# User management

## List all users 

> List all the users in your account.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Users":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/User"}},"offset":{"$ref":"#/components/schemas/PaginationOffsetOptional"},"limit":{"$ref":"#/components/schemas/PaginationLimitOptional"},"_links":{"$ref":"#/components/schemas/PaginationLinks"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"User":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/UserMetadata"},"properties":{"$ref":"#/components/schemas/UserProperties"},"entities":{"$ref":"#/components/schemas/UsersEntities"}}},"UserMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The time the user was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who has created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"lastLogin":{"type":"string","description":"The time of the last login by the user.","format":"date-time","readOnly":true}}},"UserProperties":{"type":"object","properties":{"firstname":{"type":"string","description":"The first name of the user."},"lastname":{"type":"string","description":"The last name of the user."},"email":{"type":"string","description":"The email address of the user."},"administrator":{"type":"boolean","description":"Indicates if the user has admin rights."},"forceSecAuth":{"type":"boolean","description":"Indicates if secure authentication should be forced on the user."},"secAuthActive":{"type":"boolean","description":"Indicates if secure authentication is active for the user."},"s3CanonicalUserId":{"type":"string","description":"Canonical (Object storage) ID of the user for a given identity."},"active":{"type":"boolean","description":"Indicates if the user is active."}}},"UsersEntities":{"type":"object","description":"Collection of entity references associated with a user.","properties":{"owns":{"$ref":"#/components/schemas/ResourcesUsersRef"},"groups":{"$ref":"#/components/schemas/GroupUsersRef"},"s3Keys":{"$ref":"#/components/schemas/S3KeysRef"}}},"ResourcesUsersRef":{"type":"object","description":"Reference to resources owned by a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"GroupUsersRef":{"type":"object","description":"Reference to groups a user belongs to (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"S3KeysRef":{"type":"object","description":"Reference to S3 keys associated with a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"PaginationOffsetOptional":{"type":"number","description":"The offset (if specified in the request)."},"PaginationLimitOptional":{"type":"number","description":"The limit (if specified in the request)."},"PaginationLinks":{"type":"object","properties":{"prev":{"type":"string","description":"URL (with offset and limit parameters) of the previous page; only present if offset is greater than 0.","format":"uri","readOnly":true},"self":{"type":"string","description":"URL (with offset and limit parameters) of the current page.","format":"uri","readOnly":true},"next":{"type":"string","description":"URL (with offset and limit parameters) of the next page; only present if offset + limit is less than the total number of elements.","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/users":{"get":{"tags":["User management"],"summary":"List all users ","description":"List all the users in your account.","operationId":"umUsersGet","parameters":[{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}},{"name":"offset","in":"query","description":"The first element (from the complete list of the elements) to include in the response (used together with <b><i>limit</i></b> for pagination).","schema":{"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"limit","in":"query","description":"The maximum number of elements to return (use together with <code>offset</code> for pagination).","schema":{"maximum":100,"minimum":1,"type":"integer","format":"int32","default":100}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Users"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Create users

> Create a user.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"UserPost":{"required":["properties"],"type":"object","properties":{"properties":{"$ref":"#/components/schemas/UserPropertiesPost"}}},"UserPropertiesPost":{"type":"object","properties":{"firstname":{"type":"string","description":"The first name of the user."},"lastname":{"type":"string","description":"The last name of the user."},"email":{"type":"string","description":"The email address of the user."},"administrator":{"type":"boolean","description":"Indicates if the user has admin rights."},"forceSecAuth":{"type":"boolean","description":"Indicates if secure authentication should be forced on the user."},"secAuthActive":{"type":"boolean","description":"Indicates if secure authentication is active for the user."},"password":{"type":"string","description":"User password."},"active":{"type":"boolean","description":"Indicates if the user is active."}}},"User":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/UserMetadata"},"properties":{"$ref":"#/components/schemas/UserProperties"},"entities":{"$ref":"#/components/schemas/UsersEntities"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"UserMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The time the user was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who has created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"lastLogin":{"type":"string","description":"The time of the last login by the user.","format":"date-time","readOnly":true}}},"UserProperties":{"type":"object","properties":{"firstname":{"type":"string","description":"The first name of the user."},"lastname":{"type":"string","description":"The last name of the user."},"email":{"type":"string","description":"The email address of the user."},"administrator":{"type":"boolean","description":"Indicates if the user has admin rights."},"forceSecAuth":{"type":"boolean","description":"Indicates if secure authentication should be forced on the user."},"secAuthActive":{"type":"boolean","description":"Indicates if secure authentication is active for the user."},"s3CanonicalUserId":{"type":"string","description":"Canonical (Object storage) ID of the user for a given identity."},"active":{"type":"boolean","description":"Indicates if the user is active."}}},"UsersEntities":{"type":"object","description":"Collection of entity references associated with a user.","properties":{"owns":{"$ref":"#/components/schemas/ResourcesUsersRef"},"groups":{"$ref":"#/components/schemas/GroupUsersRef"},"s3Keys":{"$ref":"#/components/schemas/S3KeysRef"}}},"ResourcesUsersRef":{"type":"object","description":"Reference to resources owned by a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"GroupUsersRef":{"type":"object","description":"Reference to groups a user belongs to (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"S3KeysRef":{"type":"object","description":"Reference to S3 keys associated with a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/users":{"post":{"tags":["User management"],"summary":"Create users","description":"Create a user.","operationId":"umUsersPost","parameters":[{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The user to create.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserPost"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/User"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Retrieve users

