- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Access Key
- User Groups
- Role
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Policies
- Permissions Boundary
- Troubleshooting
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Practical Tutorial
- Security Practical Tutorial
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- Authorizing Sub-account Full Access to COS Resources under the Account
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- Authorizing Sub-account Read-only Access to VPCs
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
- Product Introduction
- Purchase Guide
- Getting Started
- User Guide
- Overview
- Users
- Access Key
- User Groups
- Role
- Identity Provider
- SSO Overview
- Practical Scenarios for SSO
- User-Based SSO
- Role-Based SSO
- Overview
- Overview of SAML Role-Based SSO
- Overview of OIDC Role-Based Single Sign-On
- SAML 2.0-Based Federation
- Accessing Tencent Cloud Console as SAML 2.0 Federated Users
- Creating a SAML IdP
- Creating an OIDC Identity Provider
- Managing IdPs
- Azure Active Directory Single Sign-On
- OneLogin Single Sign-On
- Okta Single Sign-On
- ADFS SSO to Tencent Cloud
- Implementing OIDC-Based Role-Based SSO
- Policies
- Permissions Boundary
- Troubleshooting
- Downloading Security Analysis Report
- CAM-Enabled Role
- Overview
- Compute
- Container
- Microservice
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Data Security
- Application Security
- Domains & Websites
- Big Data
- Middleware
- Interactive Video Services
- Media On-Demand
- Cloud Real-time Rendering
- Game Services
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- CAM-Enabled API
- Overview
- Compute
- Edge Computing
- Container
- Distributed cloud
- Microservice
- Serverless
- Essential Storage Service
- Data Process and Analysis
- Data Migration
- Relational Database
- Enterprise Distributed DBMS
- NoSQL Database
- Database SaaS Tool
- Networking
- CDN and Acceleration
- Network Security
- Endpoint Security
- Data Security
- Business Security
- Application Security
- Domains & Websites
- Big Data
- Voice Technology
- Image Creation
- AI Platform Service
- Natural Language Processing
- Optical Character Recognition
- Middleware
- Communication
- Interactive Video Services
- Stream Services
- Media On-Demand
- Media Process Services
- Cloud Real-time Rendering
- Game Services
- Education Sevices
- Cloud Resource Management
- Management and Audit Tools
- Monitor and Operation
- More
- Practical Tutorial
- Security Practical Tutorial
- Multi-Identity Personnel Permission Management
- Authorizing Certain Operations by Tag
- Supporting Isolated Resource Access for Employees
- Enterprise Multi-Account Permissions Management
- Reviewing Employee Operation Records on Tencent Cloud
- Implementing Attribute-Based Access Control for Employee Resource Permissions Management
- During tag-based authentication, only tag key matching is supported
- Business Use Cases
- TencentDB for MySQL
- CLB
- CMQ
- COS
- Authorizing Sub-account Full Access to Specific Directory
- Authorizing Sub-account Read-only Access to Files in Specific Directory
- Authorizing Sub-account Read/Write Access to Specific File
- Authorizing Sub-account Read-only Access to COS Resources
- Authorizing a Sub-account Read/Write Access to All Files in Specified Directory Except Specified Files
- Authorizing Sub-account Read/Write Access to Files with Specified Prefix
- Authorizing Another Account Read/Write Access to Specific Files
- Authorizing Cross-Account ’s Sub-account Read/Write Access to Specified File
- Authorizing Sub-account Full Access to COS Resources under the Account
- CVM
- Authorizing Sub-account Full Access to CVMs
- Authorizing Sub-account Read-only Access to CVMs
- Authorizing Sub-account Read-only Access to CVM-related Resources
- Authorizing Sub-account Access to Perform Operations on CBSs
- Authorizing Sub-account Access to Perform Operations on Security Groups
- Authorizing Sub-account Access to Perform Operations on EIPs
- Authorizing Sub-account Access to Perform Operations on Specific CVM
- Authorizing Sub-account Access to Perform Operations on CVMs in Specific Region
- Authorizing Sub-account Full Access to CVMs Except Payment
- VPC
- Authorizing Sub-account Access to Perform Operations on Specific VPC and Resources of This VPC
