupSourceId' => ['description' => 'The source ID of the group.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'createTime' => ['description' => 'The time when the group was created. The value is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'updateTime' => ['description' => 'The time when the group was last updated. The value is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], 'nextToken' => ['description' => 'The start position of the query. If this parameter is left empty, the query starts from the beginning.', 'type' => 'string', 'example' => 'NTxxx', 'title' => ''], 'maxResults' => ['description' => 'The maximum number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '20', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'ListGroups', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"totalCount\\": 1000,\\n \\"data\\": [\\n {\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"groupId\\": \\"group_ufdsasn35ea5lmthk267xxxxx\\",\\n \\"groupName\\": \\"name_test\\",\\n \\"description\\": \\"description_demo\\",\\n \\"groupExternalId\\": \\"group_ufdsasn35ea5lmthk267xxxxx\\",\\n \\"groupSourceType\\": \\"build_in\\",\\n \\"groupSourceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"createTime\\": 1652085686179,\\n \\"updateTime\\": 1652085686179\\n }\\n ],\\n \\"nextToken\\": \\"NTxxx\\",\\n \\"maxResults\\": 20\\n}","type":"json"}]', ], 'ListGroupsForUser' => [ 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}/actions/listGroupsForUser', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasY4QW79'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information.'."\n" .'Format: Bearer ${access\\_token}.'."\n" .'Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The user ID.', 'type' => 'string', 'required' => true, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], [ 'name' => 'nextToken', 'in' => 'query', 'schema' => ['title' => 'nextToken', 'description' => 'The token to retrieve the next page of results. Leave this parameter empty to query from the first page.', 'type' => 'string', 'example' => 'NTxxx', 'required' => false], ], [ 'name' => 'maxResults', 'in' => 'query', 'schema' => ['description' => 'The number of entries per page. Default value: 20.', 'type' => 'integer', 'format' => 'int32', 'example' => '20', 'title' => '', 'required' => false], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'DeveloperNextTokenResponse', 'description' => 'The response object.', 'type' => 'object', 'properties' => [ 'totalCount' => ['description' => 'The total number of entries.', 'type' => 'integer', 'format' => 'int64', 'example' => '1000', 'title' => ''], 'data' => [ 'description' => 'The data object.', 'type' => 'array', 'items' => [ 'description' => 'The data object.', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The instance ID.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'groupId' => ['description' => 'The group ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], 'groupMemberRelationSourceId' => ['description' => 'The source ID of the group membership.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'groupMemberRelationSourceType' => ['description' => 'The source type of the group membership.', 'type' => 'string', 'example' => 'build_in', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], 'nextToken' => ['description' => 'The token to retrieve the next page of results. If this parameter is not returned, all results have been returned.', 'type' => 'string', 'example' => 'NTxxx', 'title' => ''], 'maxResults' => ['description' => 'The maximum number of entries returned on each page.', 'type' => 'integer', 'format' => 'int64', 'example' => '20', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'ListGroupsForUser', 'summary' => 'Lists the groups that an EIAM user is a member of.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"totalCount\\": 1000,\\n \\"data\\": [\\n {\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"groupId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\",\\n \\"groupMemberRelationSourceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"groupMemberRelationSourceType\\": \\"build_in\\"\\n }\\n ],\\n \\"nextToken\\": \\"NTxxx\\",\\n \\"maxResults\\": 20\\n}","type":"json"}]', ], 'ListOrganizationalUnitParentIds' => [ 'path' => '/v2/{instanceId}/{applicationId}/organizationalUnits/{organizationalUnitId}/parentIds', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas3S4NKL'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'organizationalUnitId', 'in' => 'path', 'schema' => ['description' => 'The ID of the organizational unit.', 'type' => 'string', 'required' => true, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'parentIds' => [ 'title' => '', 'description' => 'The IDs of the parent organizational units. The IDs of the organizational unit are ordered based on their levels from high to low. Only the IDs of the organizational units within the authorization scope are displayed.', 'type' => 'array', 'items' => ['description' => 'The ID of the organizational unit.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'example' => '[ou_xxx001]', ], ], 'example' => '', ], ], ], 'title' => 'ListOrganizationalUnitParentIds', 'summary' => 'Retrieves the information about all the parent organizational units of an organizational unit.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 400 | OrganizationUnitIdNotInScopes | organizationUnitId : ou_wovwffm62xifdziem7an7xxxxx not in provisioning scope! | 组织不在同步范围内|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:organizational_unit:read_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"parentIds\\": [\\n \\"ou_wovwffm62xifdziem7an7xxxxx\\"\\n ]\\n}","type":"json"}]', ], 'ListOrganizationalUnits' => [ 'path' => '/v2/{instanceId}/{applicationId}/organizationalUnits', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasZCZ2SC'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. The value must be in the format of \\`Bearer ${access\\_token}\\`. Example: \\`Bearer ATxxxx\\`.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij'."\n", 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'parentId', 'in' => 'query', 'schema' => ['description' => 'The parent organization ID.', 'type' => 'string', 'required' => true, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], [ 'name' => 'pageNumber', 'in' => 'query', 'schema' => ['description' => 'The page number. The default value is 1.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => '', 'required' => false], ], [ 'name' => 'pageSize', 'in' => 'query', 'schema' => ['description' => 'The number of records on each page. The default value is 20. The value can range from 1 to 100.', 'type' => 'integer', 'format' => 'int32', 'example' => '20', 'title' => '', 'required' => false], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'GeneralDataListResponse', 'description' => 'The response.', 'type' => 'object', 'properties' => [ 'totalCount' => ['description' => 'The total number of records.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1000'], 'data' => [ 'description' => 'A list of data objects.', 'type' => 'array', 'items' => [ 'description' => 'The data object.', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The instance ID.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'organizationalUnitId' => ['description' => 'The organization ID.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'organizationalUnitName' => ['description' => 'The organization name.', 'type' => 'string', 'example' => 'name001', 'title' => ''], 'parentId' => ['description' => 'The parent organization ID.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'organizationalUnitExternalId' => ['description' => 'The external ID of the organization. This ID is used to map external data to the organization\'s data in IDaaS. The default value is the IDaaS organization ID.'."\n" ."\n" .'Note: The external ID must be unique for the same source type and source ID.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'organizationalUnitSourceType' => ['description' => 'The source type of the organization. Valid values:'."\n" ."\n" .'- \\`build\\_in\\`: The organization is created in IDaaS.'."\n" ."\n" .'- \\`ding\\_talk\\`: The organization is imported from DingTalk.'."\n" ."\n" .'- \\`ad\\`: The organization is imported from Active Directory (AD).'."\n" ."\n" .'- \\`ldap\\`: The organization is imported from LDAP.', 'type' => 'string', 'example' => 'build_in', 'title' => ''], 'organizationalUnitSourceId' => ['description' => 'The source ID of the organization.'."\n" ."\n" .'For the \\`build\\_in\\` type, the default value is the instance ID. For other types, the value is the enterprise ID from the source. For example, if the source is DingTalk, the value is the \\`corpId\\` of the DingTalk enterprise.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'createTime' => ['description' => 'The time when the organization was created. This is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652083425923', 'title' => ''], 'updateTime' => ['description' => 'The time when the organization was last updated. This is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652083425923', 'title' => ''], 'description' => ['description' => 'The description of the organization.', 'type' => 'string', 'example' => '测试组织', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], ], 'example' => '', ], ], ], 'title' => 'ListOrganizationalUnits', 'summary' => 'Performs a paged query to retrieve organization information from EIAM.', 'description' => 'To retrieve the direct child organizations of the root organization, set the request parameter as follows:'."\n" ."\n" .'```'."\n" .'{'."\n" .' "parentOrganizationalUnitId": "ou_root"'."\n" .'}'."\n" .'```', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid_token | Access token is not valid | token无效|'."\n" .'| 400 | OrganizationUnitIdNotInScopes | organizationUnitId : ou_wovwffm62xifdziem7an7xxxxx not in provisioning scope! | 组织不在同步范围内|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:organizational_unit:read_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"totalCount\\": 1000,\\n \\"data\\": [\\n {\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"organizationalUnitId\\": \\"ou_wovwffm62xifdziem7an7xxxxx\\",\\n \\"organizationalUnitName\\": \\"name001\\",\\n \\"parentId\\": \\"ou_wovwffm62xifdziem7an7xxxxx\\",\\n \\"organizationalUnitExternalId\\": \\"ou_wovwffm62xifdziem7an7xxxxx\\",\\n \\"organizationalUnitSourceType\\": \\"build_in\\",\\n \\"organizationalUnitSourceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"createTime\\": 1652083425923,\\n \\"updateTime\\": 1652083425923,\\n \\"description\\": \\"测试组织\\"\\n }\\n ]\\n}","type":"json"}]', ], 'ListUsers' => [ 'path' => '/v2/{instanceId}/{applicationId}/users', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasY4QW79'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'organizationalUnitId', 'in' => 'query', 'schema' => ['description' => 'The organization ID.', 'type' => 'string', 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => '', 'required' => false], ], [ 'name' => 'pageNumber', 'in' => 'query', 'schema' => ['description' => 'The page number. The default value is 1.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => '', 'required' => false], ], [ 'name' => 'pageSize', 'in' => 'query', 'schema' => ['description' => 'The number of records to return on each page. The default value is 20. The value must be in the range of 1 to 100.', 'type' => 'integer', 'format' => 'int32', 'example' => '20', 'title' => '', 'required' => false], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'description' => 'The response object.', 'type' => 'object', 'properties' => [ 'totalCount' => ['description' => 'The total number of records.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1000'], 'data' => [ 'description' => 'The list of returned data objects.', 'type' => 'array', 'items' => [ 'description' => 'The returned data object.', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The instance ID.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'userId' => ['description' => 'The account ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], 'username' => ['description' => 'The account name.', 'type' => 'string', 'example' => 'name001', 'title' => ''], 'displayName' => ['description' => 'The display name of the account.', 'type' => 'string', 'example' => 'display_name001', 'title' => ''], 'passwordSet' => ['description' => 'Indicates whether a password is set.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'phoneRegion' => ['description' => 'The area code for the mobile phone number. For example, the area code for a mobile phone number in the Chinese mainland is 86. Do not add 00 or a plus sign (+).', 'type' => 'string', 'example' => '86', 'title' => ''], 'phoneNumber' => ['description' => 'The mobile phone number of the account.', 'type' => 'string', 'example' => '156xxxxxxx', 'title' => ''], 'phoneNumberVerified' => ['description' => 'Indicates whether the mobile phone number is verified. A value of true indicates that the mobile phone number is verified by the user or set to verified by the administrator. A value of false indicates that the mobile phone number is not verified.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'email' => ['description' => 'The email address of the account.', 'type' => 'string', 'example' => 'example@example.com', 'title' => ''], 'emailVerified' => ['description' => 'Indicates whether the email address is verified. A value of true indicates that the email address is verified by the user or set to verified by the administrator. A value of false indicates that the email address is not verified.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'userExternalId' => ['description' => 'The external ID of the account. This ID is used to map external data to the IDaaS account. By default, this parameter is the same as the IDaaS account ID.'."\n" ."\n" .'Note: The external ID must be unique for the same source type and source ID.', 'type' => 'string', 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], 'userSourceType' => ['description' => 'The source type of the account. Valid values:'."\n" ."\n" .'- build\\_in: The account is created in IDaaS.'."\n" ."\n" .'- ding\\_talk: The account is imported from DingTalk.'."\n" ."\n" .'- ad: The account is imported from Active Directory (AD).'."\n" ."\n" .'- ldap: The account is imported from LDAP.', 'type' => 'string', 'example' => 'build_in', 'title' => ''], 'userSourceId' => ['description' => 'The source ID of the account.'."\n" ."\n" .'For accounts created in IDaaS, the default value is the instance ID. For other types of accounts, the value is the enterprise ID from the source. For example, for an account from DingTalk, the value is the corpId of the DingTalk enterprise.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'status' => ['description' => 'The status of the account. Valid values: enabled: The account is enabled. disabled: The account is disabled.', 'type' => 'string', 'example' => 'enabled', 'title' => ''], 'accountExpireTime' => ['description' => 'The time when the account expires. This value is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'registerTime' => ['description' => 'The time when the account was registered. This value is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'lockExpireTime' => ['description' => 'The time when the account lock expires. This value is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'createTime' => ['description' => 'The time when the account was created. This value is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'updateTime' => ['description' => 'The time when the account was last updated. This value is a UNIX timestamp. Unit: milliseconds.', 'type' => 'integer', 'format' => 'int64', 'example' => '1652085686179', 'title' => ''], 'description' => ['description' => 'The description of the account.', 'type' => 'string', 'example' => '测试账户', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], ], 'example' => '', ], ], ], 'title' => 'ListUsers', 'summary' => 'Performs a paged query for EIAM account information.