Method: projects.serviceAccounts.signBlob

Note: This method is deprecated and will stop working on July 1, 2021. Use the signBlob method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide for instructions.

Signs a blob using the system-managed private key for a ServiceAccount.

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:signBlob

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. Deprecated. Migrate to Service Account Credentials API.

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the uniqueId of the service account.

Authorization requires the following IAM permission on the specified resource name:

  • iam.serviceAccounts.signBlob

Request body

The request body contains data with the following structure:

JSON representation
{
  "bytesToSign": string
}
Fields
bytesToSign
(deprecated)

string (bytes format)

Required. Deprecated. Migrate to Service Account Credentials API.

The bytes to sign.

A base64-encoded string.

Response body

If successful, the response body contains data with the following structure:

Deprecated. Migrate to Service Account Credentials API.

The service account sign blob response.

JSON representation
{
  "keyId": string,
  "signature": string
}
Fields
keyId
(deprecated)

string

Deprecated. Migrate to Service Account Credentials API.

The id of the key used to sign the blob.

signature
(deprecated)

string (bytes format)

Deprecated. Migrate to Service Account Credentials API.

The signed blob.

A base64-encoded string.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.