API docs by Redocly

IAM Policies API Docs (1.0.0)

Download OpenAPI specification:

API documentation for IAM Policies service

Actions

List available actions

Retrieve a list of all actions for a specific product or for all products.

query Parameters
product
string

Product identifier to filter actions.

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/actions',
  qs: {product: 'SOME_STRING_VALUE'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
[
  • {
    }
]

Groups

List groups

Retrieve a list of all IAM groups.

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {method: 'GET', url: 'https://iamapis.vngcloud.vn/policies-api/v1/groups'};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
[
  • {
    }
]

Create a new group

Create a new group in the IAM or IDP system.
A group can include IAM users, service accounts, and attached policies.
The mode determines whether the group belongs to IAM (iam) or IDP (idp).

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Request Body schema: application/json
required
name
required
string

Unique name of the group.

description
string

Optional description of the group.

mode
string
Enum: "iam" "idp"

Determines which system the group belongs to:

  • iam: for Identity and Access Management groups
  • idp: for Identity Provider groups
iamUsers
Array of strings <uuid> [ items <uuid > ]

List of IAM user IDs to include in the group.

policies
Array of strings <uuid> [ items <uuid > ]

List of policy IDs to attach to the group.

Responses

Request samples

Content type
application/json
{
  • "name": "testgroup",
  • "description": "qqqqq",
  • "mode": "iam",
  • "iamUsers": [
    ],
  • "policies": [
    ]
}

Response samples

Content type
application/json
{
  • "id": "0e7d81af-175c-4273-8f2e-d97989bcbfaa"
}

Get group details

Retrieve detailed information about a specific group, including its policies and IAM users.

path Parameters
groupId
required
string

ID of the group to retrieve

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/groups/%7BgroupId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
{
  • "id": "0e7d81af-175c-4273-8f2e-d97989bcbfaa",
  • "name": "testgroup1",
  • "description": "aaaaa",
  • "mode": "iam",
  • "root": 54549,
  • "policies": [
    ],
  • "iamUsers": [
    ],
  • "createdAt": 1720513021936
}

Update a group

Update group information such as name or description.

path Parameters
groupId
required
string

ID of the group to update

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Request Body schema: application/json
required
name
required
string

Unique name of the group.

description
string

Optional description of the group.

Responses

Request samples

Content type
application/json
{
  • "name": "testgroup",
  • "description": "qqqqq"
}

Delete a group

Delete a group by its ID.

path Parameters
groupId
required
string

ID of the group to delete

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/groups/%7BgroupId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

List policies attached to a group

Retrieve a paginated list of policies associated with a specific group.

path Parameters
groupId
required
string

ID of the group

query Parameters
name
string

Filter policies by name

pageNumber
required
integer

Page number

pageSize
required
integer

Page size

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/groups/%7BgroupId%7D/policies',
  qs: {
    name: 'SOME_STRING_VALUE',
    pageNumber: 'SOME_INTEGER_VALUE',
    pageSize: 'SOME_INTEGER_VALUE'
  }
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "pageSize": 10,
  • "pageNumber": 0,
  • "totalItems": 1,
  • "totalPages": 1
}

Add IAM user to group

Attach an IAM user to a specific group.

path Parameters
groupId
required
string

ID of the group

userId
required
string

ID of the IAM user

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'POST',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/groups/%7BgroupId%7D/iam-users/%7BuserId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Remove IAM user from group

Detach an IAM user from a specific group.

path Parameters
groupId
required
string

ID of the group

userId
required
string

ID of the IAM user to remove

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/groups/%7BgroupId%7D/iam-users/%7BuserId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

List tags of a group

Retrieve all tags associated with a specific group.

path Parameters
groupId
required
string

ID of the group

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/groups/%7BgroupId%7D/tags'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
{
  • "tags": [
    ]
}

Create tags for a group

Add one or more tags to a specific group.

path Parameters
groupId
required
string

ID of the group

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Request Body schema: application/json
required
required
Array of objects non-empty

Responses

Request samples

Content type
application/json
{
  • "tags": [
    ]
}

Policies

Create a new policy

Create a new IAM policy with specific statements and conditions. You may use the API '/v1/policies/compose-policy' to generate the correct 'statements'.

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Request Body schema: application/json
required
name
string
description
string or null
Array of objects

Responses

Request samples

Content type
application/json
{
  • "name": "testabcd",
  • "description": null,
  • "statements": [
    ]
}

Response samples

Content type
application/json
{
  • "id": "12345678"
}

List IAM policies

Retrieve a paginated list of IAM policies filtered by name if provided.

query Parameters
name
string

Filter by policy name (optional)

pageNumber
required
integer

Page number for pagination

pageSize
required
integer

Number of items per page

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies',
  qs: {
    name: 'SOME_STRING_VALUE',
    pageNumber: 'SOME_INTEGER_VALUE',
    pageSize: 'SOME_INTEGER_VALUE'
  }
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "pageSize": 10,
  • "pageNumber": 0,
  • "totalItems": 1,
  • "totalPages": 1
}

Get IAM policy details

Retrieve detailed information about a specific IAM policy by its ID.

path Parameters
id
required
string

The unique identifier of the IAM policy

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7Bid%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
{
  • "id": "d065a9da-89c9-428b-9de1-4b4256f14dc3",
  • "name": "vStorageHCM04FullAccess",
  • "description": null,
  • "root": 54549,
  • "manager": "user",
  • "scope": "public",
  • "statements": [
    ],
  • "createdAt": 1739807153592
}

Delete IAM policy

Delete a specific IAM policy by its unique identifier.

path Parameters
id
required
string

The unique identifier of the IAM policy

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7Bid%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Update IAM policy

