REST Resource: projects.serviceAccounts

Resource: ServiceAccount

An IAM service account.

A service account is an account for an application or a virtual machine (VM) instance, not a person. You can use a service account to call Google APIs. To learn more, read the overview of service accounts.

When you create a service account, you specify the project ID that owns the service account, as well as a name that must be unique within the project. IAM uses these values to create an email address that identifies the service account.

JSON representation
{
  "name": string,
  "projectId": string,
  "uniqueId": string,
  "email": string,
  "displayName": string,
  "etag": string,
  "description": string,
  "oauth2ClientId": string,
  "disabled": boolean
}
Fields
name

string

The resource name of the service account.

Use one of the following formats:

  • projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}
  • projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}

As an alternative, you can use the - wildcard character instead of the project ID:

  • projects/-/serviceAccounts/{EMAIL_ADDRESS}
  • projects/-/serviceAccounts/{UNIQUE_ID}

When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.

projectId

string

Output only. The ID of the project that owns the service account.

uniqueId

string

Output only. The unique, stable numeric ID for the service account.

Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account.

email

string

Output only. The email address of the service account.

displayName

string

Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.

etag
(deprecated)

string (bytes format)

Deprecated. Do not use.

A base64-encoded string.

description

string

Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.

oauth2ClientId

string

Output only. The OAuth 2.0 client ID for the service account.

disabled

boolean

Output only. Whether the service account is disabled.

Methods

create

Creates a ServiceAccount.

delete

Deletes a ServiceAccount.

disable

Disables a ServiceAccount immediately.

enable

Enables a ServiceAccount that was disabled by DisableServiceAccount.

get

Gets a ServiceAccount.

getIamPolicy

Gets the IAM policy that is attached to a ServiceAccount.

list

Lists every ServiceAccount that belongs to a specific project.

patch

Patches a ServiceAccount.

setIamPolicy

Sets the IAM policy that is attached to a ServiceAccount.

signBlob

Note: We are in the process of deprecating this method.

signJwt

Note: We are in the process of deprecating this method.

testIamPermissions

Tests whether the caller has the specified permissions on a ServiceAccount.

undelete

Restores a deleted ServiceAccount.

update

Note: We are in the process of deprecating this method.