Method: projects.serviceAccounts.create

Creates a ServiceAccount.

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*}/serviceAccounts

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. The resource name of the project associated with the service accounts, such as projects/my-project-123.

Authorization requires the following IAM permission on the specified resource name:

  • iam.serviceAccounts.create

Request body

The request body contains data with the following structure:

JSON representation
{
  "accountId": string,
  "serviceAccount": {
    object (ServiceAccount)
  }
}
Fields
accountId

string

Required. The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035.

serviceAccount

object (ServiceAccount)

The ServiceAccount resource to create. Currently, only the following values are user assignable: displayName and description.

Response body

If successful, the response body contains a newly created instance of ServiceAccount.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Examples

Uses the .NET client library.

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the C# client library by adding a dependency on the relevant NuGet
//    package. Libraries published by Google are owned by google-apis-packages:
//    https://www.nuget.org/profiles/google-apis-packages

using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
using Google.Apis.Iam.v1;
using Newtonsoft.Json;
using System;
using System.Threading.Tasks;

using Data = Google.Apis.Iam.v1.Data;

namespace IamSample
{
   
public class IamExample
   
{
       
public static void Main(string[] args)
       
{
           
IamService iamService = new IamService(new BaseClientService.Initializer
           
{
               
HttpClientInitializer = GetCredential(),
               
ApplicationName = "Google-iamSample/0.1",
           
});

           
// Required. The resource name of the project associated with the service
           
// accounts, such as `projects/my-project-123`.
           
string name = "projects/my-project";  // TODO: Update placeholder value.

           
// TODO: Assign values to desired properties of `requestBody`:
           
Data.CreateServiceAccountRequest requestBody = new Data.CreateServiceAccountRequest();

           
ProjectsResource.ServiceAccountsResource.CreateRequest request = iamService.Projects.ServiceAccounts.Create(requestBody, name);

           
// To execute asynchronously in an async method, replace `request.Execute()` as shown:
           
Data.ServiceAccount response = request.Execute();
           
// Data.ServiceAccount response = await request.ExecuteAsync();

           
// TODO: Change code below to process the `response` object:
           
Console.WriteLine(JsonConvert.SerializeObject(response));
       
}

       
public static GoogleCredential GetCredential()
       
{
           
GoogleCredential credential = Task.Run(() => GoogleCredential.GetApplicationDefaultAsync()).Result;
           
if (credential.IsCreateScopedRequired)
           
{
                credential
= credential.CreateScoped("https://www.googleapis.com/auth/cloud-platform");
           
}
           
return credential;
       
}
   
}
}

Uses the Go client library.

package main

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk/ and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install and update the Go dependencies by running `go get -u` in the
//    project directory.

import (
       
"fmt"
       
"log"

       
"golang.org/x/net/context"
       
"golang.org/x/oauth2/google"
       
"google.golang.org/api/iam/v1"
)

func main
() {
        ctx
:= context.Background()

        iamService
, err := iam.NewService(ctx)
       
if err != nil {
                log
.Fatal(err)
       
}

       
// Required. The resource name of the project associated with the service
       
// accounts, such as `projects/my-project-123`.
        name
:= "projects/my-project" // TODO: Update placeholder value.

        rb
:= &iam.CreateServiceAccountRequest{
               
// TODO: Add desired fields of the request body.
       
}

        resp
, err := iamService.Projects.ServiceAccounts.Create(name, rb).Context(ctx).Do()
       
if err != nil {
                log
.Fatal(err)
       
}

       
// TODO: Change code below to process the `resp` object:
        fmt
.Printf("%#v\n", resp)
}

Uses the Java client library.

/*
 * BEFORE RUNNING:
 * ---------------
 * 1. If not already done, enable the Identity and Access Management (IAM) API
 *    and check the quota for your project at
 *    https://console.developers.google.com/apis/api/iam
 * 2. This sample uses Application Default Credentials for authentication.
 *    If not already done, install the gcloud CLI from
 *    https://cloud.google.com/sdk and run
 *    `gcloud beta auth application-default login`.
 *    For more information, see
 *    https://developers.google.com/identity/protocols/application-default-credentials
 * 3. Install the Java client library on Maven or Gradle. Check installation
 *    instructions at https://github.com/google/google-api-java-client.
 *    On other build systems, you can add the jar files to your project from
 *    https://developers.google.com/resources/api-libraries/download/iam/v1/java
 */

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.model.CreateServiceAccountRequest;
import com.google.api.services.iam.v1.model.ServiceAccount;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;

public class IamExample {
 
public static void main(String args[]) throws IOException, GeneralSecurityException {
   
// Required. The resource name of the project associated with the service
   
// accounts, such as `projects/my-project-123`.
   
String name = "projects/my-project"; // TODO: Update placeholder value.

   
// TODO: Assign values to desired fields of `requestBody`:
   
CreateServiceAccountRequest requestBody = new CreateServiceAccountRequest();

   
Iam iamService = createIamService();
   
Iam.Projects.ServiceAccounts.Create request =
        iamService
.projects().serviceAccounts().create(name, requestBody);

   
ServiceAccount response = request.execute();

   
// TODO: Change code below to process the `response` object:
   
System.out.println(response);
 
}

 
public static Iam createIamService() throws IOException, GeneralSecurityException {
   
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
   
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();

   
GoogleCredential credential = GoogleCredential.getApplicationDefault();
   
if (credential.createScopedRequired()) {
      credential
=
          credential
.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
   
}

   
return new Iam.Builder(httpTransport, jsonFactory, credential)
       
.setApplicationName("Google-iamSample/0.1")
       
.build();
 
}
}

Uses the Node.js client library.

