このページでは、ローカルマシンで Service Control API を設定し、curl コマンドでテストするために必要な基本的な手順について説明します。
初期設定
Service Control API はマネージド サービスと連携します。Service Control API を使用するには、まず Service Management API を使用してマネージド サービスを作成する必要があります。詳細については、Service Management スタートガイドをご覧ください。
マネージド サービスを作成したら、マネージド サービスから Service Control API を使用する前に、以下の手順を完了する必要があります。
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
次のシェルコマンド シーケンスでは、段階的に Service Control API を呼び出しています。
# Call with invalid service name "invalid.com". For security and privacy
# reasons, the permission check typically happens before other checks.
$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/invalid.com:check
{
"error": {
"code": 403,
"message": "Permission 'servicemanagement.services.check' denied on service 'invalid.com'.",
"status": "PERMISSION_DENIED"
}
}
# Call without proper permission on a service.
$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/servicecontrol.googleapis.com:check
{
"error": {
"code": 403,
"message": "Permission 'servicemanagement.services.check' denied on service 'servicecontrol.googleapis.com'.",
"status": "PERMISSION_DENIED"
}
}
# Call with invalid request.
$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check
{
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"status": "INVALID_ARGUMENT"
}
}
# This and following call assume that the service, operation name and
# project being checked are "endpointsapis.appspot.com",
# "google.example.hello.v1.HelloService.GetHello" and
# "endpointsapis-consumer" correspondingly.
# Change to the name of your managed service, operation, and project.
# Call with invalid request.
$ gcurl -d '{
"operation": {
"operationId": "123e4567-e89b-12d3-a456-426655440000",
"consumerId": "project:endpointsapis-consumer",
"startTime": "2016-06-12T22:00:15Z",
"operationName": "google.example.hello.v1.HelloService.GetHello"
}
}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check
{
"checkErrors": [
{
"code": "SERVICE_NOT_ACTIVATED",
"detail": "Service 'endpointsapis.appspot.com' is not enabled for consumer 'project:endpointsapis-consumer'."
}
]
}
# Successful call to "services.check" method after the API is enabled for
# the project.
$ gcurl -d '{
"operation": {
"operationId": "123e4567-e89b-12d3-a456-426655440000",
"consumerId": "project:endpointsapis-consumer",
"startTime":"2016-07-31T05:20:00Z",
"operationName":"google.example.hello.v1.HelloService.GetHello"
}
}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check
{
"operationId": "123e4567-e89b-12d3-a456-426655440000"
}
前述の手順が完了すると、次のようになります。
Google Cloud Platform API を呼び出す場合に使用できる便利なローカルテストが設定されます。
[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["わかりにくい","hardToUnderstand","thumb-down"],["情報またはサンプルコードが不正確","incorrectInformationOrSampleCode","thumb-down"],["必要な情報 / サンプルがない","missingTheInformationSamplesINeed","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["その他","otherDown","thumb-down"]],["最終更新日 2025-09-04 UTC。"],[],[],null,["# Getting Started with the Service Control API\n\nThis page describes the basic steps necessary to set up the Service Control API\non your local machine and test it using the `curl` command.\n\nInitial setup\n-------------\n\nThe Service Control API works with\n[managed services](/service-infrastructure/docs/glossary#managed). To use the\nService Control API, you need to first create a managed service using\nthe Service Management API. For more information, see\n[Service Management Getting Started](/service-infrastructure/docs/service-management/getting-started).\n\nAfter you have created a managed service, you need to complete the following\nsteps before using the Service Control API from your managed service.\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n- [Create or select a Google Cloud project](https://cloud.google.com/resource-manager/docs/creating-managing-projects).\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n - Create a Google Cloud project:\n\n ```\n gcloud projects create PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with a name for the Google Cloud project you are creating.\n - Select the Google Cloud project that you created:\n\n ```\n gcloud config set project PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with your Google Cloud project name.\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Service Control API:\n\n\n ```bash\n gcloud services enable servicecontrol.googleapis.com\n ```\n-\n Grant roles to your user account. Run the following command once for each of the following\n IAM roles:\n `roles/servicemanagement.serviceController`\n\n ```bash\n gcloud projects add-iam-policy-binding PROJECT_ID --member=\"user:\u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e\" --role=ROLE\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: your project ID.