Method: projects.serviceAccounts.signJwt

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization Scopes
Examples
Try it!

Note: This method is deprecated. Use the signJwt method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide for instructions.

Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:signJwt

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`name (deprecated)`	`string` Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `uniqueId` of the service account. Authorization requires the following IAM permission on the specified resource `name`: `iam.serviceAccounts.signJwt`

name
(deprecated)

string

Required. Deprecated. Migrate to Service Account Credentials API.

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the uniqueId of the service account.

Authorization requires the following IAM permission on the specified resource name:

iam.serviceAccounts.signJwt

Request body

The request body contains data with the following structure:

JSON representation
{ "payload": string }

Fields

Fields
`payload (deprecated)`	`string` Required. Deprecated. Migrate to Service Account Credentials API. The JWT payload to sign. Must be a serialized JSON object that contains a JWT Claims Set. For example: `{"sub": "user@example.com", "iat": 313435}` If the JWT Claims Set contains an expiration time (`exp`) claim, it must be an integer timestamp that is not in the past and no more than 1 hour in the future. If the JWT Claims Set does not contain an expiration time (`exp`) claim, this claim is added automatically, with a timestamp that is 1 hour in the future.

payload
(deprecated)

string

Required. Deprecated. Migrate to Service Account Credentials API.

The JWT payload to sign. Must be a serialized JSON object that contains a JWT Claims Set. For example: {"sub": "user@example.com", "iat": 313435}

If the JWT Claims Set contains an expiration time (exp) claim, it must be an integer timestamp that is not in the past and no more than 1 hour in the future.

If the JWT Claims Set does not contain an expiration time (exp) claim, this claim is added automatically, with a timestamp that is 1 hour in the future.

Response body

If successful, the response body contains data with the following structure:

Deprecated. Migrate to Service Account Credentials API.

The service account sign JWT response.

JSON representation
{ "keyId": string, "signedJwt": string }

Fields

Fields
`keyId (deprecated)`	`string` This item is deprecated! Deprecated. Migrate to Service Account Credentials API. The id of the key used to sign the JWT.
`signedJwt (deprecated)`	`string` This item is deprecated! Deprecated. Migrate to Service Account Credentials API. The signed JWT.

keyId
(deprecated)

string

Deprecated. Migrate to Service Account Credentials API.

The id of the key used to sign the JWT.

signedJwt
(deprecated)

string

Deprecated. Migrate to Service Account Credentials API.

The signed JWT.

Authorization Scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.