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the Node.js client library by running
//    `npm install googleapis --save`

const {google} = require('googleapis');
const iam = google.iam('v1');

async
function main () {
 
const authClient = await authorize();
 
const request = {
   
// Required. The resource name of the project associated with the service
   
// accounts, such as `projects/my-project-123`.
    name
: 'projects/my-project',  // TODO: Update placeholder value.

    resource
: {
     
// TODO: Add desired properties to the request body.
   
},

    auth
: authClient,
 
};

 
try {
   
const response = (await iam.projects.serviceAccounts.create(request)).data;
   
// TODO: Change code below to process the `response` object:
    console
.log(JSON.stringify(response, null, 2));
 
} catch (err) {
    console
.error(err);
 
}
}
main
();

async
function authorize() {
 
const auth = new google.auth.GoogleAuth({
    scopes
: ['https://www.googleapis.com/auth/cloud-platform']
 
});
 
return await auth.getClient();
}

Uses the PHP client library.

<?php
/*
 * BEFORE RUNNING:
 * ---------------
 * 1. If not already done, enable the Identity and Access Management (IAM) API
 *    and check the quota for your project at
 *    https://console.developers.google.com/apis/api/iam
 * 2. This sample uses Application Default Credentials for authentication.
 *    If not already done, install the gcloud CLI from
 *    https://cloud.google.com/sdk and run
 *    `gcloud beta auth application-default login`.
 *    For more information, see
 *    https://developers.google.com/identity/protocols/application-default-credentials
 * 3. Install the PHP client library with Composer. Check installation
 *    instructions at https://github.com/google/google-api-php-client.
 */


// Autoload Composer.
require_once __DIR__
. '/vendor/autoload.php';

$client
= new Google_Client();
$client
->setApplicationName('Google-iamSample/0.1');
$client
->useApplicationDefaultCredentials();
$client
->addScope('https://www.googleapis.com/auth/cloud-platform');

$service
= new Google_Service_Iam($client);

// Required. The resource name of the project associated with the service
// accounts, such as `projects/my-project-123`.
$name
= 'projects/my-project';  // TODO: Update placeholder value.

// TODO: Assign values to desired properties of `requestBody`:
$requestBody
= new Google_Service_Iam_CreateServiceAccountRequest();

$response
= $service->projects_serviceAccounts->create($name, $requestBody);

// TODO: Change code below to process the `response` object:
echo
'<pre>', var_export($response, true), '</pre>', "\n";
?>

Uses the Python client library.

"""
BEFORE RUNNING:
---------------
1. If not already done, enable the Identity and Access Management (IAM) API
   and check the quota for your project at
   https://console.developers.google.com/apis/api/iam
2. This sample uses Application Default Credentials for authentication.
   If not already done, install the gcloud CLI from
   https://cloud.google.com/sdk and run
   `gcloud beta auth application-default login`.
   For more information, see
   https://developers.google.com/identity/protocols/application-default-credentials
3. Install the Python client library for Google APIs by running
   `pip install --upgrade google-api-python-client`
4. Install the OAuth 2.0 client for Google APIs by running
   `pip install --upgrade oauth2client`
"""

from pprint import pprint

from googleapiclient import discovery
from oauth2client.client import GoogleCredentials

credentials
= GoogleCredentials.get_application_default()

service
= discovery.build('iam', 'v1', credentials=credentials)

# Required. The resource name of the project associated with the service
# accounts, such as `projects/my-project-123`.
name
= 'projects/my-project'  # TODO: Update placeholder value.

create_service_account_request_body
= {
   
# TODO: Add desired entries to the request body.
}

request
= service.projects().serviceAccounts().create(name=name, body=create_service_account_request_body)
response
= request.execute()

# TODO: Change code below to process the `response` dict:
pprint
(response)

Uses the Ruby client library.

# BEFORE RUNNING:
# ---------------
# 1. If not already done, enable the Identity and Access Management (IAM) API
#    and check the quota for your project at
#    https://console.developers.google.com/apis/api/iam
# 2. This sample uses Application Default Credentials for authentication.
#    If not already done, install the gcloud CLI from
#    https://cloud.google.com/sdk and run
#    `gcloud beta auth application-default login`.
#    For more information, see
#    https://developers.google.com/identity/protocols/application-default-credentials
# 3. Install the Ruby client library and Application Default Credentials
#    library by running `gem install google-api-client` and
#    `gem install googleauth`

require 'googleauth'
require 'google/apis/iam_v1'

service
= Google::Apis::IamV1::IamService.new

service
.authorization = \
   
Google::Auth.get_application_default(['https://www.googleapis.com/auth/cloud-platform'])

# Required. The resource name of the project associated with the service
# accounts, such as `projects/my-project-123`.
name
= 'projects/my-project'  # TODO: Update placeholder value.

# TODO: Assign values to desired members of `request_body`:
request_body
= Google::Apis::IamV1::CreateServiceAccountRequest.new

response
= service.create_service_account(name, request_body)

# TODO: Change code below to process the `response` object:
puts response
.to_json