> Retrieve user properties by user ID. The user ID is in the response body when the user is created, and in the list of the users, returned by GET.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"User":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/UserMetadata"},"properties":{"$ref":"#/components/schemas/UserProperties"},"entities":{"$ref":"#/components/schemas/UsersEntities"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"UserMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The time the user was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who has created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"lastLogin":{"type":"string","description":"The time of the last login by the user.","format":"date-time","readOnly":true}}},"UserProperties":{"type":"object","properties":{"firstname":{"type":"string","description":"The first name of the user."},"lastname":{"type":"string","description":"The last name of the user."},"email":{"type":"string","description":"The email address of the user."},"administrator":{"type":"boolean","description":"Indicates if the user has admin rights."},"forceSecAuth":{"type":"boolean","description":"Indicates if secure authentication should be forced on the user."},"secAuthActive":{"type":"boolean","description":"Indicates if secure authentication is active for the user."},"s3CanonicalUserId":{"type":"string","description":"Canonical (Object storage) ID of the user for a given identity."},"active":{"type":"boolean","description":"Indicates if the user is active."}}},"UsersEntities":{"type":"object","description":"Collection of entity references associated with a user.","properties":{"owns":{"$ref":"#/components/schemas/ResourcesUsersRef"},"groups":{"$ref":"#/components/schemas/GroupUsersRef"},"s3Keys":{"$ref":"#/components/schemas/S3KeysRef"}}},"ResourcesUsersRef":{"type":"object","description":"Reference to resources owned by a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"GroupUsersRef":{"type":"object","description":"Reference to groups a user belongs to (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"S3KeysRef":{"type":"object","description":"Reference to S3 keys associated with a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/users/{userId}":{"get":{"tags":["User management"],"summary":"Retrieve users","description":"Retrieve user properties by user ID. The user ID is in the response body when the user is created, and in the list of the users, returned by GET.","operationId":"umUsersFindById","parameters":[{"name":"userId","in":"path","description":"The unique ID of the user.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/User"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Modify users

> Modify the properties of the specified user.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"UserPut":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier."},"properties":{"$ref":"#/components/schemas/UserPropertiesPut"}}},"UserPropertiesPut":{"type":"object","properties":{"firstname":{"type":"string","description":"The first name of the user."},"lastname":{"type":"string","description":"The last name of the user."},"email":{"type":"string","description":"The email address of the user."},"password":{"type":"string","description":"password of the user"},"administrator":{"type":"boolean","description":"Indicates if the user has admin rights."},"forceSecAuth":{"type":"boolean","description":"Indicates if secure authentication should be forced on the user."},"secAuthActive":{"type":"boolean","description":"Indicates if secure authentication is active for the user."},"active":{"type":"boolean","description":"Indicates if the user is active."}}},"User":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/UserMetadata"},"properties":{"$ref":"#/components/schemas/UserProperties"},"entities":{"$ref":"#/components/schemas/UsersEntities"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"UserMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The time the user was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who has created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"lastLogin":{"type":"string","description":"The time of the last login by the user.","format":"date-time","readOnly":true}}},"UserProperties":{"type":"object","properties":{"firstname":{"type":"string","description":"The first name of the user."},"lastname":{"type":"string","description":"The last name of the user."},"email":{"type":"string","description":"The email address of the user."},"administrator":{"type":"boolean","description":"Indicates if the user has admin rights."},"forceSecAuth":{"type":"boolean","description":"Indicates if secure authentication should be forced on the user."},"secAuthActive":{"type":"boolean","description":"Indicates if secure authentication is active for the user."},"s3CanonicalUserId":{"type":"string","description":"Canonical (Object storage) ID of the user for a given identity."},"active":{"type":"boolean","description":"Indicates if the user is active."}}},"UsersEntities":{"type":"object","description":"Collection of entity references associated with a user.","properties":{"owns":{"$ref":"#/components/schemas/ResourcesUsersRef"},"groups":{"$ref":"#/components/schemas/GroupUsersRef"},"s3Keys":{"$ref":"#/components/schemas/S3KeysRef"}}},"ResourcesUsersRef":{"type":"object","description":"Reference to resources owned by a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"GroupUsersRef":{"type":"object","description":"Reference to groups a user belongs to (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"S3KeysRef":{"type":"object","description":"Reference to S3 keys associated with a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/users/{userId}":{"put":{"tags":["User management"],"summary":"Modify users","description":"Modify the properties of the specified user.","operationId":"umUsersPut","parameters":[{"name":"userId","in":"path","description":"The unique ID of the user.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The modified user","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserPut"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/User"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Delete users