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app\\_001| 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:user:read\\_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"totalCount\\": 1000,\\n \\"data\\": [\\n {\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"userId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\",\\n \\"username\\": \\"name001\\",\\n \\"displayName\\": \\"display_name001\\",\\n \\"passwordSet\\": true,\\n \\"phoneRegion\\": \\"86\\",\\n \\"phoneNumber\\": \\"156xxxxxxx\\",\\n \\"phoneNumberVerified\\": true,\\n \\"email\\": \\"example@example.com\\",\\n \\"emailVerified\\": true,\\n \\"userExternalId\\": \\"user_d6sbsuumeta4h66ec3il7yxxxx\\",\\n \\"userSourceType\\": \\"build_in\\",\\n \\"userSourceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"status\\": \\"enabled\\",\\n \\"accountExpireTime\\": 1652085686179,\\n \\"registerTime\\": 1652085686179,\\n \\"lockExpireTime\\": 1652085686179,\\n \\"createTime\\": 1652085686179,\\n \\"updateTime\\": 1652085686179,\\n \\"description\\": \\"测试账户\\"\\n }\\n ]\\n}","type":"json"}]', ], 'ListUsersForGroup' => [ 'summary' => 'Queries accounts in an Employee Identity and Access Management (EIAM) group.', 'path' => '/v2/{instanceId}/{applicationId}/groups/{groupId}/actions/listUsersForGroup', 'methods' => ['get'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasSNKQAN'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. The value is in the Bearer ${access\\_token} format. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'groupId', 'in' => 'path', 'schema' => ['description' => 'The group ID.', 'type' => 'string', 'required' => true, 'example' => 'group_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], [ 'name' => 'nextToken', 'in' => 'query', 'schema' => ['title' => 'nextToken', 'description' => 'nextToken', 'type' => 'string', 'example' => 'NTxxx', 'required' => false], ], [ 'name' => 'maxResults', 'in' => 'query', 'schema' => ['description' => 'The number of entries per page. Default value: 20.', 'type' => 'integer', 'format' => 'int32', 'example' => '20', 'title' => '', 'required' => false], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'DeveloperNextTokenResponse', 'description' => 'DeveloperNextTokenResponse', 'type' => 'object', 'properties' => [ 'totalCount' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int64', 'example' => '1000', 'title' => ''], 'data' => [ 'description' => 'The returned data.', 'type' => 'array', 'items' => [ 'description' => 'The returned data.', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The instance ID.', 'type' => 'string', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], 'userId' => ['description' => 'The account ID.', 'type' => 'string', 'example' => 'user_001', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], 'nextToken' => ['description' => 'A pagination token. If NextToken is empty, no next page exists.', 'type' => 'string', 'example' => 'NTxxx', 'title' => ''], 'maxResults' => ['description' => 'The maximum number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '20', 'title' => ''], ], 'example' => '', ], ], ], 'title' => 'ListUsersForGroup', 'requestParamsDescription' => 'If you set groupId to iggroup\\_all, the system queries accounts in all groups.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"totalCount\\": 1000,\\n \\"data\\": [\\n {\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"userId\\": \\"user_001\\"\\n }\\n ],\\n \\"nextToken\\": \\"NTxxx\\",\\n \\"maxResults\\": 20\\n}","type":"json"}]', ], 'ObtainCloudAccountRoleAccessCredential' => [ 'summary' => 'Gets temporary access credentials for a CloudAccountRole.', 'path' => '/v2/{instanceId}/cloudAccountRoles/_/actions/obtainAccessCredential', 'methods' => ['get'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/x-www-form-urlencoded', 'application/json', 'multipart/form-data'], 'produces' => ['application/json'], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'Authentication information. The format is `Bearer ${access_token}`.'."\n" ."\n" .'> The access token is issued by IDaaS.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'cloudAccountRoleExternalId', 'in' => 'query', 'schema' => ['description' => 'The external ID of the cloud role.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'acs:ram::xxx:role/role-test'], ], [ 'name' => 'durationSeconds', 'in' => 'query', 'schema' => ['description' => 'The duration of the temporary security credentials (STS token) in seconds. The value must be between 900 and 43200 (15 minutes to 12 hours).'."\n" ."\n" .'- The minimum value is 900 seconds.'."\n" ."\n" .'- The maximum value is limited by the maximum session duration of the cloud provider\'s role or service account. For example, the default maximum session duration for an AWS role is 3,600 seconds.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1800', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'type' => 'object', 'properties' => [ 'cloudAccountId' => ['description' => 'The ID of the cloud account.', 'type' => 'string', 'title' => '', 'example' => 'ca_01kmegjc11qa1txxxxx'], 'cloudAccountRoleId' => ['description' => 'The ID of the cloud role.', 'type' => 'string', 'title' => '', 'example' => 'carole_01kmek49aqxxxx'], 'cloudAccountRoleName' => ['description' => 'The name of the cloud role.', 'type' => 'string', 'title' => '', 'example' => 'role-test'], 'cloudAccountRoleExternalId' => ['description' => 'The external ID of the cloud role.', 'type' => 'string', 'title' => '', 'example' => 'acs:ram::xxx:role/role-test'], 'cloudAccountVendorType' => [ 'description' => 'The type of the cloud account. The valid value is:'."\n" ."\n" .'- `alibaba_cloud`: Alibaba Cloud', 'enumValueTitles' => ['alibaba_cloud' => 'alibaba\\_cloud'], 'type' => 'string', 'title' => '', 'example' => 'alibaba_cloud', ], 'cloudAccountRoleAccessCredential' => [ 'type' => 'object', 'properties' => [ 'accessCredentialExpiresAt' => ['description' => 'The expiration time of the temporary access credential for the cloud role, in Unix timestamp seconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1767196800'], 'alibabaCloudStsToken' => [ 'type' => 'object', 'properties' => [ 'accessKeyId' => ['description' => 'The access key ID.', 'type' => 'string', 'title' => '', 'example' => 'STS.NUgYrLnoC37mZZCNnAbez****'], 'accessKeySecret' => ['description' => 'The access key secret.', 'type' => 'string', 'title' => '', 'example' => 'CVwjCkNzTMupZ8NbTCxCBRq3K16jtcWFTJAyBEv2****'], 'securityToken' => ['description' => 'The security token.', 'type' => 'string', 'title' => '', 'example' => 'CAIShwJ1q6Ft5B2yfSjIr5bSEsj4g7BihPWGWHz****'], 'expiration' => ['description' => 'The expiration time of the token, in UTC.', 'type' => 'string', 'title' => '', 'example' => '2021-10-20T04:27:09Z'], ], 'title' => '', 'description' => 'The STS token used to assume an Alibaba Cloud RAM role.'."\n" ."\n" .'> This parameter is returned only when the cloud account type is `alibaba_cloud`.', 'example' => '', ], 'awsStsToken' => [ 'type' => 'object', 'properties' => [ 'accessKeyId' => ['description' => 'The access key ID.', 'type' => 'string', 'title' => '', 'example' => 'ASIAYBGN7XJKRFOM****'], 'secretAccessKey' => ['description' => 'The secret access key.', 'type' => 'string', 'title' => '', 'example' => 'CVwjCkNzTMupZ8NbTCxCBRq3K16jtcWFTJAyBEv2****'], 'sessionToken' => ['description' => 'The session token.', 'type' => 'string', 'title' => '', 'example' => 'FwoDYXdzEJzfSjIr5bSEsj4g7BihPWGWHz****'."\n"], 'expiration' => ['description' => 'The expiration time of the STS token, in UTC.', 'type' => 'string', 'title' => '', 'example' => '2021-10-20T04:27:09Z'], ], 'description' => 'The STS token used to assume an AWS role.', 'title' => '', 'example' => '', ], ], 'title' => '', 'description' => 'The temporary access credential to assume the cloud role.', 'example' => '', ], ], 'description' => 'The response object.', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ObtainCloudAccountRoleAccessCredential', 'description' => 'This API uses IDaaS-issued access tokens to authenticate and authorize requests.'."\n" ."