REST Resource: projects.serviceAccounts

Resource: ServiceAccount

A service account in the Identity and Access Management API.

To create a service account, specify the projectId and the accountId for the account. The accountId is unique within the project, and is used to generate the service account email address and a stable uniqueId.

If the account already exists, the account's resource name is returned in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller can use the name in other methods to access the account.

All other methods can identify the service account using the format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the uniqueId of the service account.

JSON representation 
{
  "name": string,
  "projectId": string,
  "uniqueId": string,
  "email": string,
  "displayName": string,
  "etag": string,
  "description": string,
  "oauth2ClientId": string,
  "disabled": boolean
}
Fields
name

string

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}.

Requests using - as a wildcard for the PROJECT_ID will infer the project from the account and the ACCOUNT value can be the email address or the uniqueId of the service account.

In responses the resource name will always be in the format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}.
projectId

string

The id of the project that owns the service account.

Note: This field is used in responses only. Any value specified here in a request is ignored.
uniqueId

string

The unique and stable id of the service account.

Note: This field is used in responses only. Any value specified here in a request is ignored.
email

string

The email address of the service account.

Note: This field is used in responses only. Any value specified here in a request is ignored.
displayName

string

Optional. A user-specified name for the service account. Must be less than or equal to 100 UTF-8 bytes.
etag

string (bytes format)

Optional. Note: etag is an inoperable legacy field that is only returned for backwards compatibility.

A base64-encoded string.
description

string

Optional. A user-specified opaque description of the service account. Must be less than or equal to 256 UTF-8 bytes.
oauth2ClientId

string

The OAuth2 client id for the service account. This is used in conjunction with the OAuth2 clientconfig API to make three legged OAuth2 (3LO) flows to access the data of Google users.

Note: This field is used in responses only. Any value specified here in a request is ignored.
disabled

boolean

A bool indicate if the service account is disabled. The field is currently in alpha phase.

Note: This field is used in responses only. Any value specified here in a request is ignored.

Methods

create

 Creates a ServiceAccount and returns it.

delete

 Deletes a ServiceAccount.

disable

 DisableServiceAccount is currently in the alpha launch stage.

enable

 EnableServiceAccount is currently in the alpha launch stage.

get

 Gets a ServiceAccount.

getIamPolicy

 Returns the Cloud IAM access control policy for a ServiceAccount.

list

 Lists ServiceAccounts for a project.

patch

 Patches a ServiceAccount.

setIamPolicy

 Sets the Cloud IAM access control policy for a ServiceAccount.

signBlob

 Note: This method is in the process of being deprecated.

signJwt

 Note: This method is in the process of being deprecated.

testIamPermissions

 Tests the specified permissions against the IAM access control policy for a ServiceAccount.

undelete

 Restores a deleted ServiceAccount.

update

 Note: This method is in the process of being deprecated.