IAM API and CLI¶
Mirantis IAM exposes the versioned and backward compatible Google remote procedure call (gRPC) protocol API to interact with IAM CLI.
IAM API is designed as a user-facing functionality. For this reason, it operates in the context of user authentication and authorization.
In IAM API, an operator can use the following entities:
Grants - to grant or revoke user access
Scopes - to describe user roles
Users - to provide user account information
Mirantis Container Cloud UI interacts with IAM API on behalf of the user. However, the user can directly work with IAM API using IAM CLI. IAM CLI uses the OpenID Connect (OIDC) endpoint to obtain the OIDC token for authentication in IAM API and enable you to perform different API operations.
The following diagram illustrates the interaction between IAM API and CLI: