Client libraries

The APIs for Identity and Access Management (IAM) are built on HTTP and JSON, so any standard HTTP client can send requests to it and parse the responses.

However, the Google API Client Libraries provide better language integration, improved security, and support for authentication. The client libraries are available in a number of programming languages; they handle all communication with IAM.

Many Google Cloud services also offer Google Cloud Client Libraries, which you can use to manage the allow policies for each service's resources. The Google Cloud Client Libraries offer the same benefits as the Google API Client Libraries, along with a more idiomatic API for each programming language. To learn more, see Client libraries explained.

IAM v1 API

Use the IAM v1 API to manage custom roles, service accounts, and service account keys.

To grant and revoke access to a specific resource, use the getIamPolicy and setIamPolicy methods in that resource's API to update its allow policy. For a list of resource types that accept allow policies, see Resource types that accept allow policies.

To manage deny policies, use the IAM v2 API.

Install the client library

C++

For more information, see the GitHub repository for the C++ client library.

If you are using Bazel, update your WORKSPACE file to import the client library. You can then add the library to the cc_binary rule in your BUILD file, as shown in this example:

cc_binary(
    name = "quickstart",
    srcs = [
        "quickstart.cc",
    ],
    deps = [
        "@google_cloud_cpp//:iam",
    ],
)

If you are using CMake, install the dependency with a tool such as vcpkg:

cd $HOME/vcpkg
./vcpkg install google-cloud-cpp

You can then add the dependency to your CMakeLists.txt file:

find_package(google_cloud_cpp_iam REQUIRED)

For additional details, see Installing google-cloud-cpp.

C#

For more information, see Setting up a C# development environment.

install-package Google.Apis.Iam.v1

Go

For more information, see Setting up a Go development environment.

go get google.golang.org/api/iam/v1

Java

For more information, see Setting up a Java development environment.

If you are using Maven, add this to your pom.xml file.

<dependency>
  <groupId>com.google.apis</groupId>
  <artifactId>google-api-services-iam</artifactId>
  <version>v1-rev20230518-2.0.0</version>
</dependency>

Node.js

For more information, see Setting up a Node.js development environment.

npm install googleapis

PHP

For more information, see Using PHP on Google Cloud.

Add the library as a dependency to your composer.json file:

"require": {
  "google/apiclient": "^2.0"
}

Alternatively, you can download the package locally.

Python

For more information, see Setting up a Python development environment.

pip install --upgrade google-api-python-client

Ruby

For more information, see Setting up a Ruby development environment.

gem install google-api-client

Additional resources

C++

For more information about how to use this client library, see the following resources:

C#

For more information about how to use this client library, see the following resources:

Go

For more information about how to use this client library, see the following resources:

Java

For more information about how to use this client library, see the following resources:

Node.js

For more information about how to use this client library, see the following resources:

PHP

For more information about how to use this client library, see the following resources:

Python

For more information about how to use this client library, see the following resources:

Ruby

For more information about how to use this client library, see the following resources:

IAM v2 API

Use the IAM v2 API to manage deny policies.

To manage custom roles, service accounts, and service account keys, use the IAM v1 API.

Install the client library

C#

For more information, see Setting up a C# development environment.

install-package Google.Cloud.Iam.V2

Go

For more information, see Setting up a Go development environment.

go get cloud.google.com/go/iam

Java

For more information, see Setting up a Java development environment.

If you are using Maven, add this to your pom.xml file.

<dependency>
  <groupId>com.google.cloud</groupId>
  <artifactId>google-iam-policy</artifactId>
  <scope>compile</scope>
</dependency>

Node.js

For more information, see Setting up a Node.js development environment.

npm install @google-cloud/iam

PHP

For more information, see Using PHP on Google Cloud.

Install the component with Composer:

composer require google/cloud-iam

Python

For more information, see Setting up a Python development environment.

pip install --upgrade google-cloud-iam

Ruby

For more information, see Setting up a Ruby development environment.

gem install google-iam-v2

Additional resources

C#

For more information about how to use this client library, see the following resources:

Go

For more information about how to use this client library, see the following resources:

Java

For more information about how to use this client library, see the following resources:

Node.js

For more information about how to use this client library, see the following resources:

PHP

For more information about how to use this client library, see the following resources:

Python

For more information about how to use this client library, see the following resources:

Ruby

For more information about how to use this client library, see the following resources:

Service Account Credentials API

Use the Service Account Credentials API to create short-lived, limited-privilege credentials for service accounts.

Install the client library

C++

For more information, see the GitHub repository for the C++ client library.

If you are using Bazel, update your WORKSPACE file to import the client library. You can then add the library to the cc_binary rule in your BUILD file, as shown in this example:

cc_binary(
    name = "quickstart",
    srcs = [
        "quickstart.cc",
    ],
    deps = [
        "@google_cloud_cpp//:iam",
    ],
)

If you are using CMake, install the dependency with a tool such as vcpkg:

cd $HOME/vcpkg
./vcpkg install google-cloud-cpp

You can then add the dependency to your CMakeLists.txt file:

find_package(google_cloud_cpp_iam REQUIRED)

For additional details, see Installing google-cloud-cpp.

C#

For more information, see Setting up a C# development environment.

install-package Google.Apis.IAMCredentials.v1

Go

For more information, see Setting up a Go development environment.

go get google.golang.org/api/iamcredentials/v1

Java

For more information, see Setting up a Java development environment.

If you are using Maven, add this to your pom.xml file.

<dependency>
  <groupId>com.google.apis</groupId>
  <artifactId>google-api-services-iamcredentials</artifactId>
  <version>v1-rev20211203-2.0.0</version>
</dependency>

Node.js

For more information, see Setting up a Node.js development environment.

npm install googleapis

PHP

For more information, see Using PHP on Google Cloud.

Add the library as a dependency to your composer.json file:

"require": {
  "google/apiclient": "^2.0"
}

Alternatively, you can download the package locally.

Python

For more information, see Setting up a Python development environment.

pip install --upgrade google-cloud-iam

Ruby

For more information, see Setting up a Ruby development environment.

gem install google-api-client

Additional resources

C++

For more information about how to use this client library, see the following resources:

C#

For more information about how to use this client library, see the following resources:

Go

For more information about how to use this client library, see the following resources:

Java

For more information about how to use this client library, see the following resources:

Node.js

For more information about how to use this client library, see the following resources:

PHP

For more information about how to use this client library, see the following resources:

Python

For more information about how to use this client library, see the following resources:

Ruby

For more information about how to use this client library, see the following resources: