Method: projects.serviceAccounts.keys.disable

Disable a ServiceAccountKey. A disabled service account key can be re-enabled with keys.enable.

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*/keys/*}:disable

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. The resource name of the service account key.

Use one of the following formats:

  • projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}/keys/{KEY_ID}
  • projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}/keys/{KEY_ID}

As an alternative, you can use the - wildcard character instead of the project ID:

  • projects/-/serviceAccounts/{EMAIL_ADDRESS}/keys/{KEY_ID}
  • projects/-/serviceAccounts/{UNIQUE_ID}/keys/{KEY_ID}

When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account key projects/-/serviceAccounts/fake@example.com/keys/fake-key, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.

Authorization requires the following IAM permission on the specified resource name:

  • iam.serviceAccountKeys.disable

Request body

The request body must be empty.

Response body

If successful, the response body is empty.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.