> Delete the specified user.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/users/{userId}":{"delete":{"tags":["User management"],"summary":"Delete users","description":"Delete the specified user.","operationId":"umUsersDelete","parameters":[{"name":"userId","in":"path","description":"The unique ID of the user.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Retrieve group resources by user ID

> Retrieve group resources of the user by user ID. The user ID is in the response body when the user is created, and in the list of the users, returned by GET.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"ResourceGroups":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Resource"}}},"description":"Resources assigned to this group."},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"Resource":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/ResourceProperties"},"entities":{"$ref":"#/components/schemas/ResourceEntities"}},"description":"datacenter resource representation"},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"ResourceProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"secAuthProtection":{"type":"boolean","description":"Boolean value representing if the resource is multi factor protected or not e.g. using two factor protection. Currently only data centers and snapshots are allowed to be multi factor protected, The value of attribute if null is intentional and it means that the resource doesn't support multi factor protection at all."}}},"ResourceEntities":{"type":"object","properties":{"groups":{"$ref":"#/components/schemas/ResourceGroups"}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/users/{userId}/groups":{"get":{"tags":["User management"],"summary":"Retrieve group resources by user ID","description":"Retrieve group resources of the user by user ID. The user ID is in the response body when the user is created, and in the list of the users, returned by GET.","operationId":"umUsersGroupsGet","parameters":[{"name":"userId","in":"path","description":"The unique ID of the user.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceGroups"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Retrieve user resources by user ID

> Retrieve own resources of the user by user ID. The user ID is in the response body when the user is created, and in the list of the users, returned by GET.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"ResourcesUsers":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Resource"}}},"description":"Resources owned by a user."},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"Resource":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/ResourceProperties"},"entities":{"$ref":"#/components/schemas/ResourceEntities"}},"description":"datacenter resource representation"},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"ResourceProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"secAuthProtection":{"type":"boolean","description":"Boolean value representing if the resource is multi factor protected or not e.g. using two factor protection. Currently only data centers and snapshots are allowed to be multi factor protected, The value of attribute if null is intentional and it means that the resource doesn't support multi factor protection at all."}}},"ResourceEntities":{"type":"object","properties":{"groups":{"$ref":"#/components/schemas/ResourceGroups"}}},"ResourceGroups":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Resource"}}},"description":"Resources assigned to this group."},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/users/{userId}/owns":{"get":{"tags":["User management"],"summary":"Retrieve user resources by user ID","description":"Retrieve own resources of the user by user ID. The user ID is in the response body when the user is created, and in the list of the users, returned by GET.","operationId":"umUsersOwnsGet","parameters":[{"name":"userId","in":"path","description":"The unique ID of the user.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourcesUsers"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## List all groups

> List all the available user groups.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Groups":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Group"}}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"Group":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"properties":{"$ref":"#/components/schemas/GroupProperties"},"entities":{"$ref":"#/components/schemas/GroupEntities"}}},"GroupProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"createDatacenter":{"type":"boolean","description":"Create data center privilege."},"createSnapshot":{"type":"boolean","description":"Create snapshot privilege."},"reserveIp":{"type":"boolean","description":"Reserve IP block privilege."},"accessActivityLog":{"type":"boolean","description":"Activity log access privilege."},"createPcc":{"type":"boolean","description":"User privilege to create a cross connect."},"s3Privilege":{"type":"boolean","description":"S3 privilege."},"createBackupUnit":{"type":"boolean","description":"Create backup unit privilege."},"createInternetAccess":{"type":"boolean","description":"Create internet access privilege."},"createK8sCluster":{"type":"boolean","description":"Create Kubernetes cluster privilege."},"createFlowLog":{"type":"boolean","description":"Create Flow Logs privilege."},"accessAndManageMonitoring":{"type":"boolean","description":"Privilege for a group to access and manage monitoring related functionality (access metrics, CRUD on alarms, alarm-actions etc) using Monotoring-as-a-Service (MaaS)."},"accessAndManageCertificates":{"type":"boolean","description":"Privilege for a group to access and manage certificates."},"manageDBaaS":{"type":"boolean","description":"Privilege for a group to manage DBaaS related functionality."},"accessAndManageDns":{"type":"boolean","description":"Privilege for a group to access and manage dns records."},"manageRegistry":{"type":"boolean","description":"Privilege for group accessing container registry related functionality."},"manageDataplatform":{"type":"boolean","description":"Privilege for a group to access and manage the Data Platform."},"accessAndManageLogging":{"type":"boolean","description":"Privilege for a group to access and manage Logs."},"accessAndManageCdn":{"type":"boolean","description":"Privilege for a group to access and manage CDN."},"accessAndManageVpn":{"type":"boolean","description":"Privilege for a group to access and manage VPN."},"accessAndManageApiGateway":{"type":"boolean","description":"Privilege for a group to access and manage API Gateway."},"accessAndManageKaas":{"type":"boolean","description":"Privilege for a group to access and manage KaaS."},"accessAndManageNetworkFileStorage":{"type":"boolean","description":"Privilege for a group to access and manage Network File Storage."},"accessAndManageAiModelHub":{"type":"boolean","description":"Privilege for a group to access and manage AI Model Hub."},"accessAndManageIamResources":{"type":"boolean","description":"Privilege for a group to access and manage Password Policies."},"createNetworkSecurityGroups":{"type":"boolean","description":"Privilege for a group to access and manage Network Security Groups."}}},"GroupEntities":{"type":"object","description":"Collection of entity references associated with a group.","properties":{"users":{"$ref":"#/components/schemas/GroupMembersRef"},"resources":{"$ref":"#/components/schemas/ResourceGroupsRef"}}},"GroupMembersRef":{"type":"object","description":"Reference to group members (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"ResourceGroupsRef":{"type":"object","description":"Reference to resources assigned to a group (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups":{"get":{"tags":["User management"],"summary":"List all groups","description":"List all the available user groups.","operationId":"umGroupsGet","parameters":[{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Groups"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Create groups

