Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.
- REST Resource: v1beta.projects.locations.workloadIdentityPools
- REST Resource: v1beta.projects.locations.workloadIdentityPools.operations
- REST Resource: v1beta.projects.locations.workloadIdentityPools.providers
- REST Resource: v1beta.projects.locations.workloadIdentityPools.providers.operations
- REST Resource: v1.iamPolicies
- REST Resource: v1.organizations.roles
- REST Resource: v1.permissions
- REST Resource: v1.projects.roles
- REST Resource: v1.projects.serviceAccounts
- REST Resource: v1.projects.serviceAccounts.keys
- REST Resource: v1.roles
Service: iam.googleapis.com
We recommend that you call this service using Google-provided client libraries. If your application needs to call this service using your own libraries, you should use the following information when making the API requests.
Discovery document
A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:
Service endpoint
A service endpoint is a base URL that specifies the network address of an API service. One service may have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:
https://iam.googleapis.com
REST Resource: v1beta.projects.locations.workloadIdentityPools
| Methods | |
|---|---|
create |
POST /v1beta/{parent=projects/*/locations/*}/workloadIdentityPools Creates a new WorkloadIdentityPool. |
delete |
DELETE /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*} Deletes a WorkloadIdentityPool. |
get |
GET /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*} Gets an individual WorkloadIdentityPool. |
list |
GET /v1beta/{parent=projects/*/locations/*}/workloadIdentityPools Lists all non-deleted WorkloadIdentityPools in a project. |
patch |
PATCH /v1beta/{workloadIdentityPool.name=projects/*/locations/*/workloadIdentityPools/*} Updates an existing WorkloadIdentityPool. |
undelete |
POST /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*}:undelete Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago. |
REST Resource: v1beta.projects.locations.workloadIdentityPools.operations
| Methods | |
|---|---|
get |
GET /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/operations/*} Gets the latest state of a long-running operation. |
REST Resource: v1beta.projects.locations.workloadIdentityPools.providers
| Methods | |
|---|---|
create |
POST /v1beta/{parent=projects/*/locations/*/workloadIdentityPools/*}/providers Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. |
delete |
DELETE /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*} Deletes a WorkloadIdentityPoolProvider. |
get |
GET /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*} Gets an individual WorkloadIdentityPoolProvider. |
list |
GET /v1beta/{parent=projects/*/locations/*/workloadIdentityPools/*}/providers Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool. |
patch |
PATCH /v1beta/{workloadIdentityPoolProvider.name=projects/*/locations/*/workloadIdentityPools/*/providers/*} Updates an existing WorkloadIdentityPoolProvider. |
undelete |
POST /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*}:undelete Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago. |
REST Resource: v1beta.projects.locations.workloadIdentityPools.providers.operations
| Methods | |
|---|---|
get |
GET /v1beta/{name=projects/*/locations/*/workloadIdentityPools/*/providers/*/operations/*} Gets the latest state of a long-running operation. |
Service: iam.googleapis.com
We recommend that you call this service using Google-provided client libraries. If your application needs to call this service using your own libraries, you should use the following information when making the API requests.
