This page provides general troubleshooting information for API Gateway.
Cannot run "gcloud api-gateway" commands
Command "gcloud api-gateway api-configs create" says service account does not exist
If you run the
gcloud api-gateway api-configs create ... command and receive
an error in the form:
ERROR: (gcloud.api-gateway.api-configs.create) FAILED_PRECONDITION: Service Account "projects/-/serviceAccounts/service_account_email" does not exist
Rerun the command but this time include the
--backend-auth-service-account option to
explicitly specify the email address of the
service account to use:
gcloud api-gateway api-configs create CONFIG_ID \ --api=API_ID --openapi-spec=API_DEFINITION \ --project=PROJECT_ID --backend-auth-service-account=SERVICE_ACCOUNT_EMAIL
Ensure that you have already assigned the necessary permissions to the service account as described in Configuring your development environment.
API request returns an HTTP 403 error
If a request to a deployed API returns an HTTP 403 error to the API client, it means the requested URL is valid but access is forbidden for some reason.
A deployed API has the permsssions associated with roles granted to the service account that you used when you created the API config. Typically, the reason for the HTTP 403 error is that the service account does not have the necessary permissions to access the backend service.
If you defined the API and the backend service in the same Google Cloud Platform (GCP),
ensure that the service account has the
Editor role assigned to it,
or the role necessary to access the backend service. For example, if the backend service
is implemented using Cloud Functions, ensure that the service account
Cloud Function Invoker role assigned to it.
Cannot view log information
If your API is responding correctly, but the logs contain no data, it typically means that you have not enabled all of the Google services required by API Gateway.
API Gateway requires that you enable the following Google services:
||API Gateway API|
||Service Management API|
||Service Control API|
To confirm that the required services are enabled:
gcloud services list
If you do not see the required services listed, enable them:
gcloud services enable apigateway.googleapis.com
gcloud services enable servicemanagement.googleapis.com
gcloud services enable servicecontrol.googleapis.com
For more information about the
gcloud services, see