Method: projects.serviceAccounts.signBlob

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
Examples
Try it!

Note: This method is deprecated. Use the signBlob method in the IAM Service Account Credentials API instead. If you currently use this method, see the migration guide for instructions.

Signs a blob using the system-managed private key for a ServiceAccount.

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:signBlob

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`name (deprecated)`	`string` Required. Deprecated. Migrate to Service Account Credentials API. The resource name of the service account. Use one of the following formats: `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: `projects/-/serviceAccounts/{EMAIL_ADDRESS}` `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error. Authorization requires the following IAM permission on the specified resource `name`: `iam.serviceAccounts.signBlob`

name
(deprecated)

string

Required. Deprecated. Migrate to Service Account Credentials API.

The resource name of the service account.

Use one of the following formats:

projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}
projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}

As an alternative, you can use the - wildcard character instead of the project ID:

projects/-/serviceAccounts/{EMAIL_ADDRESS}
projects/-/serviceAccounts/{UNIQUE_ID}

When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.

Authorization requires the following IAM permission on the specified resource name:

iam.serviceAccounts.signBlob

Request body

The request body contains data with the following structure:

JSON representation
{ "bytesToSign": string }

Fields

Fields
`bytesToSign (deprecated)`	`string (bytes format)` Required. Deprecated. Migrate to Service Account Credentials API. The bytes to sign. A base64-encoded string.

bytesToSign
(deprecated)

string (bytes format)

Required. Deprecated. Migrate to Service Account Credentials API.

The bytes to sign.

A base64-encoded string.

Response body

Deprecated. Migrate to Service Account Credentials API.

The service account sign blob response.

If successful, the response body contains data with the following structure:

JSON representation
{ "keyId": string, "signature": string }

Fields

Fields
`keyId (deprecated)`	`string` This item is deprecated! Deprecated. Migrate to Service Account Credentials API. The id of the key used to sign the blob.
`signature (deprecated)`	`string (bytes format)` This item is deprecated! Deprecated. Migrate to Service Account Credentials API. The signed blob. A base64-encoded string.

keyId
(deprecated)

string

Deprecated. Migrate to Service Account Credentials API.

The id of the key used to sign the blob.

signature
(deprecated)

string (bytes format)

Deprecated. Migrate to Service Account Credentials API.

The signed blob.

A base64-encoded string.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.