REST Resource: projects.serviceAccounts

Resource: ServiceAccount

A service account in the Identity and Access Management API.

To create a service account, specify the projectId and the accountId for the account. The accountId is unique within the project, and is used to generate the service account email address and a stable uniqueId.

If the account already exists, the account's resource name is returned in util::Status's ResourceInfo.resource_name in the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller can use the name in other methods to access the account.

All other methods can identify the service account using the format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the uniqueId of the service account.

JSON representation
{
  "name": string,
  "projectId": string,
  "uniqueId": string,
  "email": string,
  "displayName": string,
  "etag": string,
  "oauth2ClientId": string,
}
Fields
name

string

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}.

Requests using - as a wildcard for the PROJECT_ID will infer the project from the account and the ACCOUNT value can be the email address or the uniqueId of the service account.

In responses the resource name will always be in the format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}.

projectId

string

The id of the project that owns the service account.

Note: This field is used in responses only. Any value specified here in a request is ignored.

uniqueId

string

The unique and stable id of the service account.

Note: This field is used in responses only. Any value specified here in a request is ignored.

email

string

The email address of the service account.

Note: This field is used in responses only. Any value specified here in a request is ignored.

displayName

string

Optional. A user-specified description of the service account. Must be fewer than 100 UTF-8 bytes.

etag

string (bytes format)

Used to perform a consistent read-modify-write.

A base64-encoded string.

oauth2ClientId

string

. The OAuth2 client id for the service account. This is used in conjunction with the OAuth2 clientconfig API to make three legged OAuth2 (3LO) flows to access the data of Google users.

Note: This field is used in responses only. Any value specified here in a request is ignored.

Methods

create

Creates a ServiceAccount and returns it.

delete

Deletes a ServiceAccount.

get

Gets a ServiceAccount.

getIamPolicy

Returns the IAM access control policy for a ServiceAccount.

list

Lists ServiceAccounts for a project.

setIamPolicy

Sets the IAM access control policy for a ServiceAccount.

signBlob

Signs a blob using a service account's system-managed private key.

signJwt

Signs a JWT using a service account's system-managed private key.

testIamPermissions

Tests the specified permissions against the IAM access control policy for a ServiceAccount.

update

Updates a ServiceAccount.

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Cloud Identity and Access Management