> Create a group.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Group":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"properties":{"$ref":"#/components/schemas/GroupProperties"},"entities":{"$ref":"#/components/schemas/GroupEntities"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"GroupProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"createDatacenter":{"type":"boolean","description":"Create data center privilege."},"createSnapshot":{"type":"boolean","description":"Create snapshot privilege."},"reserveIp":{"type":"boolean","description":"Reserve IP block privilege."},"accessActivityLog":{"type":"boolean","description":"Activity log access privilege."},"createPcc":{"type":"boolean","description":"User privilege to create a cross connect."},"s3Privilege":{"type":"boolean","description":"S3 privilege."},"createBackupUnit":{"type":"boolean","description":"Create backup unit privilege."},"createInternetAccess":{"type":"boolean","description":"Create internet access privilege."},"createK8sCluster":{"type":"boolean","description":"Create Kubernetes cluster privilege."},"createFlowLog":{"type":"boolean","description":"Create Flow Logs privilege."},"accessAndManageMonitoring":{"type":"boolean","description":"Privilege for a group to access and manage monitoring related functionality (access metrics, CRUD on alarms, alarm-actions etc) using Monotoring-as-a-Service (MaaS)."},"accessAndManageCertificates":{"type":"boolean","description":"Privilege for a group to access and manage certificates."},"manageDBaaS":{"type":"boolean","description":"Privilege for a group to manage DBaaS related functionality."},"accessAndManageDns":{"type":"boolean","description":"Privilege for a group to access and manage dns records."},"manageRegistry":{"type":"boolean","description":"Privilege for group accessing container registry related functionality."},"manageDataplatform":{"type":"boolean","description":"Privilege for a group to access and manage the Data Platform."},"accessAndManageLogging":{"type":"boolean","description":"Privilege for a group to access and manage Logs."},"accessAndManageCdn":{"type":"boolean","description":"Privilege for a group to access and manage CDN."},"accessAndManageVpn":{"type":"boolean","description":"Privilege for a group to access and manage VPN."},"accessAndManageApiGateway":{"type":"boolean","description":"Privilege for a group to access and manage API Gateway."},"accessAndManageKaas":{"type":"boolean","description":"Privilege for a group to access and manage KaaS."},"accessAndManageNetworkFileStorage":{"type":"boolean","description":"Privilege for a group to access and manage Network File Storage."},"accessAndManageAiModelHub":{"type":"boolean","description":"Privilege for a group to access and manage AI Model Hub."},"accessAndManageIamResources":{"type":"boolean","description":"Privilege for a group to access and manage Password Policies."},"createNetworkSecurityGroups":{"type":"boolean","description":"Privilege for a group to access and manage Network Security Groups."}}},"GroupEntities":{"type":"object","description":"Collection of entity references associated with a group.","properties":{"users":{"$ref":"#/components/schemas/GroupMembersRef"},"resources":{"$ref":"#/components/schemas/ResourceGroupsRef"}}},"GroupMembersRef":{"type":"object","description":"Reference to group members (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"ResourceGroupsRef":{"type":"object","description":"Reference to resources assigned to a group (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups":{"post":{"tags":["User management"],"summary":"Create groups","description":"Create a group.","operationId":"umGroupsPost","parameters":[{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The group to create.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Group"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Group"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Retrieve groups

