Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

Service: iam.googleapis.com

We recommend that you call this service using Google-provided client libraries. If your application needs to call this service using your own libraries, you should use the following information when making the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery document:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service may have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://iam.googleapis.com

REST Resource: v1.iamPolicies

Methods
lintPolicy POST /v1/iamPolicies:lintPolicy
Lints a Cloud IAM policy object or its sub fields.
queryAuditableServices POST /v1/iamPolicies:queryAuditableServices
Returns a list of services that support service level audit logging configuration for the given resource.

REST Resource: v1.organizations.roles

Methods
create POST /v1/{parent=organizations/*}/roles
Creates a new Role.
delete DELETE /v1/{name=organizations/*/roles/*}
Soft deletes a role.
get GET /v1/{name=organizations/*/roles/*}
Gets a Role definition.
list GET /v1/{parent=organizations/*}/roles
Lists the Roles defined on a resource.
patch PATCH /v1/{name=organizations/*/roles/*}
Updates a Role definition.
undelete POST /v1/{name=organizations/*/roles/*}:undelete
Undelete a Role, bringing it back in its previous state.

REST Resource: v1.permissions

Methods
queryTestablePermissions POST /v1/permissions:queryTestablePermissions
Lists the permissions testable on a resource.

REST Resource: v1.projects.roles

Methods
create POST /v1/{parent=projects/*}/roles
Creates a new Role.
delete DELETE /v1/{name=projects/*/roles/*}
Soft deletes a role.
get GET /v1/{name=projects/*/roles/*}
Gets a Role definition.
list GET /v1/{parent=projects/*}/roles
Lists the Roles defined on a resource.
patch PATCH /v1/{name=projects/*/roles/*}
Updates a Role definition.
undelete POST /v1/{name=projects/*/roles/*}:undelete
Undelete a Role, bringing it back in its previous state.

REST Resource: v1.projects.serviceAccounts

Methods
create POST /v1/{name=projects/*}/serviceAccounts
Creates a ServiceAccount and returns it.
delete DELETE /v1/{name=projects/*/serviceAccounts/*}
Deletes a ServiceAccount.
disable POST /v1/{name=projects/*/serviceAccounts/*}:disable
DisableServiceAccount is currently in the alpha launch stage.
enable POST /v1/{name=projects/*/serviceAccounts/*}:enable
EnableServiceAccount is currently in the alpha launch stage.
get GET /v1/{name=projects/*/serviceAccounts/*}
Gets a ServiceAccount.
getIamPolicy POST /v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy
Returns the Cloud IAM access control policy for a ServiceAccount.
list GET /v1/{name=projects/*}/serviceAccounts
Lists ServiceAccounts for a project.
patch PATCH /v1/{serviceAccount.name=projects/*/serviceAccounts/*}
Patches a ServiceAccount.
setIamPolicy POST /v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy
Sets the Cloud IAM access control policy for a ServiceAccount.
signBlob POST /v1/{name=projects/*/serviceAccounts/*}:signBlob
Note: This method is in the process of being deprecated.
signJwt POST /v1/{name=projects/*/serviceAccounts/*}:signJwt
Note: This method is in the process of being deprecated.
testIamPermissions POST /v1/{resource=projects/*/serviceAccounts/*}:testIamPermissions
Tests the specified permissions against the IAM access control policy for a ServiceAccount.
undelete POST /v1/{name=projects/*/serviceAccounts/*}:undelete
Restores a deleted ServiceAccount.
update PUT /v1/{name=projects/*/serviceAccounts/*}
Note: This method is in the process of being deprecated.

REST Resource: v1.projects.serviceAccounts.keys

Methods
create POST /v1/{name=projects/*/serviceAccounts/*}/keys
Creates a ServiceAccountKey and returns it.
delete DELETE /v1/{name=projects/*/serviceAccounts/*/keys/*}
Deletes a ServiceAccountKey.
get GET /v1/{name=projects/*/serviceAccounts/*/keys/*}
Gets the ServiceAccountKey by key id.
list GET /v1/{name=projects/*/serviceAccounts/*}/keys
Lists ServiceAccountKeys.
upload POST /v1/{name=projects/*/serviceAccounts/*}/keys:upload
Upload public key for a given service account.

REST Resource: v1.roles

Methods
get GET /v1/{name=roles/*}
Gets a Role definition.
list GET /v1/roles
Lists the Roles defined on a resource.
queryGrantableRoles POST /v1/roles:queryGrantableRoles
Queries roles that can be granted on a particular resource.
Esta página foi útil? Conte sua opinião sobre:

Enviar comentários sobre…

Cloud IAM Documentation