Method: projects.serviceAccounts.keys.create

Creates a ServiceAccountKey and returns it.

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}/keys

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the uniqueId of the service account.

Authorization requires the following Google IAM permission on the specified resource name:

  • iam.serviceAccountKeys.create

Request body

The request body contains data with the following structure:

JSON representation
{
  "privateKeyType": enum(ServiceAccountPrivateKeyType),
  "keyAlgorithm": enum(ServiceAccountKeyAlgorithm)
}
Fields
privateKeyType

enum(ServiceAccountPrivateKeyType)

The output format of the private key. The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which is the Google Credentials File format.

keyAlgorithm

enum(ServiceAccountKeyAlgorithm)

Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.

Response body

If successful, the response body contains a newly created instance of ServiceAccountKey.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Try it!

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Identity and Access Management