Stay organized with collections
Save and categorize content based on your preferences.
API keys are associated with the Google Cloud project in which
they have been created. If your API requires an API key, you either have to give
your API users a key from the project that you created the Cloud Endpoints
service in, or you can let users enable your API in their own Google Cloud
project and create an API key. This page shows you how to grant the permission
that users need to enable your API.
Granting access
Endpoints uses the
Identity and Access Management (IAM)Service Consumer role to allow someone who isn't a member of your
Google Cloud project to enable your API in their own Google Cloud
project. This section shows you how to grant access using the
Google Cloud console or the Google Cloud CLI.
Google Cloud console
In the Google Cloud console, go to the Endpoints > Services
page for your project.
If you have more than one API, click the name of the API that you want to
grant access to.
If the Permissions side panel isn't open, click Show Permissions Panel.
In the Add Principal field, enter the email address of the person or
Google Group that
you want to grant access to.
In the Select a role drop-down menu, select Service Management >
Service Consumer.
Click Save.
Repeat adding members and selecting the role, as needed.
Contact the users or groups that you added and let them know they can
enable the API in their Google Cloud projects. See
Enable an API in your Google Cloud
project for information on how to enable a service in APIs & services.
gcloud
Open Cloud Shell, or if you have the Google Cloud CLI installed, open
a terminal window.
Contact the users or groups that you added and let them know they can enable
the API in their Google Cloud projects. See
Enable an API in your Google Cloud
project for information on how to enable a service in APIs & services.
Revoking access
You revoke access to your API by removing the Service Consumer role from a
user or group that previously had the role. After you revoke someone's access,
they won't be able to enable your API.
This section shows you how to revoke access using the Google Cloud console or
the Google Cloud CLI.
Google Cloud console
In the Google Cloud console, go to the Endpoints > Services
page for your Google Cloud project.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-18 UTC."],[[["API access is granted by assigning the **Service Consumer** role from Identity and Access Management (IAM) to users or Google Groups, allowing them to enable the API in their own Google Cloud projects."],["The Google Cloud console or the gcloud command-line tool can be used to add a user or group to the **Service Consumer** role, which then allows them to access an API."],["Access to an API can be revoked by removing the **Service Consumer** role from a user or group using either the Google Cloud console or gcloud commands, but it does not stop users who have already enabled the API from calling it."],["Once access is granted, users should be informed and directed on how to enable the API in their Google Cloud projects."],["API Keys are linked to a specific Google cloud project, where the API was created, and can be shared for API access, or users can create their own in their respective projects."]]],[]]