\n" .'The access token must be authorized to obtain access credentials for a cloud role from the IDaaS Privileged Access Management (PAM) application.'."\n" ."\n" .'> The corresponding scope is `urn:cloud:idaas:pam|cloud_account_role:obtain_access_credential`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"cloudAccountId\\": \\"ca_01kmegjc11qa1txxxxx\\",\\n \\"cloudAccountRoleId\\": \\"carole_01kmek49aqxxxx\\",\\n \\"cloudAccountRoleName\\": \\"role-test\\",\\n \\"cloudAccountRoleExternalId\\": \\"acs:ram::xxx:role/role-test\\",\\n \\"cloudAccountVendorType\\": \\"alibaba_cloud\\",\\n \\"cloudAccountRoleAccessCredential\\": {\\n \\"accessCredentialExpiresAt\\": 1767196800,\\n \\"alibabaCloudStsToken\\": {\\n \\"accessKeyId\\": \\"STS.NUgYrLnoC37mZZCNnAbez****\\",\\n \\"accessKeySecret\\": \\"CVwjCkNzTMupZ8NbTCxCBRq3K16jtcWFTJAyBEv2****\\",\\n \\"securityToken\\": \\"CAIShwJ1q6Ft5B2yfSjIr5bSEsj4g7BihPWGWHz****\\",\\n \\"expiration\\": \\"2021-10-20T04:27:09Z\\"\\n },\\n \\"awsStsToken\\": {\\n \\"accessKeyId\\": \\"ASIAYBGN7XJKRFOM****\\",\\n \\"secretAccessKey\\": \\"CVwjCkNzTMupZ8NbTCxCBRq3K16jtcWFTJAyBEv2****\\",\\n \\"sessionToken\\": \\"FwoDYXdzEJzfSjIr5bSEsj4g7BihPWGWHz****\\\\n\\",\\n \\"expiration\\": \\"2021-10-20T04:27:09Z\\"\\n }\\n }\\n}","type":"json"}]', ], 'ObtainCredential' => [ 'summary' => 'Retrieves the plaintext of a secret.', 'path' => '/v2/{instanceId}/credentials/_/actions/obtain', 'methods' => ['get'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/x-www-form-urlencoded', 'application/json', 'multipart/form-data'], 'produces' => ['application/json'], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'Authentication information. The format is `Bearer ${access_token}`.'."\n" ."\n" .'> Use an access token issued by IDaaS.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The ID of the IDaaS instance.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'credentialIdentifier', 'in' => 'query', 'schema' => ['description' => 'The identifier for the credential to obtain.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'credential_identifier_test'], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The EIAM instance ID.', 'type' => 'string', 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], 'credentialId' => ['description' => 'The credential ID.', 'type' => 'string', 'title' => '', 'example' => 'cred_mkv7rgt4d7i4u7zqtzev2mxxxx'], 'status' => ['description' => 'The status of the credential. Valid values:'."\n" ."\n" .'- `enabled`: The credential can be used.'."\n" ."\n" .'- `disabled`: The credential cannot be used.', 'type' => 'string', 'title' => '', 'example' => 'enabled'], 'credentialIdentifier' => ['description' => 'The credential identifier.', 'type' => 'string', 'title' => '', 'example' => 'credential_identifier_test'], 'credentialName' => ['description' => 'The credential name.', 'type' => 'string', 'title' => '', 'example' => 'credential_name'], 'credentialSubjectType' => ['description' => 'The credential\'s subject type. Valid values:'."\n" ."\n" .'- `authentication_token_provider`: An authentication token provider.', 'type' => 'string', 'title' => '', 'example' => 'authentication_token_provider'], 'credentialSubjectId' => ['description' => 'The ID of the credential\'s subject.', 'type' => 'string', 'title' => '', 'example' => 'apt_werthgfdsasffxxxxx'], 'credentialScenarioLabel' => ['description' => 'The usage scenario for the credential. Valid values:'."\n" ."\n" .'- `llm`: For use with a large language model.'."\n" ."\n" .'- `saas`: For use with a third-party SaaS application.', 'type' => 'string', 'title' => '', 'example' => 'llm'], 'credentialType' => ['description' => 'The credential type. Valid values:'."\n" ."\n" .'- `api_key`: The credential is an API key.'."\n" ."\n" .'- `oauth_client`: The credential represents an OAuth client.', 'type' => 'string', 'title' => '', 'example' => 'api_key'], 'credentialCreationType' => ['description' => 'Indicates how the credential was created. Valid values:'."\n" ."\n" .'- `system_init`: System-initiated.'."\n" ."\n" .'- `user_custom`: User-created.', 'type' => 'string', 'title' => '', 'example' => 'user_custom'], 'description' => ['description' => 'The credential description.', 'type' => 'string', 'title' => '', 'example' => 'credential_description'], 'createTime' => ['description' => 'The creation time of the credential, formatted as a Unix timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'updateTime' => ['description' => 'The last update time of the credential, formatted as a Unix timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830227000'], 'credentialContent' => [ 'description' => 'The detailed content of the credential. The structure of this object depends on the value of `credentialType`.', 'type' => 'object', 'properties' => [ 'oauthClientContent' => [ 'description' => 'Contains details for an OAuth client credential. Returned only when `credentialType` is `oauth_client`.', 'type' => 'object', 'properties' => [ 'clientId' => ['description' => 'The `client_id` for OAuth 2.0.', 'type' => 'string', 'title' => '', 'example' => 'dmvncmxersdxxxxxx'], 'clientSecret' => ['description' => 'The `client_secret` for OAuth 2.0.', 'type' => 'string', 'title' => '', 'example' => 'nsklnertyt5ddwizncxxxx'], ], 'title' => '', 'example' => '', ], 'apiKeyContent' => [ 'type' => 'object', 'properties' => [ 'apiKey' => ['description' => 'The API key value.', 'type' => 'string', 'title' => '', 'example' => 'sk-nsklncmwizncxxxx'."\n"], ], 'description' => 'Contains details for an API key credential. Returned only when `credentialType` is `api_key`.', 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], 'credentialSharingScope' => ['description' => 'The sharing scope of the credential, such as whether it is exclusive to a specific account.', 'type' => 'string', 'example' => 'user_exclusive', 'title' => ''], 'exclusiveUserId' => ['description' => 'The ID of the account that exclusively owns the credential. This field is present only when `credentialSharingScope` is `user_exclusive`.', 'type' => 'string', 'example' => 'user_xxx', 'title' => ''], 'credentialExternalId' => ['type' => 'string', 'description' => '', 'title' => '', 'example' => ''], ], 'description' => 'The details of the credential.', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ObtainCredential', 'description' => 'This API uses an access token from IDaaS for authentication and authorization.'."\n" ."\n" .'The access token must have permissions to obtain static credentials for the built-in privileged access management (PAM) application in IDaaS.'."\n" ."\n" .'> The required scope is `urn:cloud:idaas:pam|credential:obtain`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"credentialId\\": \\"cred_mkv7rgt4d7i4u7zqtzev2mxxxx\\",\\n \\"status\\": \\"enabled\\",\\n \\"credentialIdentifier\\": \\"credential_identifier_test\\",\\n \\"credentialName\\": \\"credential_name\\",\\n \\"credentialSubjectType\\": \\"authentication_token_provider\\",\\n \\"credentialSubjectId\\": \\"apt_werthgfdsasffxxxxx\\",\\n \\"credentialScenarioLabel\\": \\"llm\\",\\n \\"credentialType\\": \\"api_key\\",\\n \\"credentialCreationType\\": \\"user_custom\\",\\n \\"description\\": \\"credential_description\\",\\n \\"createTime\\": 1649830225000,\\n \\"updateTime\\": 1649830227000,\\n \\"credentialContent\\": {\\n \\"oauthClientContent\\": {\\n \\"clientId\\": \\"dmvncmxersdxxxxxx\\",\\n \\"clientSecret\\": \\"nsklnertyt5ddwizncxxxx\\"\\n },\\n \\"apiKeyContent\\": {\\n \\"apiKey\\": \\"sk-nsklncmwizncxxxx\\\\n\\"\\n }\\n },\\n \\"credentialSharingScope\\": \\"user_exclusive\\",\\n \\"exclusiveUserId\\": \\"user_xxx\\",\\n \\"credentialExternalId\\": \\"\\"\\n}","type":"json"}]', ], 'ObtainJwtAuthenticationToken' => [ 'path' => '/v2/{instanceId}/authenticationTokens/_/actions/obtainJwt', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication credential. The format is `Bearer ${access_token}`.'."\n" ."\n" .'> Use an access token issued by IDaaS.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The ID of the instance.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'consumerId' => ['description' => 'The ID of the authentication token consumer.