- Authorizing Sub-account Access to Perform Operations on VPC Except on Routing Table
- Authorizing Sub-account Access to Perform Operations on VPN
- Authorizing Sub-account Full Access to VPCs
- Authorizing a Sub-account Full Access to VPCs Except Payment
- Authorizing Sub-account Read-only Access to VPCs
- VOD
- Others
- API Documentation
- History
- Introduction
- API Category
- User APIs
- DescribeSafeAuthFlagColl
- CreateGroup
- UpdateUser
- UpdateGroup
- RemoveUserFromGroup
- ListUsersForGroup
- ListUsers
- ListGroupsForUser
- ListGroups
- GetUser
- GetGroup
- DeleteUser
- DeleteGroup
- AddUserToGroup
- AddUser
- SetMfaFlag
- GetCustomMFATokenInfo
- ConsumeCustomMFAToken
- ListCollaborators
- ListAccessKeys
- PutUserPermissionsBoundary
- DeleteUserPermissionsBoundary
- DescribeSubAccounts
- GetSecurityLastUsed
- GetAccountSummary
- GetUserAppId
- UpdateAccessKey
- DeleteAccessKey
- CreateAccessKey
- Making API Requests
- Identity Provider APIs
- Policy APIs
- UpdatePolicy
- ListPolicies
- ListEntitiesForPolicy
- ListAttachedUserPolicies
- ListAttachedGroupPolicies
- GetPolicy
- DetachUserPolicy
- DetachGroupPolicy
- DeletePolicy
- CreatePolicy
- AttachUserPolicy
- AttachGroupPolicy
- SetDefaultPolicyVersion
- ListPolicyVersions
- GetPolicyVersion
- DeletePolicyVersion
- CreatePolicyVersion
- ListAttachedUserAllPolicies
- Role APIs
- UpdateRoleDescription
- UpdateAssumeRolePolicy
- ListAttachedRolePolicies
- GetRole
- DetachRolePolicy
- DescribeRoleList
- DeleteRole
- CreateRole
- AttachRolePolicy
- UpdateRoleConsoleLogin
- GetServiceLinkedRoleDeletionStatus
- DeleteServiceLinkedRole
- CreateServiceLinkedRole
- PutRolePermissionsBoundary
- DeleteRolePermissionsBoundary
- DescribeSafeAuthFlag
- DescribeSafeAuthFlagIntl
- UntagRole
- TagRole
- Data Types
- Error Codes
- FAQs
- Glossary
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| SSL Certification | ssl | Supported | Supported | Resource level | Partially supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AddOneClickHttpsCnameRecord | add oneclick https canme record | Operation level | * | Supported |
| AddWafProtection | Add Waf protection to the domain name | Resource level | qcs::ssl::uin/:certificate/${CertificateId} | Supported |
| ApplyCertificate | Request a free certificate | Operation level | * | Supported |
| BatchDeleteCSR | Batch Delete CSR | Resource level | qcs::ssl::uin/${uin}:csr/${CSRId} | Supported |
| CancelAuditCertificate | Cancel certificate review | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| CancelCertificateApply | Cancellation of Paid Certificate Application | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| CancelCertificateOrder | Cancel Certificate Signing Request From CA | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| CancelHostingCertificates | Cancel certificate hosting | Resource level | qcs::ssl::uin/${uin}:* | Supported |
| CancelRevoke | cancel revoked certificate | Resource level | qcs::ssl::uin/:certificate/${CertificateId} | Supported |
| CertificateInfoSubmit | Submit certificate information | Resource level | qcs::ssl::uin/${uin}:certificate/${CertId} | Supported |
| CertificateOrderSubmit | Submit certificate order | Resource level | qcs::ssl::uin/${uin}:certificate/${CertId} | Supported |
| CertificateReviewProcessing | Reminder based on certificate ID | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| CommitCertificateInformation | Commit Certificate Signing Request To CA | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| CompleteCertificate | actively trigger certificate verification. | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| CreateCSR | Create CSR | Operation level | * | Supported |
| CreateCertificate | Create certificate order and pay auto | Operation level | * | Supported |
| CreateCertificateBindResourceSyncTask | Create a certificate-associated cloud resource asynchronous task | Operation level | * | Supported |
| CreateCertificateByPackage | Create certificates using stake points | Operation level | * | Supported |
| CreateCompany | Create a pre-approved company | Operation level | * | Supported |
| CreateHostingCertificate | Create certificate hosting | Resource level | qcs::ssl::uin/${uin}:* | Supported |
