Note: This method is deprecated. Use the signJwt method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide for instructions.
Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount
.
HTTP request
POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:signJwt
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account. Use one of the following formats:
As an alternative, you can use the
When possible, avoid using the Authorization requires the following IAM permission on the specified resource
|
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "payload": string } |
Fields | |
---|---|
payload |
Required. Deprecated. Migrate to Service Account Credentials API. The JWT payload to sign. Must be a serialized JSON object that contains a JWT Claims Set. For example: If the JWT Claims Set contains an expiration time ( If the JWT Claims Set does not contain an expiration time ( |
Response body
Deprecated. Migrate to Service Account Credentials API.
The service account sign JWT response.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "keyId": string, "signedJwt": string } |
Fields | |
---|---|
keyId |
Deprecated. Migrate to Service Account Credentials API. The id of the key used to sign the JWT. |
signedJwt |
Deprecated. Migrate to Service Account Credentials API. The signed JWT. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.