Discovery document
A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:
Service endpoint
A service endpoint is a base URL that specifies the network address of an API service. One service may have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:
https://iam.googleapis.com
REST Resource: v1.iamPolicies
| Methods | |
|---|---|
lintPolicy |
POST /v1/iamPolicies:lintPolicy Lints, or validates, an IAM policy. |
queryAuditableServices |
POST /v1/iamPolicies:queryAuditableServices Returns a list of services that allow you to opt into audit logs that are not generated by default. |
REST Resource: v1.organizations.roles
| Methods | |
|---|---|
create |
POST /v1/{parent=organizations/*}/roles Creates a new custom Role. |
delete |
DELETE /v1/{name=organizations/*/roles/*} Deletes a custom Role. |
get |
GET /v1/{name=organizations/*/roles/*} Gets the definition of a Role. |
list |
GET /v1/{parent=organizations/*}/roles Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. |
patch |
PATCH /v1/{name=organizations/*/roles/*} Updates the definition of a custom Role. |
undelete |
POST /v1/{name=organizations/*/roles/*}:undelete Undeletes a custom Role. |
REST Resource: v1.permissions
| Methods | |
|---|---|
queryTestablePermissions |
POST /v1/permissions:queryTestablePermissions Lists every permission that you can test on a resource. |
REST Resource: v1.projects.roles
| Methods | |
|---|---|
create |
POST /v1/{parent=projects/*}/roles Creates a new custom Role. |
delete |
DELETE /v1/{name=projects/*/roles/*} Deletes a custom Role. |
get |
GET /v1/{name=projects/*/roles/*} Gets the definition of a Role. |
list |
GET /v1/{parent=projects/*}/roles Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. |
patch |
PATCH /v1/{name=projects/*/roles/*} Updates the definition of a custom Role. |
undelete |
POST /v1/{name=projects/*/roles/*}:undelete Undeletes a custom Role. |
REST Resource: v1.projects.serviceAccounts
| Methods | |
|---|---|
create |
POST /v1/{name=projects/*}/serviceAccounts Creates a ServiceAccount. |
delete |
DELETE /v1/{name=projects/*/serviceAccounts/*} Deletes a ServiceAccount. |
disable |
POST /v1/{name=projects/*/serviceAccounts/*}:disable Disables a ServiceAccount immediately. |
enable |
POST /v1/{name=projects/*/serviceAccounts/*}:enable Enables a ServiceAccount that was disabled by DisableServiceAccount. |
get |
GET /v1/{name=projects/*/serviceAccounts/*} Gets a ServiceAccount. |
getIamPolicy |
POST /v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy Gets the IAM policy that is attached to a ServiceAccount. |
list |
GET /v1/{name=projects/*}/serviceAccounts Lists every ServiceAccount that belongs to a specific project. |
patch |
PATCH /v1/{serviceAccount.name=projects/*/serviceAccounts/*} Patches a ServiceAccount. |
setIamPolicy |
POST /v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy Sets the IAM policy that is attached to a ServiceAccount. |
signBlob |
POST /v1/{name=projects/*/serviceAccounts/*}:signBlob Note: This method is deprecated and will stop working on July 1, 2021. |
signJwt |
POST /v1/{name=projects/*/serviceAccounts/*}:signJwt Note: This method is deprecated and will stop working on July 1, 2021. |
testIamPermissions |
POST /v1/{resource=projects/*/serviceAccounts/*}:testIamPermissions Tests whether the caller has the specified permissions on a ServiceAccount. |
undelete |
POST /v1/{name=projects/*/serviceAccounts/*}:undelete Restores a deleted ServiceAccount. |
update |
PUT /v1/{name=projects/*/serviceAccounts/*} Note: We are in the process of deprecating this method. |
REST Resource: v1.projects.serviceAccounts.keys
| Methods | |
|---|---|
create |
POST /v1/{name=projects/*/serviceAccounts/*}/keys Creates a ServiceAccountKey. |
delete |
DELETE /v1/{name=projects/*/serviceAccounts/*/keys/*} Deletes a ServiceAccountKey. |
get |
GET /v1/{name=projects/*/serviceAccounts/*/keys/*} Gets a ServiceAccountKey. |
list |
GET /v1/{name=projects/*/serviceAccounts/*}/keys Lists every ServiceAccountKey for a service account. |
upload |
POST /v1/{name=projects/*/serviceAccounts/*}/keys:upload Creates a ServiceAccountKey, using a public key that you provide. |
REST Resource: v1.roles
| Methods | |
|---|---|
get |
GET /v1/{name=roles/*} Gets the definition of a Role. |
list |
GET /v1/roles Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project. |
queryGrantableRoles |
POST /v1/roles:queryGrantableRoles Lists roles that can be granted on a Google Cloud resource. |