| CreateManager | Create a pre-approved company administrator | Resource level | qcs::ssl::uin/${uin}:company/${CompanyId} | Supported |
| CreateManagerDomain | Create manager domain | Resource level | qcs::ssl::uin/${uin}:manager/${ManagerId} | Supported |
| CreatePrivateCACertificate | Create Private CA Certificate | Operation level | * | Supported |
| CreatePrivateRootCA | Create Private Root CA | Operation level | * | Supported |
| CreatePrivateSubCA | Create Private Sub CA | Operation level | * | Supported |
| CreateSaasWafForDnsPod | Open small and micro enterprise version waf | Operation level | * | Supported |
| CreateWafCnameRecord | Add Waf\'s Cname resolution record to DNSPod | Operation level | * | Supported |
| DeleteCertificate | Delete Certificate | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| DeleteCertificates | Batch Delete Certificates | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DeleteCompany | delete company | Resource level | qcs::ssl::uin/${uin}:company/${CompanyId} | Supported |
| DeleteHostingCertificates | Remove certificate hosting | Resource level | qcs::ssl::uin/${uin}:* | Supported |
| DeleteManager | Delete Manager | Resource level | qcs::ssl::uin/${uin}:manager/${ManagerId} | Supported |
| DeleteManagerDomain | delete manager domain name | Resource level | qcs::ssl::uin/${uin}:manager/${ManagerId} | Supported |
| DeleteOneClickHttps | Delete a one-click https instance | Operation level | * | Supported |
| DeletePrivateCAResource | Delete Private CA Resource | Operation level | * | Supported |
| DeleteWafProtection | Delete waf domain name protection | Operation level | * | Supported |
| DeployCertificateInstance | List of certificates deployed to cloud resource instances | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DeployCertificateRecordRetry | Cloud resource deployment retry deployment record | Operation level | * | Supported |
| DeployCertificateRecordRollback | One-click rollback of cloud resource deployment | Operation level | * | Supported |
| DownloadCertificate | Download Certificate | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| ModifyCSR | modify csr Infomation | Resource level | qcs::ssl::uin/${uin}:csr/${CSRId} | Supported |
| ModifyCertificateAlias | Modify Certificate Alias | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| ModifyCertificateDownloadLimitSwitch | Modify Certificate Download Limit | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| ModifyCertificateName | Modify Certificate Alias | Operation level | * | Supported |
| ModifyCertificateProject | Assign Certificate To Project | Resource level | qcs::ssl::uin/:certificate/${CertificateIdList} | Supported |
| ModifyCertificateResubmit | Re-initiate the audit for paid certificates that fail the audit or cancel the audit | Resource level | qcs::ssl::uin/:certificate/${CertificateId} | Supported |
| ModifyCertificateTags | Modify the certificate label | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| ModifyCertificatesExpiringNotificationSwitch | Modified to ignore certificate expiration notifications. Turn certificate expiration notifications on or off. | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| ModifyCloudMonitorCertificates | Modify the cloud monitoring certificate | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| ModifyCompany | Modify pre-approved company information | Resource level | qcs::ssl::uin/${uin}:company/${CompanyId} | Supported |
| ModifyDomainAuthMethod | Modify the certificate domain name verification method | Resource level | qcs::ssl::uin/:certificate/${CertificateId} | Supported |
| ModifyDomainVerification | Modify domain name verification method | Operation level | * | Supported |
| ModifyHostingCertificate | Modify certificate hosting configuration | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| ModifyHostingRelatedCertificate | Modify Managed hosting Certificates | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| ModifyManager | Modify pre-approval manager | Resource level | qcs::ssl::uin/${uin}:manager/${ManagerId} | Supported |
| ModifyOneClickHttpsDomain | Modify one-click https domain | Operation level | * | Supported |
| ModifyOneClickHttpsDomainAuthMethod | Modify one-click https domain name verification method | Operation level | * | Supported |
