이 페이지에서는 로컬 머신에서 Service Control API를 설정하고 curl 명령어를 사용하여 테스트하는 데 필요한 기본 단계를 설명합니다.
초기 설정
Service Control API는 관리형 서비스와 함께 사용됩니다. Service Control API를 사용하려면 먼저 Service Management API를 사용하여 관리형 서비스를 만들어야 합니다. 자세한 내용은 Service Management 시작하기를 참조하세요.
관리형 서비스를 만든 후에는 관리형 서비스에서 Service Control API를 사용하기 전에 다음 단계를 완료해야 합니다.
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
다음 셸 명령어 시퀀스는 Service Control API를 호출하기 위한 점진적 단계를 보여줍니다.
# Call with invalid service name "invalid.com". For security and privacy
# reasons, the permission check typically happens before other checks.
$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/invalid.com:check
{
"error": {
"code": 403,
"message": "Permission 'servicemanagement.services.check' denied on service 'invalid.com'.",
"status": "PERMISSION_DENIED"
}
}
# Call without proper permission on a service.
$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/servicecontrol.googleapis.com:check
{
"error": {
"code": 403,
"message": "Permission 'servicemanagement.services.check' denied on service 'servicecontrol.googleapis.com'.",
"status": "PERMISSION_DENIED"
}
}
# Call with invalid request.
$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check
{
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"status": "INVALID_ARGUMENT"
}
}
# This and following call assume that the service, operation name and
# project being checked are "endpointsapis.appspot.com",
# "google.example.hello.v1.HelloService.GetHello" and
# "endpointsapis-consumer" correspondingly.
# Change to the name of your managed service, operation, and project.
# Call with invalid request.
$ gcurl -d '{
"operation": {
"operationId": "123e4567-e89b-12d3-a456-426655440000",
"consumerId": "project:endpointsapis-consumer",
"startTime": "2016-06-12T22:00:15Z",
"operationName": "google.example.hello.v1.HelloService.GetHello"
}
}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check
{
"checkErrors": [
{
"code": "SERVICE_NOT_ACTIVATED",
"detail": "Service 'endpointsapis.appspot.com' is not enabled for consumer 'project:endpointsapis-consumer'."
}
]
}
# Successful call to "services.check" method after the API is enabled for
# the project.
$ gcurl -d '{
"operation": {
"operationId": "123e4567-e89b-12d3-a456-426655440000",
"consumerId": "project:endpointsapis-consumer",
"startTime":"2016-07-31T05:20:00Z",
"operationName":"google.example.hello.v1.HelloService.GetHello"
}
}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check
{
"operationId": "123e4567-e89b-12d3-a456-426655440000"
}
이전 단계를 완료한 후에는 다음과 같은 결과를 얻어야 합니다.
Google Cloud Platform API를 호출하는 데 사용할 수 있는 로컬 테스트 설정이 있으며 제대로 작동합니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[],[],null,["# Getting Started with the Service Control API\n\nThis page describes the basic steps necessary to set up the Service Control API\non your local machine and test it using the `curl` command.\n\nInitial setup\n-------------\n\nThe Service Control API works with\n[managed services](/service-infrastructure/docs/glossary#managed). To use the\nService Control API, you need to first create a managed service using\nthe Service Management API. For more information, see\n[Service Management Getting Started](/service-infrastructure/docs/service-management/getting-started).\n\nAfter you have created a managed service, you need to complete the following\nsteps before using the Service Control API from your managed service.\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n- [Create or select a Google Cloud project](https://cloud.google.com/resource-manager/docs/creating-managing-projects).\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n - Create a Google Cloud project:\n\n ```\n gcloud projects create PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with a name for the Google Cloud project you are creating.\n - Select the Google Cloud project that you created:\n\n ```\n gcloud config set project PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with your Google Cloud project name.\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Service Control API:\n\n\n ```bash\n gcloud services enable servicecontrol.googleapis.com\n ```\n-\n Grant roles to your user account. Run the following command once for each of the following\n IAM roles:\n `roles/servicemanagement.serviceController`\n\n ```bash\n gcloud projects add-iam-policy-binding PROJECT_ID --member=\"user:\u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e\" --role=ROLE\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: your project ID.\n - \u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e: the identifier for your user account---for example, `myemail@example.com`.