> Retrieve a group by the group ID. This value is in the response body when the group is created, and in the list of the groups, returned by GET.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Group":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"properties":{"$ref":"#/components/schemas/GroupProperties"},"entities":{"$ref":"#/components/schemas/GroupEntities"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"GroupProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"createDatacenter":{"type":"boolean","description":"Create data center privilege."},"createSnapshot":{"type":"boolean","description":"Create snapshot privilege."},"reserveIp":{"type":"boolean","description":"Reserve IP block privilege."},"accessActivityLog":{"type":"boolean","description":"Activity log access privilege."},"createPcc":{"type":"boolean","description":"User privilege to create a cross connect."},"s3Privilege":{"type":"boolean","description":"S3 privilege."},"createBackupUnit":{"type":"boolean","description":"Create backup unit privilege."},"createInternetAccess":{"type":"boolean","description":"Create internet access privilege."},"createK8sCluster":{"type":"boolean","description":"Create Kubernetes cluster privilege."},"createFlowLog":{"type":"boolean","description":"Create Flow Logs privilege."},"accessAndManageMonitoring":{"type":"boolean","description":"Privilege for a group to access and manage monitoring related functionality (access metrics, CRUD on alarms, alarm-actions etc) using Monotoring-as-a-Service (MaaS)."},"accessAndManageCertificates":{"type":"boolean","description":"Privilege for a group to access and manage certificates."},"manageDBaaS":{"type":"boolean","description":"Privilege for a group to manage DBaaS related functionality."},"accessAndManageDns":{"type":"boolean","description":"Privilege for a group to access and manage dns records."},"manageRegistry":{"type":"boolean","description":"Privilege for group accessing container registry related functionality."},"manageDataplatform":{"type":"boolean","description":"Privilege for a group to access and manage the Data Platform."},"accessAndManageLogging":{"type":"boolean","description":"Privilege for a group to access and manage Logs."},"accessAndManageCdn":{"type":"boolean","description":"Privilege for a group to access and manage CDN."},"accessAndManageVpn":{"type":"boolean","description":"Privilege for a group to access and manage VPN."},"accessAndManageApiGateway":{"type":"boolean","description":"Privilege for a group to access and manage API Gateway."},"accessAndManageKaas":{"type":"boolean","description":"Privilege for a group to access and manage KaaS."},"accessAndManageNetworkFileStorage":{"type":"boolean","description":"Privilege for a group to access and manage Network File Storage."},"accessAndManageAiModelHub":{"type":"boolean","description":"Privilege for a group to access and manage AI Model Hub."},"accessAndManageIamResources":{"type":"boolean","description":"Privilege for a group to access and manage Password Policies."},"createNetworkSecurityGroups":{"type":"boolean","description":"Privilege for a group to access and manage Network Security Groups."}}},"GroupEntities":{"type":"object","description":"Collection of entity references associated with a group.","properties":{"users":{"$ref":"#/components/schemas/GroupMembersRef"},"resources":{"$ref":"#/components/schemas/ResourceGroupsRef"}}},"GroupMembersRef":{"type":"object","description":"Reference to group members (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"ResourceGroupsRef":{"type":"object","description":"Reference to resources assigned to a group (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}":{"get":{"tags":["User management"],"summary":"Retrieve groups","description":"Retrieve a group by the group ID. This value is in the response body when the group is created, and in the list of the groups, returned by GET.","operationId":"umGroupsFindById","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Group"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Modify groups