| ModifyOneClickHttpsInit | One-click https initialization | Operation level | * | Supported |
| ModifyWafProtection | Modify the domain name to add Waf protection | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| ModifyWafProtectionStatus | Modify the enabled status of waf domain name protection | Operation level | * | Supported |
| ReceiveVoucherByActivity | Receive Activity Voucher | Operation level | * | Supported |
| RefundCertificate | Self Refund | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| RefundCertificateByPackage | Certificate return benefits | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| RefundOneClickHttps | One-click refund for https instances | Operation level | * | Supported |
| ReplaceCertificate | reissue certificate | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| ReplaceCertificateRecordRetry | Managed certificate resource replacement failed record retry | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| ReplaceCertificateRecordRollback | Certificate hosting Resource Replacement Success Record Rollback | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| RevokeCertificate | revoke certificate | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| RevokePrivateCA | Revoke Private CA | Operation level | * | Supported |
| RevokePrivateCACertificate | Revoke Private CA Certificate | Operation level | * | Supported |
| SetAutoRenewFlag | This interface (SetAutoRenewFlag) is used to set the certificate automatic renewal flag | Resource level | qcs::ssl::uin/:certificate/${CertId} | Supported |
| SubmitAuditManager | Resubmit to the review manager | Resource level | qcs::ssl::uin/${uin}:manager/${ManagerId} | Supported |
| SubmitCertificateInformation | Submit Certificate Signing Request Information | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| SubmitOneClickHttpsDomain | Submit one-click https domain name | Operation level | * | Supported |
| TransferInPackage | Transfer to equity points | Operation level | * | Supported |
| TransferOutPackage | Transfer Out Equity Points | Operation level | * | Supported |
| UpdateBindResourceCertificateConfig | Update the configuration information of the associated cloud resource certificate | Operation level | * | Supported |
| UpdateCertificateInstance | One-click update of old certificate resources | Operation level | * | Supported |
| UpdateCertificateRecordRetry | Cloud resource update retry deployment record | Operation level | * | Supported |
| UpdateCertificateRecordRollback | One-click rollback of cloud resource updates | Operation level | * | Supported |
| UpdateUploadedCertificate | Update an uploaded certificate | Resource level | qcs::ssl::uin/:certificate/{CertificateId} | Supported |
| UploadConfirmLetter | upload confirm letter | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| UploadConfirmLetterFile | This interface (UploadConfirmLetterFile) is used to upload the certificate confirmation letter file. | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| UploadExclusiveCertificate | Upload the certificate. If you upload the same certificate content, the previous certificate ID will be returned directly. | Operation level | * | Supported |
| UploadRevokeLetter | Upload revoke letter | Resource level | qcs::ssl::uin/$uin:certificate/$CertificateId | Supported |
| UploadRevokeLetterFile | This interface (UploadRevokeLetterFile) is used to upload the certificate revocation confirmation letter file. | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| UploadSMCertificate | Upload the national secret certificate | Operation level | * | Supported |
| VerifyDomainAgain | Administrator domain name resubmission for verification | Operation level | * | Supported |
| VerifyManager | Re-verify the manager | Resource level | qcs::ssl::uin/${uin}:manager/${ManagerId} | Supported |
| VerifyManagerDomain | Pre-approved domain names actively trigger verification | Operation level | * | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| CheckCSRAndPrivateKey | Check CSR And Private Key Matched | Operation level | * | Supported |
| CheckCertificate | Certificate check | Operation level | * | Supported |
