Stay organized with collections
Save and categorize content based on your preferences.
API Keys uses Identity and Access Management to manage access to the keys.
This page explains the IAM roles and permissions related to
API Keys and how to use them to control access.
IAM permissions
The following table shows the required permissions for each API Keys API
method. This information is also documented in the
API Reference.
Method
Required Permission(s)
projects.locations.keys.create
apikeys.keys.create
projects.locations.keys.delete
apikeys.keys.delete
projects.locations.keys.get
apikeys.keys.get
projects.locations.keys.getKeyString
apikeys.keys.getKeyString
projects.locations.keys.list
apikeys.keys.list
projects.locations.keys.patch
apikeys.keys.update
projects.locations.keys.undelete
apikeys.keys.undelete
operations.get
serviceusage.operations.get
keys.lookupKey
apikeys.keys.undelete
IAM roles
With Identity and Access Management, permissions are granted by binding users to roles. For more
information about roles and permissions see
Understanding Roles.
The following table lists the predefined roles that apply to API Keys.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eAPI Keys use Identity and Access Management (IAM) to manage and control access to the keys.\u003c/p\u003e\n"],["\u003cp\u003eIAM permissions are required for each API Keys API method, as detailed in the provided table and the API Reference documentation.\u003c/p\u003e\n"],["\u003cp\u003ePredefined IAM roles, such as \u003ccode\u003eroles/viewer\u003c/code\u003e, \u003ccode\u003eroles/editor\u003c/code\u003e, \u003ccode\u003eroles/owner\u003c/code\u003e, \u003ccode\u003eroles/serviceusage.apiKeysViewer\u003c/code\u003e, and \u003ccode\u003eroles/serviceusage.apiKeysAdmin\u003c/code\u003e, grant specific sets of permissions related to API Keys.\u003c/p\u003e\n"],["\u003cp\u003eUnderstanding Roles within IAM is essential for managing API Key permissions effectively, and further information can be found in the Understanding Roles documentation.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eserviceusage.operations.get\u003c/code\u003e permission is needed to use the method operations.get.\u003c/p\u003e\n"]]],[],null,[]]