> Modify the properties of the specified group.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Group":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"properties":{"$ref":"#/components/schemas/GroupProperties"},"entities":{"$ref":"#/components/schemas/GroupEntities"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"GroupProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"createDatacenter":{"type":"boolean","description":"Create data center privilege."},"createSnapshot":{"type":"boolean","description":"Create snapshot privilege."},"reserveIp":{"type":"boolean","description":"Reserve IP block privilege."},"accessActivityLog":{"type":"boolean","description":"Activity log access privilege."},"createPcc":{"type":"boolean","description":"User privilege to create a cross connect."},"s3Privilege":{"type":"boolean","description":"S3 privilege."},"createBackupUnit":{"type":"boolean","description":"Create backup unit privilege."},"createInternetAccess":{"type":"boolean","description":"Create internet access privilege."},"createK8sCluster":{"type":"boolean","description":"Create Kubernetes cluster privilege."},"createFlowLog":{"type":"boolean","description":"Create Flow Logs privilege."},"accessAndManageMonitoring":{"type":"boolean","description":"Privilege for a group to access and manage monitoring related functionality (access metrics, CRUD on alarms, alarm-actions etc) using Monotoring-as-a-Service (MaaS)."},"accessAndManageCertificates":{"type":"boolean","description":"Privilege for a group to access and manage certificates."},"manageDBaaS":{"type":"boolean","description":"Privilege for a group to manage DBaaS related functionality."},"accessAndManageDns":{"type":"boolean","description":"Privilege for a group to access and manage dns records."},"manageRegistry":{"type":"boolean","description":"Privilege for group accessing container registry related functionality."},"manageDataplatform":{"type":"boolean","description":"Privilege for a group to access and manage the Data Platform."},"accessAndManageLogging":{"type":"boolean","description":"Privilege for a group to access and manage Logs."},"accessAndManageCdn":{"type":"boolean","description":"Privilege for a group to access and manage CDN."},"accessAndManageVpn":{"type":"boolean","description":"Privilege for a group to access and manage VPN."},"accessAndManageApiGateway":{"type":"boolean","description":"Privilege for a group to access and manage API Gateway."},"accessAndManageKaas":{"type":"boolean","description":"Privilege for a group to access and manage KaaS."},"accessAndManageNetworkFileStorage":{"type":"boolean","description":"Privilege for a group to access and manage Network File Storage."},"accessAndManageAiModelHub":{"type":"boolean","description":"Privilege for a group to access and manage AI Model Hub."},"accessAndManageIamResources":{"type":"boolean","description":"Privilege for a group to access and manage Password Policies."},"createNetworkSecurityGroups":{"type":"boolean","description":"Privilege for a group to access and manage Network Security Groups."}}},"GroupEntities":{"type":"object","description":"Collection of entity references associated with a group.","properties":{"users":{"$ref":"#/components/schemas/GroupMembersRef"},"resources":{"$ref":"#/components/schemas/ResourceGroupsRef"}}},"GroupMembersRef":{"type":"object","description":"Reference to group members (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"ResourceGroupsRef":{"type":"object","description":"Reference to resources assigned to a group (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}":{"put":{"tags":["User management"],"summary":"Modify groups","description":"Modify the properties of the specified group.","operationId":"umGroupsPut","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The modified group.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Group"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Group"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Delete groups

> Remove the specified group.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}":{"delete":{"tags":["User management"],"summary":"Delete groups","description":"Remove the specified group.","operationId":"umGroupsDelete","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Retrieve group resources

> List the resources assigned to the group, by group ID.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"ResourceGroups":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Resource"}}},"description":"Resources assigned to this group."},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"Resource":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/ResourceProperties"},"entities":{"$ref":"#/components/schemas/ResourceEntities"}},"description":"datacenter resource representation"},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"ResourceProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"secAuthProtection":{"type":"boolean","description":"Boolean value representing if the resource is multi factor protected or not e.g. using two factor protection. Currently only data centers and snapshots are allowed to be multi factor protected, The value of attribute if null is intentional and it means that the resource doesn't support multi factor protection at all."}}},"ResourceEntities":{"type":"object","properties":{"groups":{"$ref":"#/components/schemas/ResourceGroups"}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}/resources":{"get":{"tags":["User management"],"summary":"Retrieve group resources","description":"List the resources assigned to the group, by group ID.","operationId":"umGroupsResourcesGet","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceGroups"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## List group members

> List all members of the specified user group.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"GroupMembers":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/User"}}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"User":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/UserMetadata"},"properties":{"$ref":"#/components/schemas/UserProperties"},"entities":{"$ref":"#/components/schemas/UsersEntities"}}},"UserMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The time the user was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who has created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"lastLogin":{"type":"string","description":"The time of the last login by the user.","format":"date-time","readOnly":true}}},"UserProperties":{"type":"object","properties":{"firstname":{"type":"string","description":"The first name of the user."},"lastname":{"type":"string","description":"The last name of the user."},"email":{"type":"string","description":"The email address of the user."},"administrator":{"type":"boolean","description":"Indicates if the user has admin rights."},"forceSecAuth":{"type":"boolean","description":"Indicates if secure authentication should be forced on the user."},"secAuthActive":{"type":"boolean","description":"Indicates if secure authentication is active for the user."},"s3CanonicalUserId":{"type":"string","description":"Canonical (Object storage) ID of the user for a given identity."},"active":{"type":"boolean","description":"Indicates if the user is active."}}},"UsersEntities":{"type":"object","description":"Collection of entity references associated with a user.","properties":{"owns":{"$ref":"#/components/schemas/ResourcesUsersRef"},"groups":{"$ref":"#/components/schemas/GroupUsersRef"},"s3Keys":{"$ref":"#/components/schemas/S3KeysRef"}}},"ResourcesUsersRef":{"type":"object","description":"Reference to resources owned by a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"GroupUsersRef":{"type":"object","description":"Reference to groups a user belongs to (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"S3KeysRef":{"type":"object","description":"Reference to S3 keys associated with a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}/users":{"get":{"tags":["User management"],"summary":"List group members","description":"List all members of the specified user group.","operationId":"umGroupsUsersGet","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupMembers"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Add a Group Member

> Adds an existing user to the specified group.&#x20;

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"UserGroupPost":{"required":["id"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier."}}},"User":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/UserMetadata"},"properties":{"$ref":"#/components/schemas/UserProperties"},"entities":{"$ref":"#/components/schemas/UsersEntities"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"UserMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The time the user was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who has created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"lastLogin":{"type":"string","description":"The time of the last login by the user.","format":"date-time","readOnly":true}}},"UserProperties":{"type":"object","properties":{"firstname":{"type":"string","description":"The first name of the user."},"lastname":{"type":"string","description":"The last name of the user."},"email":{"type":"string","description":"The email address of the user."},"administrator":{"type":"boolean","description":"Indicates if the user has admin rights."},"forceSecAuth":{"type":"boolean","description":"Indicates if secure authentication should be forced on the user."},"secAuthActive":{"type":"boolean","description":"Indicates if secure authentication is active for the user."},"s3CanonicalUserId":{"type":"string","description":"Canonical (Object storage) ID of the user for a given identity."},"active":{"type":"boolean","description":"Indicates if the user is active."}}},"UsersEntities":{"type":"object","description":"Collection of entity references associated with a user.","properties":{"owns":{"$ref":"#/components/schemas/ResourcesUsersRef"},"groups":{"$ref":"#/components/schemas/GroupUsersRef"},"s3Keys":{"$ref":"#/components/schemas/S3KeysRef"}}},"ResourcesUsersRef":{"type":"object","description":"Reference to resources owned by a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"GroupUsersRef":{"type":"object","description":"Reference to groups a user belongs to (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"S3KeysRef":{"type":"object","description":"Reference to S3 keys associated with a user (without nested items).","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}/users":{"post":{"tags":["User management"],"summary":"Add a Group Member","description":"Adds an existing user to the specified group. ","operationId":"umGroupsUsersPost","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The user to add.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserGroupPost"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/User"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Remove users from groups

> Remove the specified user from the group.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}/users/{userId}":{"delete":{"tags":["User management"],"summary":"Remove users from groups","description":"Remove the specified user from the group.","operationId":"umGroupsUsersDelete","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"userId","in":"path","description":"The unique ID of the user.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Retrieve group shares

> Retrieve the properties of the specified group share.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"GroupShare":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"resource as generic type","readOnly":true,"allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"properties":{"$ref":"#/components/schemas/GroupShareProperties"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"GroupShareProperties":{"type":"object","properties":{"editPrivilege":{"type":"boolean","description":"edit privilege on a resource"},"sharePrivilege":{"type":"boolean","description":"share privilege on a resource"}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}/shares/{resourceId}":{"get":{"tags":["User management"],"summary":"Retrieve group shares","description":"Retrieve the properties of the specified group share.","operationId":"umGroupsSharesFindByResourceId","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"resourceId","in":"path","description":"The unique ID of the resource.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupShare"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Add group shares

> Add the specified share to the group.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"GroupShare":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"resource as generic type","readOnly":true,"allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"properties":{"$ref":"#/components/schemas/GroupShareProperties"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"GroupShareProperties":{"type":"object","properties":{"editPrivilege":{"type":"boolean","description":"edit privilege on a resource"},"sharePrivilege":{"type":"boolean","description":"share privilege on a resource"}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}/shares/{resourceId}":{"post":{"tags":["User management"],"summary":"Add group shares","description":"Add the specified share to the group.","operationId":"umGroupsSharesPost","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"resourceId","in":"path","description":"The unique ID of the resource.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The resource to add.","content":{"*/*":{"schema":{"$ref":"#/components/schemas/GroupShare"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupShare"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Modify group share privileges

> Modify share permissions for the specified group. With an empty body, no updates are performed, and the current share permissions for the group are returned with response code 200.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"GroupShare":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"resource as generic type","readOnly":true,"allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"properties":{"$ref":"#/components/schemas/GroupShareProperties"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"GroupShareProperties":{"type":"object","properties":{"editPrivilege":{"type":"boolean","description":"edit privilege on a resource"},"sharePrivilege":{"type":"boolean","description":"share privilege on a resource"}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}/shares/{resourceId}":{"put":{"tags":["User management"],"summary":"Modify group share privileges","description":"Modify share permissions for the specified group. With an empty body, no updates are performed, and the current share permissions for the group are returned with response code 200.","operationId":"umGroupsSharesPut","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"resourceId","in":"path","description":"The unique ID of the resource.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The modified resource","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupShare"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupShare"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Remove group shares

> Remove the specified share from the group.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}/shares/{resourceId}":{"delete":{"tags":["User management"],"summary":"Remove group shares","description":"Remove the specified share from the group.","operationId":"umGroupsSharesDelete","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"resourceId","in":"path","description":"The unique ID of the resource.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## List group shares&#x20;