| CheckCertificateChain | This interface (CheckCertificateChain) is used to check whether the certificate chain is complete. | Operation level | * | Supported |
| CheckCertificateDomainVerification | check certificate domain verification | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| CheckCreateFreeCertificate | This interface (CheckCreateFreeCertificate) is used to check whether the domain name and account can create a free certificate | Operation level | * | Supported |
| CheckDomainCAA | Check whether the domain name has passed CAA verification | Operation level | * | Supported |
| CheckDomainResolvedInDNSPod | Check whether the domain name is resolved normally in DNSPod | Operation level | * | Supported |
| CheckInsureWhiteList | Detect whitelist list of insured price | Operation level | * | Supported |
| CheckIntermediateCertIsSame | check intermediate cert is same | Operation level | * | Supported |
| CheckInternalAccount | Check whether it is an internal account | Operation level | * | Supported |
| CheckOneClickHttpsDomain | One-Click https check domain | Operation level | * | Supported |
| CheckOneClickHttpsDomainVerification | Detect one-click https domain name verification | Operation level | * | Supported |
| DeployCertificateClbInstance | Deploy the certificate to the clb cloud resource instance list | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeActivityVoucherReceived | Describe Activity Voucher Received Number | Operation level | * | Supported |
| DescribeAverageIssueTime | Obtain the average certificate issuance time | Operation level | * | Supported |
| DescribeBindResourceCertificateConfig | Query the configuration information of the associated cloud resource certificate | Operation level | * | Supported |
| DescribeCAARecords | Query domain name CAA records | Operation level | * | Supported |
| DescribeCSR | Describe CSR Infomation | Resource level | qcs::ssl::uin/${uin}:csr/${CSRId} | Supported |
| DescribeCSRContent | Parse CSR Content | Operation level | * | Supported |
| DescribeCSRSet | Describe CSR Set | Resource level | qcs::ssl::uin/${uin}:csr/${CSRId} | Supported |
| DescribeCertificate | Get certificate information | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeCertificateBindResourceTaskDetail | Query the result of the certificate association cloud resource task - return the association details | Operation level | * | Supported |
| DescribeCertificateBindResourceTaskResult | Query the result of the cloud resource task associated with the certificate - only the total number is returned | Operation level | * | Supported |
| DescribeCertificateBindResources | describe certificate Bound cloud resources | Operation level | * | Supported |
| DescribeCertificateDetail | Get certificate details | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeCertificateDomainMonitorStatusFromSSLPod | Query the domain name of the certificate corresponding to the monitoring status of SSLPod | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeCertificateOperateLogs | Get Certificate Operate Log List | Operation level | * | Supported |
| DescribeCertificateOwners | Get additional information about the certificate holder | Operation level | * | Supported |
| DescribeCertificateWebServer | Query the domain name subject associated with the certificate The deployed WebSerber service type can only check single domain name certificates | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeCertificates | Operation level | * | not supported | |
| DescribeCertificatesByDomains | Obtain a list of certificates by domain name | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeCertificatesMatchDomains | Obtain a list of certificates by domain name | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeCloudMonitorCertificates | Get list of certificates with cloud monitoring status | Operation level | * | Supported |
| DescribeCompanies | Query company list | Resource level | qcs::ssl::uin/${uin}:company/${CompanyId} | Supported |
| DescribeConfirmLetterDownloadUrl | Describe Confirm Letter Download Url | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeDNSPodSaaSAllDomain | Query all domain names protected by waf for small and micro enterprises | Operation level | * | Supported |
| DescribeDNSPodSaaSInfo | Query the domain name protection details of the small and micro enterprise version | Operation level | * | Supported |
