Google Identity and Access Management (IAM) API

Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls.

Service: iam.googleapis.com

All URIs below are relative to https://iam.googleapis.com

This service provides the following discovery document:

Collection: v1.organizations.roles

Methods
create POST /v1/{parent=organizations/*}/roles
Creates a new Role.
delete DELETE /v1/{name=organizations/*/roles/*}
Soft deletes a role.
get GET /v1/{name=organizations/*/roles/*}
Gets a Role definition.
list GET /v1/{parent=organizations/*}/roles
Lists the Roles defined on a resource.
patch PATCH /v1/{name=organizations/*/roles/*}
Updates a Role definition.
undelete POST /v1/{name=organizations/*/roles/*}:undelete
Undelete a Role, bringing it back in its previous state.

Collection: v1.permissions

Methods
queryTestablePermissions POST /v1/permissions:queryTestablePermissions
Lists the permissions testable on a resource.

Collection: v1.projects.roles

Methods
create POST /v1/{parent=projects/*}/roles
Creates a new Role.
delete DELETE /v1/{name=projects/*/roles/*}
Soft deletes a role.
get GET /v1/{name=projects/*/roles/*}
Gets a Role definition.
list GET /v1/{parent=projects/*}/roles
Lists the Roles defined on a resource.
patch PATCH /v1/{name=projects/*/roles/*}
Updates a Role definition.
undelete POST /v1/{name=projects/*/roles/*}:undelete
Undelete a Role, bringing it back in its previous state.

Collection: v1.projects.serviceAccounts

Methods
create POST /v1/{name=projects/*}/serviceAccounts
Creates a ServiceAccount and returns it.
delete DELETE /v1/{name=projects/*/serviceAccounts/*}
Deletes a ServiceAccount.
get GET /v1/{name=projects/*/serviceAccounts/*}
Gets a ServiceAccount.
getIamPolicy POST /v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy
Returns the IAM access control policy for a ServiceAccount.
list GET /v1/{name=projects/*}/serviceAccounts
Lists ServiceAccounts for a project.
setIamPolicy POST /v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy
Sets the IAM access control policy for a ServiceAccount.
signBlob POST /v1/{name=projects/*/serviceAccounts/*}:signBlob
Signs a blob using a service account's system-managed private key.
signJwt POST /v1/{name=projects/*/serviceAccounts/*}:signJwt
Signs a JWT using a service account's system-managed private key.
testIamPermissions POST /v1/{resource=projects/*/serviceAccounts/*}:testIamPermissions
Tests the specified permissions against the IAM access control policy for a ServiceAccount.
update PUT /v1/{name=projects/*/serviceAccounts/*}
Updates a ServiceAccount.

Collection: v1.projects.serviceAccounts.keys

Methods
create POST /v1/{name=projects/*/serviceAccounts/*}/keys
Creates a ServiceAccountKey and returns it.
delete DELETE /v1/{name=projects/*/serviceAccounts/*/keys/*}
Deletes a ServiceAccountKey.
get GET /v1/{name=projects/*/serviceAccounts/*/keys/*}
Gets the ServiceAccountKey by key id.
list GET /v1/{name=projects/*/serviceAccounts/*}/keys
Lists ServiceAccountKeys.

Collection: v1.roles

Methods
get GET /v1/{name=roles/*}
Gets a Role definition.
list GET /v1/roles
Lists the Roles defined on a resource.
queryGrantableRoles POST /v1/roles:queryGrantableRoles
Queries roles that can be granted on a particular resource.

Send feedback about...

Cloud Identity and Access Management