\n - \u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e: the identifier for your user account---for example, `myemail@example.com`.\n - \u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e: the IAM role that you grant to your user account.\n\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n- [Create or select a Google Cloud project](https://cloud.google.com/resource-manager/docs/creating-managing-projects).\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n - Create a Google Cloud project:\n\n ```\n gcloud projects create PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with a name for the Google Cloud project you are creating.\n - Select the Google Cloud project that you created:\n\n ```\n gcloud config set project PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with your Google Cloud project name.\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Service Control API:\n\n\n ```bash\n gcloud services enable servicecontrol.googleapis.com\n ```\n-\n Grant roles to your user account. Run the following command once for each of the following\n IAM roles:\n `roles/servicemanagement.serviceController`\n\n ```bash\n gcloud projects add-iam-policy-binding PROJECT_ID --member=\"user:\u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e\" --role=ROLE\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: your project ID.\n - \u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e: the identifier for your user account---for example, `myemail@example.com`.\n - \u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e: the IAM role that you grant to your user account.\n\n\u003cbr /\u003e\n\nTest with curl\n--------------\n\nFirst, define a convenient shell alias for calling Google REST APIs: \n\n```\nalias gcurl='curl -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type: application/json\" '\n```\n\nThe following shell command sequence demonstrates the incremental steps to call\nthe Service Control API. \n\n```\n# Call with invalid service name \"invalid.com\". For security and privacy\n# reasons, the permission check typically happens before other checks.\n$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/invalid.com:check\n{\n \"error\": {\n \"code\": 403,\n \"message\": \"Permission 'servicemanagement.services.check' denied on service 'invalid.com'.\",\n \"status\": \"PERMISSION_DENIED\"\n }\n}\n\n# Call without proper permission on a service.\n$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/servicecontrol.googleapis.com:check\n{\n \"error\": {\n \"code\": 403,\n \"message\": \"Permission 'servicemanagement.services.check' denied on service 'servicecontrol.googleapis.com'.\",\n \"status\": \"PERMISSION_DENIED\"\n }\n}\n\n# Call with invalid request.\n$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check\n{\n \"error\": {\n \"code\": 400,\n \"message\": \"Request contains an invalid argument.\",\n \"status\": \"INVALID_ARGUMENT\"\n }\n}\n\n# This and following call assume that the service, operation name and\n# project being checked are \"endpointsapis.appspot.com\",\n# \"google.example.hello.v1.HelloService.GetHello\" and\n# \"endpointsapis-consumer\" correspondingly.\n# Change to the name of your managed service, operation, and project.\n# Call with invalid request.\n$ gcurl -d '{\n \"operation\": {\n \"operationId\": \"123e4567-e89b-12d3-a456-426655440000\",\n \"consumerId\": \"project:endpointsapis-consumer\",\n \"startTime\": \"2016-06-12T22:00:15Z\",\n \"operationName\": \"google.example.hello.v1.HelloService.GetHello\"\n }\n}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check\n{\n \"checkErrors\": [\n {\n \"code\": \"SERVICE_NOT_ACTIVATED\",\n \"detail\": \"Service 'endpointsapis.appspot.com' is not enabled for consumer 'project:endpointsapis-consumer'.\"\n }\n ]\n}\n\n# Successful call to \"services.check\" method after the API is enabled for\n# the project.\n$ gcurl -d '{\n \"operation\": {\n \"operationId\": \"123e4567-e89b-12d3-a456-426655440000\",\n \"consumerId\": \"project:endpointsapis-consumer\",\n \"startTime\":\"2016-07-31T05:20:00Z\",\n \"operationName\":\"google.example.hello.v1.HelloService.GetHello\"\n }\n}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check\n{\n \"operationId\": \"123e4567-e89b-12d3-a456-426655440000\"\n}\n```\n\nAfter you have completed the preceding steps:\n\n- You have a functional local test setup that you can use to call any Google Cloud Platform APIs.\n- You have a functional service that you can use with the [Service Management API](/service-infrastructure/docs/service-management/reference/rest) and the [Service Control API](/service-infrastructure/docs/service-control/reference/rest).\n- You have a service account with correct permissions that you can use to run your service."]]