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'test_jwt_subject'], 'authenticationTokenId' => ['description' => 'The ID of the authentication token.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx'], ], 'description' => 'The request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'The ID of the instance.', 'type' => 'string', 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], 'authenticationTokenId' => ['description' => 'The ID of the authentication token.', 'type' => 'string', 'title' => '', 'example' => 'atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx'], 'credentialProviderId' => ['description' => 'The ID of the credential provider.', 'type' => 'string', 'title' => '', 'example' => 'atp_01kr2cmj5gxxx4fvmls2e93dxxxxx'], 'createTime' => ['description' => 'The creation time of the authentication token, provided as a Unix timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'updateTime' => ['description' => 'The time the authentication token was last updated, provided as a Unix timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'authenticationTokenType' => ['description' => 'The type of the authentication token.'."\n" ."\n" .'> The value is always `jwt`, indicating a JWT-based authentication token.', 'type' => 'string', 'title' => '', 'example' => 'jwt'], 'revoked' => ['description' => 'Indicates whether the authentication token has been revoked.', 'type' => 'boolean', 'title' => '', 'example' => 'false'], 'creatorType' => ['description' => 'The type of the entity that created the authentication token. Valid value:'."\n" ."\n" .'- `application`: The token was created by an application.', 'type' => 'string', 'title' => '', 'example' => 'application'], 'creatorId' => ['description' => 'The ID of the authentication token\'s creator.', 'type' => 'string', 'title' => '', 'example' => 'app_ngtkgrrxxxxktg5eao6z4xxxxx'], 'consumerType' => ['description' => 'The type of entity that consumes the authentication token. Valid values:'."\n" ."\n" .'- `application`: The token is consumed by an application.'."\n" ."\n" .'- `custom`: Indicates a user-defined consumer.', 'type' => 'string', 'title' => '', 'example' => 'custom'], 'consumerId' => ['description' => 'The ID of the authentication token consumer.', 'type' => 'string', 'title' => '', 'example' => 'test_jwt_subject'], 'expirationTime' => ['description' => 'The expiration time of the authentication token, provided as a Unix timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1772693568000'], 'jwtContent' => [ 'type' => 'object', 'properties' => [ 'jwtValue' => ['description' => 'The JWT content.', 'type' => 'string', 'title' => '', 'example' => 'eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'], 'derivedShortToken' => ['description' => 'A short token derived from the JWT.', 'type' => 'string', 'title' => '', 'example' => 'sk-Nx2vzxxxxxxxxxxxxxxxxx'], ], 'title' => '', 'description' => 'The content of the JWT-based authentication token.', 'example' => '', ], ], 'description' => 'The details of the JWT authentication token.', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ObtainJwtAuthenticationToken', 'summary' => 'Obtains a JWT authentication token.', 'description' => 'This API requires an access token issued by IDaaS for authentication and authorization.'."\n" ."\n" .'The provided access token must have permission to obtain authentication tokens for the built-in privileged access management (PAM) application in IDaaS.'."\n" ."\n" .'> The corresponding scope is `urn:cloud:idaas:pam|authentication_token:obtain`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"authenticationTokenId\\": \\"atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx\\",\\n \\"credentialProviderId\\": \\"atp_01kr2cmj5gxxx4fvmls2e93dxxxxx\\",\\n \\"createTime\\": 1649830225000,\\n \\"updateTime\\": 1649830225000,\\n \\"authenticationTokenType\\": \\"jwt\\",\\n \\"revoked\\": false,\\n \\"creatorType\\": \\"application\\",\\n \\"creatorId\\": \\"app_ngtkgrrxxxxktg5eao6z4xxxxx\\",\\n \\"consumerType\\": \\"custom\\",\\n \\"consumerId\\": \\"test_jwt_subject\\",\\n \\"expirationTime\\": 1772693568000,\\n \\"jwtContent\\": {\\n \\"jwtValue\\": \\"eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\\",\\n \\"derivedShortToken\\": \\"sk-Nx2vzxxxxxxxxxxxxxxxxx\\"\\n }\\n}","type":"json"}]', ], 'ObtainJwtAuthenticationTokenByDerivedShortToken' => [ 'summary' => 'Obtain a JWT authentication token using a derived short token.', 'path' => '/v2/{instanceId}/authenticationTokens/_/actions/obtainJwtByDerivedShortToken', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'Instance ID.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'derivedShortToken' => ['description' => 'Derived short token for the JWT authentication token.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'sk-Nx2vzxxxxxxxxxxxxxxxxx'], ], 'description' => 'Request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => '', 'type' => 'object', 'properties' => [ 'instanceId' => ['description' => 'Instance ID.', 'type' => 'string', 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], 'authenticationTokenId' => ['description' => 'Authentication token ID.', 'type' => 'string', 'title' => '', 'example' => 'atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx'], 'credentialProviderId' => ['description' => 'Credential provider ID.', 'type' => 'string', 'title' => '', 'example' => 'atp_01kr2cmj5gxxx4fvmls2e93dxxxxx'], 'createTime' => ['description' => 'Creation time of the authentication token, as a UNIX timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'updateTime' => ['description' => 'Last update time of the authentication token, as a UNIX timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1649830225000'], 'authenticationTokenType' => ['description' => 'Type of the authentication token.'."\n" ."\n" .'> The value is always `jwt`, indicating a JWT authentication token.', 'type' => 'string', 'title' => '', 'example' => 'jwt'], 'revoked' => ['description' => 'Indicates whether the authentication token is revoked.', 'type' => 'boolean', 'title' => '', 'example' => 'false'], 'creatorType' => ['description' => 'Type of the authentication token creator. Valid values:'."\n" ."\n" .'- application', 'type' => 'string', 'title' => '', 'example' => 'application'], 'creatorId' => ['description' => 'ID of the authentication token creator.', 'type' => 'string', 'title' => '', 'example' => 'app_ngtkgrrxxxxktg5eao6z4xxxxx'], 'consumerType' => ['description' => 'Type of the authentication token consumer. Valid values:'."\n" ."\n" .'- application'."\n" ."\n" .'- custom', 'type' => 'string', 'title' => '', 'example' => 'custom'], 'consumerId' => ['description' => 'ID of the authentication token consumer.', 'type' => 'string', 'title' => '', 'example' => 'test_jwt_subject'], 'expirationTime' => ['description' => 'Expiration time of the authentication token, as a UNIX timestamp in milliseconds.', 'type' => 'integer', 'format' => 'int64', 'title' => '', 'example' => '1772693568000'], 'jwtContent' => [ 'type' => 'object', 'properties' => [ 'jwtValue' => ['description' => 'JWT content.', 'type' => 'string', 'title' => '', 'example' => 'eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'], 'derivedShortToken' => ['description' => 'Derived short token for the JWT.', 'type' => 'string', 'title' => '', 'example' => 'sk-Nx2vzxxxxxxxxxxxxxxxxx'], ], 'title' => '', 'description' => 'Content of the JWT authentication token.', 'example' => '', ], ], 'description' => 'Details of the JWT authentication token.', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ObtainJwtAuthenticationTokenByDerivedShortToken', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"instanceId\\": \\"idaas_ue2jvisn35ea5lmthk267xxxxx\\",\\n \\"authenticationTokenId\\": \\"atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx\\",\\n \\"credentialProviderId\\": \\"atp_01kr2cmj5gxxx4fvmls2e93dxxxxx\\",\\n \\"createTime\\": 1649830225000,\\n \\"updateTime\\": 1649830225000,\\n \\"authenticationTokenType\\": \\"jwt\\",\\n \\"revoked\\": false,\\n \\"creatorType\\": \\"application\\",\\n \\"creatorId\\": \\"app_ngtkgrrxxxxktg5eao6z4xxxxx\\",\\n \\"consumerType\\": \\"custom\\",\\n \\"consumerId\\": \\"test_jwt_subject\\",\\n \\"expirationTime\\": 1772693568000,\\n \\"jwtContent\\": {\\n \\"jwtValue\\": \\"eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\\",\\n \\"derivedShortToken\\": \\"sk-Nx2vzxxxxxxxxxxxxxxxxx\\"\\n }\\n}","type":"json"}]', ], 'PatchGroup' => [ 'summary' => 'Modifies information about an Employee Identity and Access Management (EIAM) group.', 'path' => '/v2/{instanceId}/{applicationId}/groups/{groupId}', 'methods' => ['patch'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas7VNWU7'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['title' => '', 'description' => 'The authentication information. The value is in the Bearer ${access_token} format. Example: Bearer ATxxxx.'