Method: projects.serviceAccounts.signBlob

Signs a blob using a service account's system-managed private key.

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:signBlob

The URL uses Google API HTTP annotation syntax.

Path parameters

Parameters
name

string

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}. Using - as a wildcard for the project will infer the project from the account. The account value can be the email address or the uniqueId of the service account.

Authorization requires the following Google IAM permission on the specified resource name:

  • iam.serviceAccounts.signBlob

Request body

The request body contains data with the following structure:

JSON representation
{
  "bytesToSign": string,
}
Fields
bytesToSign

string (bytes format)

The bytes to sign.

A base64-encoded string.

Response body

If successful, the response body contains data with the following structure:

The service account sign blob response.

JSON representation
{
  "keyId": string,
  "signature": string,
}
Fields
keyId

string

The id of the key used to sign the blob.

signature

string (bytes format)

The signed blob.

A base64-encoded string.

Authorization

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Auth Guide.

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Cloud Identity and Access Management