| DescribeDNSPodSaaSList | Small and Micro Enterprise Edition Waf Instance Protection List | Operation level | * | Supported |
| DescribeDeleteCertificatesTaskResult | Describe Delete Certificates Task Result | Operation level | * | Supported |
| DescribeDeployedResources | Certificate query associated resources | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeDnsResolution | Query whether DNS resolution takes effect in batches | Operation level | * | Supported |
| DescribeDomainInIcp | Query whether the domain name is filed | Operation level | * | Supported |
| DescribeDomainValidateOptions | This interface (DescribeDomainValidateOptions) is used to query domain name validation options | Operation level | * | Supported |
| DescribeDomainVerification | Obtain pre-approved domain verification information | Operation level | * | Supported |
| DescribeDomainVerificationMethods | Query the verification method of the domain name | Operation level | * | Supported |
| DescribeDomainVerifyInWaf | Query whether the domain name can add waf | Operation level | * | Supported |
| DescribeDownloadCertificateUrl | Get the download certificate link | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeExpiringCertificates | Query for certificates that are about to expire | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeFreeCertificateList | This interface (DescribeFreeCertificateList) is used to obtain the free certificate application list. | Resource level | qcs::ssl::uin/${uin}:* | Supported |
| DescribeFreeQuota | Query the free certificate quota | Operation level | * | Supported |
| DescribeHostApiGatewayInstanceList | Query the list of certificate apiGateway cloud resource deployment instances | Operation level | * | Supported |
| DescribeHostCdnInstanceList | Query the list of certificate CDN cloud resource deployment instances | Operation level | * | Supported |
| DescribeHostClbInstanceList | Query the list of certificate clb cloud resource deployment instances | Operation level | * | Supported |
| DescribeHostCosInstanceList | Query the list of certificate cos cloud resource deployment instances | Operation level | * | Supported |
| DescribeHostDdosInstanceList | Query the list of certificate ddos cloud resource deployment instances | Operation level | * | Supported |
| DescribeHostDeployRecord | Query the list of certificate cloud resource deployment records | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeHostDeployRecordDetail | Query the detailed list of certificate cloud resource deployment records | Operation level | * | Supported |
| DescribeHostDisasterConfig | Query certificate automated disaster downgrade configuration | Operation level | * | Supported |
| DescribeHostLighthouseInstanceList | Querying the List of Certificate Lighthouse Cloud Resource Deployment Instances | Operation level | * | Supported |
| DescribeHostLiveInstanceList | Query the list of certificate live cloud resource deployment instances | Operation level | * | Supported |
| DescribeHostTCMInstanceList | Query the list of deployable instances of the Container Service Gateway | Operation level | * | not supported |
| DescribeHostTSEInstanceList | Query the list of deployable instances of the certificate native gateway | Operation level | * | Supported |
| DescribeHostTeoInstanceList | Query the list of certificate teo cloud resource deployment instances | Operation level | * | Supported |
| DescribeHostTkeInstanceList | Query certificate tke cloud resource deployment instance list | Operation level | * | Supported |
| DescribeHostUpdateRecord | Query the list of certificate cloud resource update records | Operation level | * | Supported |
| DescribeHostUpdateRecordDetail | Query the detailed list of certificate cloud resource update records | Operation level | * | Supported |
| DescribeHostVodInstanceList | Querying the List of Certificate Vod Cloud Resource Deployment Instances | Operation level | * | Supported |
| DescribeHostWafInstanceList | Query the list of certificate waf cloud resource deployment instances | Operation level | * | Supported |
| DescribeHostingList | Describe the certificate hosting list | Resource level | qcs::ssl::uin/${uin}:* | Supported |
