Client libraries

The APIs for Identity and Access Management (IAM) are built on HTTP and JSON, so any standard HTTP client can send requests to it and parse the responses.

However, the Google API Client Libraries provide better language integration, improved security, and support for authentication. The client libraries are available in a number of programming languages; they handle all communication with IAM.

Many Google Cloud services also offer Google Cloud Client Libraries, which you can use to manage the allow policies for each service's resources. The Google Cloud Client Libraries offer the same benefits as the Google API Client Libraries, along with a more idiomatic API for each programming language. To learn more, see Client libraries explained.

IAM v1 API

Use the IAM v1 API to manage custom roles, service accounts, and service account keys.

To grant and revoke access to a specific resource, use the getIamPolicy and setIamPolicy methods in that resource's API to update its allow policy. For a list of resource types that accept allow policies, see Resource types that accept allow policies.

To manage deny policies, use the IAM v2 API.

Install the client library

C++

For more information, see the GitHub repository for the C++ client library.

If you are using Bazel, update your WORKSPACE file to import the client library. You can then add the library to the cc_binary rule in your BUILD file, as shown in this example:

cc_binary(
    name = "quickstart",
    srcs = [
        "quickstart.cc",
    ],
    deps = [
        "@google_cloud_cpp//:iam",
    ],
)

If you are using CMake, install the dependency with a tool such as vcpkg:

cd $HOME/vcpkg
./vcpkg install google-cloud-cpp

You can then add the dependency to your CMakeLists.txt file:

find_package(google_cloud_cpp_iam REQUIRED)

For additional details, see Installing google-cloud-cpp.

C#

For more information, see Setting up a C# development environment.

install-package Google.Apis.Iam.v1

Go

For more information, see Setting up a Go development environment.

go get google.golang.org/api/iam/v1

Java

For more information, see Setting up a Java development environment.

If you are using Maven, add this to your pom.xml file.

<dependency>
  <groupId>com.google.apis</groupId>
  <artifactId>google-api-services-iam</artifactId>
  <version>v1-rev20230518-2.0.0</version>
</dependency>

Node.js

For more information, see Setting up a Node.js development environment.

npm install googleapis

PHP

For more information, see Using PHP on Google Cloud.

Add the library as a dependency to your composer.json file:

"require": {
  "google/apiclient": "^2.0"
}

Alternatively, you can download the package locally.

Python

For more information, see Setting up a Python development environment.

pip install --upgrade google-api-python-client

Ruby

For more information, see Setting up a Ruby development environment.

gem install google-api-client

Additional resources

C++

For more information about how to use this client library, see the following resources:

API reference documentation: C++ IAM client library reference
Source code: C++ IAM client library source code
Issue tracker: Google Cloud Client Library for C++ issue tracker
Stack Overflow: Stack Overflow for IAM in C++

C#

For more information about how to use this client library, see the following resources:

API reference documentation: C# IAM client library reference
Source code: C# IAM client library source code
Issue tracker: Google API Client Library for C# issue tracker
Stack Overflow: Stack Overflow for IAM in C#

Go

For more information about how to use this client library, see the following resources:

API reference documentation: Go IAM client library reference
Source code: Go IAM client library source code
Issue tracker: Google API Client Library for Go issue tracker
Stack Overflow: Stack Overflow for IAM in Go

Java

For more information about how to use this client library, see the following resources:

API reference documentation: IAM client library for Java reference
Source code:
- IAM client library for Java source code
- Google API Client Library for Java
Issue tracker: Google API Client Library for Java issue tracker
Stack Overflow: Stack Overflow for IAM in Java

Node.js

For more information about how to use this client library, see the following resources:

API reference documentation: Node.js IAM client library reference
Source code: Node.js IAM client library source code
Issue tracker: Google API Client Library for Node.js issue tracker
Stack Overflow: Stack Overflow for IAM in Node.js

PHP

For more information about how to use this client library, see the following resources:

Source code:
- PHP IAM client library source code
- Google API Client Library for PHP
Issue tracker: Google API Client Library for PHP issue tracker
Stack Overflow: Stack Overflow for IAM in PHP

Python

For more information about how to use this client library, see the following resources:

API reference documentation: Python IAM client library reference
Source code: Google API Client Library for Python
Issue tracker: Google API Client Library for Python issue tracker
Stack Overflow: Stack Overflow for IAM in Python

Ruby

For more information about how to use this client library, see the following resources:

API reference documentation: Ruby IAM client library reference
Source code: Google API Client Library for Ruby
Issue tracker: Google API Client Library for Ruby issue tracker
Stack Overflow: Stack Overflow

IAM v2 API

Use the IAM v2 API to manage deny policies.

To manage custom roles, service accounts, and service account keys, use the IAM v1 API.

Install the client library

C#

For more information, see Setting up a C# development environment.

install-package Google.Cloud.Iam.V2

Go

For more information, see Setting up a Go development environment.

go get cloud.google.com/go/iam

Java

For more information, see Setting up a Java development environment.

If you are using Maven, add this to your pom.xml file.

<dependency>
  <groupId>com.google.cloud</groupId>
  <artifactId>google-iam-policy</artifactId>
  <scope>compile</scope>
</dependency>

Node.js

For more information, see Setting up a Node.js development environment.

npm install @google-cloud/iam

PHP

For more information, see Using PHP on Google Cloud.