\n - \u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e: the IAM role that you grant to your user account.\n\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n- [Create or select a Google Cloud project](https://cloud.google.com/resource-manager/docs/creating-managing-projects).\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n - Create a Google Cloud project:\n\n ```\n gcloud projects create PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with a name for the Google Cloud project you are creating.\n - Select the Google Cloud project that you created:\n\n ```\n gcloud config set project PROJECT_ID\n ```\n\n Replace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with your Google Cloud project name.\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Service Control API:\n\n\n ```bash\n gcloud services enable servicecontrol.googleapis.com\n ```\n-\n Grant roles to your user account. Run the following command once for each of the following\n IAM roles:\n `roles/servicemanagement.serviceController`\n\n ```bash\n gcloud projects add-iam-policy-binding PROJECT_ID --member=\"user:\u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e\" --role=ROLE\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: your project ID.\n - \u003cvar translate=\"no\"\u003eUSER_IDENTIFIER\u003c/var\u003e: the identifier for your user account---for example, `myemail@example.com`.\n - \u003cvar translate=\"no\"\u003eROLE\u003c/var\u003e: the IAM role that you grant to your user account.\n\n\u003cbr /\u003e\n\nTest with curl\n--------------\n\nFirst, define a convenient shell alias for calling Google REST APIs: \n\n```\nalias gcurl='curl -H \"Authorization: Bearer $(gcloud auth print-access-token)\" -H \"Content-Type: application/json\" '\n```\n\nThe following shell command sequence demonstrates the incremental steps to call\nthe Service Control API. \n\n```\n# Call with invalid service name \"invalid.com\". For security and privacy\n# reasons, the permission check typically happens before other checks.\n$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/invalid.com:check\n{\n \"error\": {\n \"code\": 403,\n \"message\": \"Permission 'servicemanagement.services.check' denied on service 'invalid.com'.\",\n \"status\": \"PERMISSION_DENIED\"\n }\n}\n\n# Call without proper permission on a service.\n$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/servicecontrol.googleapis.com:check\n{\n \"error\": {\n \"code\": 403,\n \"message\": \"Permission 'servicemanagement.services.check' denied on service 'servicecontrol.googleapis.com'.\",\n \"status\": \"PERMISSION_DENIED\"\n }\n}\n\n# Call with invalid request.\n$ gcurl -d '{}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check\n{\n \"error\": {\n \"code\": 400,\n \"message\": \"Request contains an invalid argument.\",\n \"status\": \"INVALID_ARGUMENT\"\n }\n}\n\n# This and following call assume that the service, operation name and\n# project being checked are \"endpointsapis.appspot.com\",\n# \"google.example.hello.v1.HelloService.GetHello\" and\n# \"endpointsapis-consumer\" correspondingly.\n# Change to the name of your managed service, operation, and project.\n# Call with invalid request.\n$ gcurl -d '{\n \"operation\": {\n \"operationId\": \"123e4567-e89b-12d3-a456-426655440000\",\n \"consumerId\": \"project:endpointsapis-consumer\",\n \"startTime\": \"2016-06-12T22:00:15Z\",\n \"operationName\": \"google.example.hello.v1.HelloService.GetHello\"\n }\n}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check\n{\n \"checkErrors\": [\n {\n \"code\": \"SERVICE_NOT_ACTIVATED\",\n \"detail\": \"Service 'endpointsapis.appspot.com' is not enabled for consumer 'project:endpointsapis-consumer'.\"\n }\n ]\n}\n\n# Successful call to \"services.check\" method after the API is enabled for\n# the project.\n$ gcurl -d '{\n \"operation\": {\n \"operationId\": \"123e4567-e89b-12d3-a456-426655440000\",\n \"consumerId\": \"project:endpointsapis-consumer\",\n \"startTime\":\"2016-07-31T05:20:00Z\",\n \"operationName\":\"google.example.hello.v1.HelloService.GetHello\"\n }\n}' https://servicecontrol.googleapis.com/v1/services/endpointsapis.appspot.com:check\n{\n \"operationId\": \"123e4567-e89b-12d3-a456-426655440000\"\n}\n```\n\nAfter you have completed the preceding steps:\n\n- You have a functional local test setup that you can use to call any Google Cloud Platform APIs.\n- You have a functional service that you can use with the [Service Management API](/service-infrastructure/docs/service-management/reference/rest) and the [Service Control API](/service-infrastructure/docs/service-control/reference/rest).\n- You have a service account with correct permissions that you can use to run your service."]]