| DescribeHostingReplaceRecordDetail | Query the details of certificate hosting resource deployment records | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeManagerDetail | Describe Manager Detail Info | Resource level | qcs::ssl::uin/${uin}:manager/${ManagerId} | Supported |
| DescribeManagerDomains | Query the domain name of the administrator | Resource level | qcs::ssl::uin/${uin}:manager/${ManagerId} | Supported |
| DescribeManagers | DescribeManagers | Resource level | qcs::ssl::uin/${uin}:company/${CompanyId} | Supported |
| DescribeOneClickDetail | One-Click https detail | Operation level | * | Supported |
| DescribePackage | Get the benefits package details | Operation level | * | not supported |
| DescribePackageConsumeByCertificates | Query the consumption information of interest points according to the certificate ID | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribePackageLogs | Obtain the operation details of the benefit package | Operation level | * | Supported |
| DescribePackages | Get a list of benefit packages | Operation level | * | Supported |
| DescribePeakPoints | Get the peak QPS of multiple time periods | Operation level | * | Supported |
| DescribePeakQps | Get the client\'s QPS peak value | Operation level | * | Supported |
| DescribePreDetectionRecords | Query the certificate records that failed the pre-test | Resource level | qcs::ssl::uin/${uin}:* | Supported |
| DescribePrivateCACertificate | Describe Private CA Certificate Detail | Operation level | * | Supported |
| DescribePrivateRootCA | Describe Private Root CA Detail | Operation level | * | Supported |
| DescribePrivateSubCA | Describe Private Sub CA Detail | Operation level | * | Supported |
| DescribeRecommendWildcardCertificates | Describe Recommend Buy Wildcard Certificates | Operation level | * | Supported |
| DescribeRecordExisted | Query whether there is a corresponding resolution record for the domain name | Operation level | * | Supported |
| DescribeResourceInstanceCount | Query the list of certificate clb cloud resource deployment instances | Operation level | * | Supported |
| DescribeRevokeLetterDownloadUrl | Describe Revoke Letter Download Url | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeRevokeLetterInfo | Describe Revoke Letter information | Resource level | qcs::ssl::uin/${uin}:certificate/${CertificateId} | Supported |
| DescribeTCBEnvironments | Describe TCB Environments | Operation level | * | Supported |
| DescribeTopDomainQuota | Query the free certificate main domain quota | Operation level | * | Supported |
| DescribeUploadLetterPreSignUrl | This interface (DescribeUploadLetterPreSignUrl) is used to generate a pre-signed link | Resource level | qcs::ssl::uin/:certificate/${CertificateId} | Supported |
| DescribeVIPLevel | Query user VIP level | Operation level | * | Supported |
| DescribeWafCnameRecords | Batch query whether there are Cname records | Operation level | * | Supported |
| DescribeWafInstancePackageInfo | waf instance package details | Operation level | * | Supported |
| DescribeWafInstances | Get the list of user Waf instances | Operation level | * | Supported |
| DescribeWafProtectionList | Query the Waf Instance Protection List for Non-Small and Micro Enterprises | Operation level | * | Supported |
| DownloadPrivateCA | Download PrivateCA | Operation level | * | Supported |
| GetCertificatePrice | get certificate price | Operation level | * | Supported |
| GetInnerCertByFingerprint | Query internal account certificate information by certificate fingerprint | Operation level | * | not supported |
| GetUbiTradeParam | get ubi trade param | Operation level | * | not supported |
| GetUserProject | Get user project | Operation level | * | Supported |
| UploadCertificate | Upload Certificate | Operation level | * | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeCountGroupByStatus | Obtain the number of certificates according to the state | Operation level | * | Supported |
| DescribeOneClickList | One-Click https list | Operation level | * | Supported |
| DescribePrivateCACertificates | Describe Private CA Certificate List | Operation level | * | Supported |
| DescribePrivateRootCAs | Describe Private Root CA List | Operation level | * | Supported |
Yes
No
Was this page helpful?