Install the component with Composer:

composer require google/cloud-iam

Python

For more information, see Setting up a Python development environment.

pip install --upgrade google-cloud-iam

Ruby

For more information, see Setting up a Ruby development environment.

gem install google-iam-v2

Additional resources

C#

For more information about how to use this client library, see the following resources:

API reference documentation: .NET IAM v2 client library reference
Source code: .NET IAM v2 client library source code
Issue tracker: Cloud Client Libraries for .NET issue tracker
Stack Overflow: Stack Overflow for IAM in C#

Go

For more information about how to use this client library, see the following resources:

API reference documentation: Go IAM v2 client library reference
Source code: Go IAM v2 client library source code
Issue tracker: Cloud Client Libraries for Go issue tracker
Stack Overflow: Stack Overflow for IAM in Go

Java

For more information about how to use this client library, see the following resources:

API reference documentation: IAM v2 client library for Java reference
Source code: IAM v2 client library for Java source code
Issue tracker: Cloud Client Libraries for Java issue tracker
Stack Overflow: Stack Overflow for IAM in Java

Node.js

For more information about how to use this client library, see the following resources:

API reference documentation: Node.js IAM v2 client library reference
Source code: Cloud Client Libraries for Node.js source code
Issue tracker: Cloud Client Libraries for Node.js issue tracker
Stack Overflow: Stack Overflow for IAM in Node.js

PHP

For more information about how to use this client library, see the following resources:

API reference documentation: PHP IAM v2 client library reference
Source code: Cloud Client Libraries for PHP source code
Issue tracker: Cloud Client Libraries for PHP issue tracker
Stack Overflow: Stack Overflow for IAM in PHP

Python

For more information about how to use this client library, see the following resources:

API reference documentation: Python IAM v2 client library reference
Source code: Cloud Client Libraries for Python source code
Issue tracker: Cloud Client Libraries for Python issue tracker
Stack Overflow: Stack Overflow for IAM in Python

Ruby

For more information about how to use this client library, see the following resources:

API reference documentation: Ruby IAM v2 client library reference
Source code: Cloud Client Libraries for Ruby source code
Issue tracker: Cloud Client Libraries for Ruby issue tracker
Stack Overflow: Stack Overflow

Service Account Credentials API

Use the Service Account Credentials API to create short-lived, limited-privilege credentials for service accounts.

Install the client library

C++

For more information, see the GitHub repository for the C++ client library.

If you are using Bazel, update your WORKSPACE file to import the client library. You can then add the library to the cc_binary rule in your BUILD file, as shown in this example:

cc_binary(
    name = "quickstart",
    srcs = [
        "quickstart.cc",
    ],
    deps = [
        "@google_cloud_cpp//:iam",
    ],
)

If you are using CMake, install the dependency with a tool such as vcpkg:

cd $HOME/vcpkg
./vcpkg install google-cloud-cpp

You can then add the dependency to your CMakeLists.txt file:

find_package(google_cloud_cpp_iam REQUIRED)

For additional details, see Installing google-cloud-cpp.

C#

For more information, see Setting up a C# development environment.

install-package Google.Apis.IAMCredentials.v1

Go

For more information, see Setting up a Go development environment.

go get google.golang.org/api/iamcredentials/v1

Java

For more information, see Setting up a Java development environment.

If you are using Maven, add this to your pom.xml file.

<dependency>
  <groupId>com.google.apis</groupId>
  <artifactId>google-api-services-iamcredentials</artifactId>
  <version>v1-rev20211203-2.0.0</version>
</dependency>

Node.js

For more information, see Setting up a Node.js development environment.

npm install googleapis

PHP

For more information, see Using PHP on Google Cloud.

Add the library as a dependency to your composer.json file:

"require": {
  "google/apiclient": "^2.0"
}

Alternatively, you can download the package locally.

Python

For more information, see Setting up a Python development environment.

pip install --upgrade google-cloud-iam

Ruby

For more information, see Setting up a Ruby development environment.

gem install google-api-client

Additional resources

C++

For more information about how to use this client library, see the following resources:

API reference documentation: C++ IAM client library reference
Source code: C++ IAM client library source code
Issue tracker: Google Cloud Client Library for C++ issue tracker
Stack Overflow: Stack Overflow for IAM in C++

C#

For more information about how to use this client library, see the following resources:

API reference documentation: C# Service Account Credentials client library reference
Source code: C# Service Account Credentials client library source code
Issue tracker: Google API Client Library for C# issue tracker
Stack Overflow: Stack Overflow for IAM in C#

Go

For more information about how to use this client library, see the following resources:

API reference documentation: Go Service Account Credentials client library reference
Source code: Go Service Account Credentials client library source code
Issue tracker: Google API Client Library for Go issue tracker
Stack Overflow: Stack Overflow for IAM in Go

Java

For more information about how to use this client library, see the following resources:

API reference documentation: Service Account Credentials client library for Java reference
Source code:
- Service Account Credentials client library for Java source code
- Google API Client Library for Java
Issue tracker: Google API Client Library for Java issue tracker
Stack Overflow: Stack Overflow for IAM in Java

Node.js

For more information about how to use this client library, see the following resources:

API reference documentation: Node.js IAM client library reference
Source code: Node.js Service Account Credentials client library source code
Issue tracker: Google API Client Library for Node.js issue tracker
Stack Overflow: Stack Overflow for IAM in Node.js

PHP

For more information about how to use this client library, see the following resources:

Source code:
- PHP Service Account Credentials client library source code
- Google API Client Library for PHP
Issue tracker: Google API Client Library for PHP issue tracker
Stack Overflow: Stack Overflow for IAM in PHP

Python

For more information about how to use this client library, see the following resources:

API reference documentation: Python Service Account Credentials client library reference
Source code: Cloud Client Libraries for Python
Issue tracker: Google API Client Library for Python issue tracker
Stack Overflow: Stack Overflow for IAM in Python

Ruby

For more information about how to use this client library, see the following resources:

API documentation reference: Ruby Service Account Credentials client library reference
Source code: Google API Client Library for Ruby
Issue tracker: Google API Client Library for Ruby issue tracker
Stack Overflow: Stack Overflow