."\n", 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The instance ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The application ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx'], ], [ 'name' => 'groupId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The group ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'group_xxx001'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.'."\n", 'type' => 'object', 'properties' => [ 'groupName' => ['title' => '', 'description' => 'The group name.'."\n", 'type' => 'string', 'required' => false, 'example' => 'name001'], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', 'title' => 'PatchGroup', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], ], 'PatchOrganizationalUnit' => [ 'summary' => 'Modifies an EIAM organizational unit.', 'path' => '/v2/{instanceId}/{applicationId}/organizationalUnits/{organizationalUnitId}', 'methods' => ['patch'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas3S4NKL'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'organizationalUnitId', 'in' => 'path', 'schema' => ['description' => 'The ID of the organizational unit.', 'type' => 'string', 'required' => true, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'organizationalUnitName' => ['description' => 'The name of the organizational unit.', 'type' => 'string', 'example' => 'name001', 'title' => '', 'required' => false], 'description' => ['description' => 'The description of the organizational unit.', 'type' => 'string', 'example' => '测试组织', 'title' => '', 'required' => false], ], 'required' => false, 'example' => 'ou_xxx001', 'title' => '', ], ], ], 'responses' => [ 200 => [], ], 'title' => 'PatchOrganizationalUnit', 'description' => 'The operation conforms to the HTTP PATCH request method. The value of a parameter is modified only if the parameter is specified in the request.', 'responseParamsDescription' => '> If the request was successful, the HTTP status code 200 is returned by default.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 400 | OrganizationUnitIdNotInScopes | organizationUnitId : ou_wovwffm62xifdziem7an7xxxxx not in provisioning scope! | 组织不在同步范围内|'."\n" .'| 400 | ResourceDuplicated.OrganizationalUnitName | The specified OrganizationalUnitName resource: xxx already exist! | 组织名称已存在|'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:organizational_unit:manage_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'PatchUser' => [ 'summary' => 'Modifies an Employee Identity and Access Management (EIAM) account.', 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}', 'methods' => ['patch'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasCRU1S2'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. The value is in the Bearer ${access\\_token} format. Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer AT8csE2seYxxxxxij', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The account ID.', 'type' => 'string', 'required' => true, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'username' => ['description' => 'The name of the account.', 'type' => 'string', 'example' => 'name001', 'title' => '', 'required' => false], 'displayName' => ['description' => 'The display name of the account.', 'type' => 'string', 'example' => 'display_name001', 'title' => '', 'required' => false], 'phoneRegion' => ['description' => 'The country code of the mobile number. For example, the country code of China is 86 without 00 or +. This parameter is required if a mobile number is specified.', 'type' => 'string', 'example' => '86', 'title' => '', 'required' => false], 'phoneNumber' => ['description' => 'The mobile number.', 'type' => 'string', 'example' => '156xxxxxxx', 'title' => '', 'required' => false], 'phoneNumberVerified' => ['description' => 'Specifies whether the mobile number is verified. This field is required if a mobile number is specified. If you have no special requirement, set this parameter to true.', 'type' => 'boolean', 'example' => 'true', 'title' => '', 'required' => false], 'email' => ['description' => 'The email address.', 'type' => 'string', 'example' => 'example@example.com', 'title' => '', 'required' => false], 'emailVerified' => ['description' => 'Specifies whether the email address is verified. This field is required if an email address is specified. If you have no special requirement, set this parameter to true.', 'type' => 'boolean', 'example' => 'true', 'title' => '', 'required' => false], 'customFields' => [ 'title' => '', 'description' => 'The extended fields of the account.', 'type' => 'array', 'items' => [ 'description' => 'The extended field.', 'type' => 'object', 'properties' => [ 'operator' => ['description' => 'The type of the operation. This parameter is deprecated. Replace it with operation.', 'type' => 'string', 'deprecated' => true, 'required' => false, 'example' => 'replace', 'title' => ''], 'fieldName' => ['description' => 'The name of the extended field. For more information about the type and valid values of the extended field, see the detailed description of the extended field in the IDaaS console.', 'type' => 'string', 'example' => 'age', 'title' => '', 'required' => false], 'fieldValue' => ['description' => 'The value of the extended field.', 'type' => 'string', 'example' => 'test_value', 'title' => '', 'required' => false], 'operation' => ['description' => 'The operation to be performed on the field. Valid values:'."\n" ."\n" .'- add'."\n" ."\n" .'- replace If you leave the value of the extended field empty, the replace operation is converted to an add operation.'."\n" ."\n" .'- remove', 'type' => 'string', 'required' => false, 'example' => 'replace', 'title' => ''], ], 'required' => false, 'title' => '', 'example' => '', ], 'required' => false, 'example' => '', ], ], 'required' => false, 'example' => 'user_001', 'title' => '', ], ], ], 'responses' => [ 200 => [], ], 'title' => 'PatchUser', 'description' => 'The operation conforms to the HTTP PATCH request method. The value of a parameter is modified only if the parameter is specified in the request.', 'extraInfo' => '### 错误码'."\n" .'| HttpCode | Error Code | 错误信息 | 说明 |'."\n" .'| ---- | ---- | ---- | ---- |'."\n" .'| 400 | invalid\\_token | Access token is not valid | token无效|'."\n" .'| 400 | MissingParameter.xxxx | The specified parameter:xxx is required! | 缺少xxxx参数 |'."\n" .'| 400 | InvalidParameter.xxxx | The specified parameter:xxxx is required! | xxxx参数无效 |'."\n" .'| 404 | ResourceNotFound.User | The specified User resource: user_d6sbsuumeta4h66ec3il7yxxxx not found. | 账户不存在 |'."\n" .'| 404 | application\\_not\\_found | Application id not found: app_mkv7rgt4d7i4u7zqtzev2mxxxx | 应用不存在 |'."\n" .'| 403 | application\\_disabled | Application is disabled| 应用处于禁用状态 |'."\n" .'| 403 | application\\_api\\_disabled | Application api invoke disabled| 应用API未开放 |'."\n" .'| 403 | permission\\_denied | Require scopes: [urn:alibaba:idaas:scope:user:manager_all] | 缺少API授权信息 |'."\n" .'| 500 | Internal Server Error | Internal Server Error | 服务器内部错误|', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'ReinstateAuthenticationToken' => [ 'summary' => 'Reinstate an authentication token.', 'path' => '/v2/{instanceId}/authenticationTokens/_/actions/reinstate', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}.'