> List all shares and share privileges for the specified group.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"GroupShares":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"Share representing groups and resource relationship","readOnly":true,"allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/GroupShare"}}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"GroupShare":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"resource as generic type","readOnly":true,"allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"properties":{"$ref":"#/components/schemas/GroupShareProperties"}}},"GroupShareProperties":{"type":"object","properties":{"editPrivilege":{"type":"boolean","description":"edit privilege on a resource"},"sharePrivilege":{"type":"boolean","description":"share privilege on a resource"}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/groups/{groupId}/shares":{"get":{"tags":["User management"],"summary":"List group shares ","description":"List all shares and share privileges for the specified group.","operationId":"umGroupsSharesGet","parameters":[{"name":"groupId","in":"path","description":"The unique ID of the group.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupShares"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## List all resources

> List all the available resources.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Resources":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Resource"}}},"description":"Collection to represent the resource."},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"Resource":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/ResourceProperties"},"entities":{"$ref":"#/components/schemas/ResourceEntities"}},"description":"datacenter resource representation"},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"ResourceProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"secAuthProtection":{"type":"boolean","description":"Boolean value representing if the resource is multi factor protected or not e.g. using two factor protection. Currently only data centers and snapshots are allowed to be multi factor protected, The value of attribute if null is intentional and it means that the resource doesn't support multi factor protection at all."}}},"ResourceEntities":{"type":"object","properties":{"groups":{"$ref":"#/components/schemas/ResourceGroups"}}},"ResourceGroups":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Resource"}}},"description":"Resources assigned to this group."},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/resources":{"get":{"tags":["User management"],"summary":"List all resources","description":"List all the available resources.","operationId":"umResourcesGet","parameters":[{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Resources"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## List resources by type

> List all resources of the specified type.\
> \
> Resource types are: {datacenter, snapshot, image, ipblock, pcc, backupunit, k8s}\
> \
> Resource types are in the list of resources, returned by GET.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Resources":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Resource"}}},"description":"Collection to represent the resource."},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"Resource":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/ResourceProperties"},"entities":{"$ref":"#/components/schemas/ResourceEntities"}},"description":"datacenter resource representation"},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"ResourceProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"secAuthProtection":{"type":"boolean","description":"Boolean value representing if the resource is multi factor protected or not e.g. using two factor protection. Currently only data centers and snapshots are allowed to be multi factor protected, The value of attribute if null is intentional and it means that the resource doesn't support multi factor protection at all."}}},"ResourceEntities":{"type":"object","properties":{"groups":{"$ref":"#/components/schemas/ResourceGroups"}}},"ResourceGroups":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Resource"}}},"description":"Resources assigned to this group."},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/resources/{resourceType}":{"get":{"tags":["User management"],"summary":"List resources by type","description":"List all resources of the specified type.\n\nResource types are: {datacenter, snapshot, image, ipblock, pcc, backupunit, k8s}\n\nResource types are in the list of resources, returned by GET.","operationId":"umResourcesFindByType","parameters":[{"name":"resourceType","in":"path","description":"The resource type","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Resources"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Retrieve resources by type

> Retrieve a resource by the resource type and resource ID.\
> \
> Resource types are: {datacenter, snapshot, image, ipblock, pcc, backupunit, k8s}\
> \
> Resource types are in the list of resources, returned by GET.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"User management"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Resource":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/ResourceProperties"},"entities":{"$ref":"#/components/schemas/ResourceEntities"}},"description":"datacenter resource representation"},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"ResourceProperties":{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource."},"secAuthProtection":{"type":"boolean","description":"Boolean value representing if the resource is multi factor protected or not e.g. using two factor protection. Currently only data centers and snapshots are allowed to be multi factor protected, The value of attribute if null is intentional and it means that the resource doesn't support multi factor protection at all."}}},"ResourceEntities":{"type":"object","properties":{"groups":{"$ref":"#/components/schemas/ResourceGroups"}}},"ResourceGroups":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of the resource.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/Resource"}}},"description":"Resources assigned to this group."},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/um/resources/{resourceType}/{resourceId}":{"get":{"tags":["User management"],"summary":"Retrieve resources by type","description":"Retrieve a resource by the resource type and resource ID.\n\nResource types are: {datacenter, snapshot, image, ipblock, pcc, backupunit, k8s}\n\nResource types are in the list of resources, returned by GET.","operationId":"umResourcesFindByTypeAndId","parameters":[{"name":"resourceType","in":"path","description":"The resource type","required":true,"schema":{"type":"string"}},{"name":"resourceId","in":"path","description":"The resource ID","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. <b>NOTE:</b> The resource /um and its children support a maximum depth level of 1. It will provide you the entry points to specific user related resources. As these resources are partially servered by other service components, they must be retrieved explicitly. Any depth parameter beyond '?depth=1' will be deprecated by April 30, 2026.","schema":{"maximum":1,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Resource"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```