Method: projects.serviceAccounts.keys.upload

Creates a ServiceAccountKey, using a public key that you provide.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the uniqueId of the service account.

Authorization requires the following IAM permission on the specified resource name:

  • iam.serviceAccountKeys.create

Request body

The request body contains data with the following structure:

JSON representation
  "publicKeyData": string

string (bytes format)

A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is X509_PEM.

A base64-encoded string.

Response body

If successful, the response body contains an instance of ServiceAccountKey.

Authorization Scopes

Requires one of the following OAuth scopes:


For more information, see the Authentication Overview.