."\n" ."\n" .'> Enter an IDaaS-issued Access Token.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'token' => ['description' => 'The original authentication token.'."\n" ."\n" .'> You can pass either the original authentication token or its derived short token.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'], 'token_type_hint' => ['description' => 'A hint about the authentication token type.'."\n" ."\n" .'>'."\n" ."\n" .'Do not provide a value for this parameter.'."\n" ."\n" .'>', 'type' => 'string', 'title' => '', 'required' => false, 'example' => '-'], ], 'description' => 'The request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ReinstateAuthenticationToken', 'description' => 'This API uses an IDaaS-issued Access Token for identity authentication and authorization.'."\n" ."\n" .'Ensure that the Access Token you provide has the Manage authentication tokens permission for the IDaaS built-in Privileged Access Management (PAM) application.'."\n" ."\n" .'> The required scope is `urn:cloud:idaas:pam|authentication_token:manage`.'."\n" ."\n" .'>'."\n" ."\n" .'Only JWT authentication tokens support this operation.'."\n" ."\n" .'>', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'ReinstateAuthenticationTokenByConsumer' => [ 'path' => '/v2/{instanceId}/authenticationTokens/_/actions/reinstateByConsumer', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information. Format: Bearer ${access\\_token}.'."\n" ."\n" .'> Enter the Access Token issued by IDaaS.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'consumerId' => ['description' => 'The ID of the authentication token consumer.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'test_jwt_subject'], 'credentialProviderIdentifier' => ['description' => 'The credential provider identifier.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'test_example_identifier'], ], 'description' => 'The request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ReinstateAuthenticationTokenByConsumer', 'summary' => 'Reinstate an authentication token for a consumer.', 'description' => 'This API uses an access token issued by IDaaS to perform identity authentication and authorization.'."\n" ."\n" .'Ensure that the provided access token is authorized to access the Manage Authentication Token feature in the IDaaS built-in PAM (Privileged Access Management) application.'."\n" ."\n" .'> The corresponding scope is `urn:cloud:idaas:pam|authentication_token:manage`.'."\n" ."\n" .'>'."\n" ."\n" .'This operation supports only JWT-type authentication tokens.'."\n" ."\n" .'>', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'RemoveUserFromOrganizationalUnits' => [ 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}/actions/removeUserFromOrganizationalUnits', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaas3S4NKL', 'FEATUREidaasCRU1S2'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authorization credential for the request.'."\n" .'Format: Bearer ${access\\_token}.'."\n" .'Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The account ID.', 'type' => 'string', 'required' => true, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'organizationalUnitIds' => [ 'title' => '', 'description' => 'The organizational unit IDs.', 'type' => 'array', 'items' => ['description' => 'The organizational unit ID.', 'type' => 'string', 'required' => false, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], 'required' => true, 'example' => '[ou_wovwffm62xifdziem7an7xxxxx]', ], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'title' => 'RemoveUserFromOrganizationalUnits', 'summary' => 'Removes an EIAM account from one or more EIAM organizational units. The operation succeeds even if the account is not in the specified organizational units.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'RemoveUsersFromGroup' => [ 'summary' => 'Removes multiple Employee Identity and Access Management (EIAM) accounts from an EIAM group. If an account does not belong to the group, the removal succeeds by default.', 'path' => '/v2/{instanceId}/{applicationId}/groups/{groupId}/actions/removeUsersFromGroup', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasIEJFYH'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['title' => '', 'description' => 'The authentication information. The value is in the Bearer ${access_token} format. Example: Bearer ATxxxx.'."\n", 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The instance ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The application ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx'], ], [ 'name' => 'groupId', 'in' => 'path', 'schema' => ['title' => '', 'description' => 'The group ID.'."\n", 'type' => 'string', 'required' => true, 'example' => 'group_wovwffm62xifdziem7an7xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.'."\n", 'type' => 'object', 'properties' => [ 'userIds' => [ 'title' => '', 'description' => 'The account IDs.'."\n", 'type' => 'array', 'items' => ['description' => 'The account ID.'."\n", 'type' => 'string', 'required' => false, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx'."\n", 'title' => ''], 'required' => true, 'example' => '[user_d6sbsuumeta4h66ec3il7yxxxx}', ], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', 'title' => 'RemoveUsersFromGroup', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], ], 'RevokeAuthenticationToken' => [ 'summary' => 'Revokes an authentication token.', 'path' => '/v2/{instanceId}/authenticationTokens/_/actions/revoke', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'Authentication information. Format: Bearer ${access\\_token}.'."\n" ."\n" .'> Enter the Access Token issued by IDaaS.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'Instance ID.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'token' => ['description' => 'Original authentication token.'."\n" ."\n" .'> You can pass either the original authentication token or a derived short token.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'], 'token_type_hint' => ['description' => 'Authentication token type hint.'."\n" ."\n" .'>'."\n" ."\n" .'Currently, no value is required.'."\n" ."\n" .'>', 'type' => 'string', 'title' => '', 'required' => false, 'example' => '-'], ], 'description' => 'Request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'RevokeAuthenticationToken', 'description' => 'This API uses an Access Token issued by IDaaS to perform identity authentication and authorization.'."\n" ."\n" .'Ensure that the Access Token is authorized to access the "Manage Authentication Tokens" feature of the built-in Privileged Access Management (PAM) application in IDaaS.'."\n" ."\n" .'> The corresponding scope is `urn:cloud:idaas:pam|authentication_token:manage`.'."\n" ."\n" .'>'."\n" ."\n" .'This operation currently supports only JWT authentication tokens.'."\n" ."\n" .'>', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'RevokeAuthenticationTokenByConsumer' => [ 'summary' => 'Revokes an authentication token for a consumer.', 'path' => '/v2/{instanceId}/authenticationTokens/_/actions/revokeByConsumer', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'Authentication information. Format: Bearer ${access\\_token}.'."\n" ."\n" .'> Enter the Access Token issued by IDaaS.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'Bearer xxxxxx'], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'Instance ID.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'consumerId' => ['description' => 'Consumer ID of the authentication token.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'test_jwt_subject'], 'credentialProviderIdentifier' => ['description' => 'Credential provider identifier.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'test_example_identifier'], ], 'description' => 'Request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'RevokeAuthenticationTokenByConsumer', 'description' => 'This API uses an access token issued by IDaaS to authenticate and authorize requests.'."\n" ."\n" .'Make sure that the access token you provide has the \'Manage authentication tokens\' permission for the built-in Privileged Access Management (PAM) application in IDaaS.'