Update an existing IAM policy with new name, description, or statements. You may use the API '/v1/policies/compose-policy' to generate the correct 'statements'.

path Parameters
id
required
string

The unique identifier of the IAM policy to update

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Request Body schema: application/json
required
Schema not provided

Responses

Request samples

Content type
application/json
{
  • "name": "testabcd",
  • "statements": [
    ],
  • "description": null
}

Get IAM users attached to a policy

Retrieve a list of IAM user IDs that are currently attached to the specified policy.

path Parameters
policyId
required
string

The unique identifier of the IAM policy

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/iam-users'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
[
  • "c88741c9-afb1-47cb-8425-8aa3edcd010f"
]

Attach policy to IAM user

Attach a specific IAM policy to an IAM user.

path Parameters
policyId
required
string

The unique identifier of the policy

userId
required
string

The unique identifier of the IAM user

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'POST',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/iam-users/%7BuserId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Detach policy from IAM user

Detach a specific IAM policy from an IAM user.

path Parameters
policyId
required
string

The unique identifier of the policy

userId
required
string

The unique identifier of the IAM user

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/iam-users/%7BuserId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Get service accounts attached to a policy

Retrieve a list of service account IDs that are attached to a specific IAM policy.

path Parameters
policyId
required
string

The unique identifier of the policy

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/service-accounts'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
[
  • "b552a77a-d018-418e-8709-38b9c12501bf"
]

Attach a policy to a service account

Attach the specified policy to a given service account.

path Parameters
policyId
required
string

The unique identifier of the policy

saId
required
string

The unique identifier of the service account

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'POST',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/service-accounts/%7BsaId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Detach a policy from a service account

Remove the specified policy from a given service account.

path Parameters
policyId
required
string

The unique identifier of the policy

saId
required
string

The unique identifier of the service account

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/service-accounts/%7BsaId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

List groups attached to a policy

Retrieve a list of groups that have the specified policy attached.

path Parameters
policyId
required
string

The unique identifier of the policy

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/groups'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
[
  • {
    }
]

Attach a policy to a group

Attach the specified policy to a given group.

path Parameters
policyId
required
string

The ID of the policy to attach

groupId
required
string

The ID of the group to attach the policy to

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'POST',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/groups/%7BgroupId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Detach a policy from a group

Remove the specified policy from a given group.

path Parameters
policyId
required
string

The ID of the policy to detach

groupId
required
string

The ID of the group to remove the policy from

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'DELETE',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/groups/%7BgroupId%7D'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

List tags of a policy

Retrieve all key-value tags associated with a specific policy.

path Parameters
policyId
required
string

The ID of the policy to get tags for

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/policies/%7BpolicyId%7D/tags'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
{
  • "tags": [
    ]
}

Create or attach tags to a policy

Add one or more key-value tags to a specific policy.

path Parameters
policyId
required
string

The ID of the policy to attach tags to

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Request Body schema: application/json
required
Schema not provided

Responses

Request samples

Content type
application/json
{
  • "tags": [
    ]
}

Delete tags from a policy

Remove one or more tags from a specific policy by their keys.

path Parameters
policyId
required
string

The ID of the policy to remove tags from

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Request Body schema: application/json
required
Schema not provided

Responses

Request samples

Content type
application/json
{
  • "keys": [
    ]
}

Compose IAM policy statements

Analyze and split IAM policy statements into more specific and valid sets of permissions.

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Request Body schema: application/json
required
Schema not provided

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
[
  • {
    },
  • {
    },
  • {
    },
  • {
    }
]

Products

List all products

Retrieve a list of all available product identifiers.

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {method: 'GET', url: 'https://iamapis.vngcloud.vn/policies-api/v1/products'};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
[
  • "vmonitor",
  • "iam",
  • "vserver"
]

Resources

List available resources

Retrieve all resources or filter them by product.

query Parameters
product
string

Filter resources by product name.

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/resources',
  qs: {product: 'SOME_STRING_VALUE'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
[
  • {
    }
]

User Attachments

List policies attached to an IAM user

Retrieve all policies that are currently attached to a specific IAM user.

path Parameters
userId
required
string

ID of the IAM user

query Parameters
name
string
Example: name=FullAccessPolicy

Filter policies by name (optional)

pageNumber
required
integer
Example: pageNumber=0

Page number for pagination

pageSize
required
integer
Example: pageSize=10

Number of items per page

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/user-attachments/iam-users/%7BuserId%7D/policies',
  qs: {name: 'FullAccessPolicy', pageNumber: '0', pageSize: '10'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "pageSize": 10,
  • "pageNumber": 0,
  • "totalItems": 1,
  • "totalPages": 1
}

List policies attached to a Service Account

Retrieve all policies currently attached to a specific Service Account.

path Parameters
userId
required
string

ID of the Service Account

query Parameters
name
string
Example: name=StorageFullAccess

Filter policies by name (optional)

pageNumber
required
integer
Example: pageNumber=0

Page number for pagination

pageSize
required
integer
Example: pageSize=10

Number of items per page

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/user-attachments/service-accounts/%7BuserId%7D/policies',
  qs: {name: 'StorageFullAccess', pageNumber: '0', pageSize: '10'}
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "pageSize": 10,
  • "pageNumber": 0,
  • "totalItems": 1,
  • "totalPages": 1
}

List groups of an IAM User

Retrieve all IAM groups that the specified IAM User belongs to.

path Parameters
userId
required
string

ID of the IAM User

header Parameters
Authorization
required
string
Example: Bearer iam_token

Bearer token

Responses

Request samples 

const request = require('request');

const options = {
  method: 'GET',
  url: 'https://iamapis.vngcloud.vn/policies-api/v1/user-attachments/iam-users/%7BuserId%7D/groups'
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Response samples

Content type
application/json
[
  • {
    }
]