Overview of API Access

This page describes the API access control options available to you in Google Cloud Endpoints.

Overview

Cloud Endpoints uses Google Cloud Identity and Access Management (IAM) for API access control.

In Cloud Endpoints, API access control can be configured at the project level and at the individual API level. For example, you can:

  • Grant access on a per-API basis, rather than for the whole Cloud project.
  • Grant access to your API users so they can enable the API in their own Cloud project.
  • Grant access to all Cloud Endpoints APIs within a project to a group of developers.

For a detailed description of IAM and its features, see the Google Cloud Identity and Access Management Documentation.

Roles

The following roles can be granted for an API.

IAM Role Name Role Title Description
roles/servicemanagement.serviceConsumer Service Consumer Permissions for a non-project member to view and enable the API in API Manager in the Cloud Platform Console in their own project.
roles/servicemanagement.serviceController Service Controller Permissions to make check and report calls to Service Control during runtime. This is usually given to Service Accounts.
roles/viewer Viewer Permissions for a project member to view the service configuration.
roles/editor Editor All viewer permissions and permissions for a project member to deploy the service configuration.
roles/owner Owner All editor permissions and permissions for a project member to manage access.

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Cloud Endpoints with OpenAPI