."\n" ."\n" .'> The required scope is `urn:cloud:idaas:pam|authentication_token:manage`.'."\n" ."\n" .'>'."\n" ."\n" .'This operation can revoke only JWT authentication tokens.'."\n" ."\n" .'>', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'RevokeToken' => [ 'path' => '/v2/{instanceId}/{applicationId}/oauth2/revoke', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasJXI2A5'], ], 'parameters' => [ [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'client_id', 'in' => 'query', 'schema' => ['description' => 'The client ID.', 'type' => 'string', 'required' => false, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'client_secret', 'in' => 'query', 'schema' => ['description' => 'The client secret.', 'type' => 'string', 'required' => false, 'example' => 'CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx', 'title' => ''], ], [ 'name' => 'token', 'in' => 'query', 'schema' => ['description' => 'The token to be revoked.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'ATxxxx'], ], [ 'name' => 'token_type_hint', 'in' => 'query', 'schema' => [ 'description' => 'The type of the token. Valid values: access\\_token refresh\\_token', 'enumValueTitles' => ['access_token' => 'access\\_token', 'refresh_token' => 'refresh\\_token'], 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'access_token', ], ], ], 'responses' => [ 200 => [ 'schema' => ['title' => 'RevokeResponse', 'description' => 'The response parameters.', 'type' => 'object', 'example' => ''], ], ], 'title' => 'RevokeToken', 'summary' => 'Revokes an access token or refresh token.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"test\\": \\"test\\",\\n \\"test2\\": 1\\n}","type":"json"}]', ], 'SetUserPrimaryOrganizationalUnit' => [ 'summary' => 'Sets the primary organization for an EIAM account. This operation removes the account from the old primary organization and adds it to the new one.', 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}/actions/setUserPrimaryOrganizationalUnit', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasCRU1S2', 'FEATUREidaas3S4NKL'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication information.'."\n" .'Format: Bearer ${access\\_token}.'."\n" .'Example: Bearer ATxxxx.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The account ID.', 'type' => 'string', 'required' => true, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'organizationalUnitId' => ['description' => 'The primary organization ID.', 'type' => 'string', 'required' => true, 'example' => 'ou_wovwffm62xifdziem7an7xxxxx', 'title' => ''], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'title' => 'SetUserPrimaryOrganizationalUnit', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'UpdateUserPassword' => [ 'summary' => 'Updates the password for a specified EIAM account.', 'path' => '/v2/{instanceId}/{applicationId}/users/{userId}/actions/updateUserPassword', 'methods' => ['post'], 'schemes' => ['http', 'https'], 'security' => [ [ 'Anonymous' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasCRU1S2'], ], 'parameters' => [ [ 'name' => 'Authorization', 'in' => 'header', 'schema' => ['description' => 'The authentication credential. Format: \\`Bearer ${access\\_token}\\`. Example: \\`Bearer ATxxxx\\`.', 'type' => 'string', 'required' => true, 'example' => 'Bearer xxxx', 'title' => ''], ], [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx', 'title' => ''], ], [ 'name' => 'applicationId', 'in' => 'path', 'schema' => ['description' => 'The application ID.', 'type' => 'string', 'required' => true, 'example' => 'app_mkv7rgt4d7i4u7zqtzev2mxxxx', 'title' => ''], ], [ 'name' => 'userId', 'in' => 'path', 'schema' => ['description' => 'The account ID.', 'type' => 'string', 'required' => true, 'example' => 'user_d6sbsuumeta4h66ec3il7yxxxx', 'title' => ''], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'description' => 'The request body.', 'type' => 'object', 'properties' => [ 'password' => ['description' => 'The new password. For the password requirements, see the password policy in the console.', 'type' => 'string', 'example' => 'xxxx', 'title' => '', 'required' => false], ], 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [], ], 'title' => 'UpdateUserPassword', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{}","type":"json"}]', ], 'ValidateAuthenticationToken' => [ 'path' => '/v2/{instanceId}/authenticationTokens/_/actions/validate', 'methods' => ['post'], 'schemes' => ['https'], 'security' => [ [ 'Anonymous' => [], ], ], 'consumes' => ['application/json'], 'produces' => ['application/json'], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'none', 'riskType' => 'high', 'chargeType' => 'free', 'abilityTreeNodes' => ['FEATUREidaasDPGRH1'], 'autoTest' => true, 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'instanceId', 'in' => 'path', 'schema' => ['description' => 'The instance ID.', 'type' => 'string', 'required' => true, 'maxLength' => 64, 'title' => '', 'example' => 'idaas_ue2jvisn35ea5lmthk267xxxxx'], ], [ 'name' => 'body', 'in' => 'body', 'style' => 'json', 'schema' => [ 'type' => 'object', 'properties' => [ 'token' => ['description' => 'The original authentication token.'."\n" ."\n" .'> Pass either the original authentication token or a derived short token.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'], 'token_type_hint' => ['description' => 'A hint about the type of the authentication token.'."\n" ."\n" .'>'."\n" ."\n" .'No value is currently required for this parameter.'."\n" ."\n" .'>', 'type' => 'string', 'title' => '', 'required' => false, 'example' => '-'], ], 'description' => 'The request body.', 'required' => false, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ 'active' => ['description' => 'Indicates whether the authentication token is valid.', 'type' => 'boolean', 'title' => '', 'example' => 'true'], ], 'description' => 'The validation result.', 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ValidateAuthenticationToken', 'summary' => 'Validates an authentication token.', 'description' => '>'."\n" ."\n" .'This operation is supported only for JSON Web Token (JWT) authentication tokens.'."\n" ."\n" .'>', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"active\\": true\\n}","type":"json"}]', ], ], 'endpoints' => [ ['regionId' => 'cn-hongkong', 'regionName' => 'China (Hong Kong)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'eiam-developerapi.cn-hongkong.aliyuncs.com', 'endpoint' => 'eiam-developerapi.cn-hongkong.aliyuncs.com', 'vpc' => 'eiam-developerapi-hk.vpc-proxy.aliyuncs.com'], ['regionId' => 'ap-northeast-2', 'regionName' => 'South Korea (Seoul)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'eiam-developerapi.ap-northeast-2.aliyuncs.com', 'endpoint' => 'eiam-developerapi.ap-northeast-2.aliyuncs.com', 'vpc' => 'eiam-developerapi-sel.vpc-proxy.aliyuncs.com'], ['regionId' => 'ap-southeast-1', 'regionName' => 'Singapore', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'eiam-developerapi.ap-southeast-1.aliyuncs.com', 'endpoint' => 'eiam-developerapi.ap-southeast-1.aliyuncs.com', 'vpc' => 'eiam-developerapi-sg.vpc-proxy.aliyuncs.com'], ['regionId' => 'ap-southeast-5', 'regionName' => 'Indonesia (Jakarta)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'eiam-developerapi.ap-southeast-5.aliyuncs.com', 'endpoint' => 'eiam-developerapi.ap-southeast-5.aliyuncs.com', 'vpc' => 'eiam-developerapi-jk.vpc-proxy.aliyuncs.com'], ['regionId' => 'cn-hangzhou', 'regionName' => 'China (Hangzhou)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'eiam-developerapi.cn-hangzhou.aliyuncs.com', 'endpoint' => 'eiam-developerapi.cn-hangzhou.aliyuncs.com', 'vpc' => 'eiam-developerapi-cn.vpc-proxy.aliyuncs.com'], ['regionId' => 'eu-central-1', 'regionName' => 'Germany (Frankfurt)', 'areaId' => 'europeAmerica', 'areaName' => 'Europe & Americas', 'public' => 'eiam-developerapi.eu-central-1.aliyuncs.com', 'endpoint' => 'eiam-developerapi.eu-central-1.aliyuncs.com', 'vpc' => 'eiam-developerapi-eu.vpc-proxy.aliyuncs.com'], ], 'errorCodes' => [], 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [], ], ];