Troubleshooting

This page contains troubleshooting information for each version of the following Service Infrastructure APIs:

• The Service Management API
• The Service Control API
• The Service Consumer Management API

How do I handle Service Control API errors in general?

The Service Control API provides control plane functionality, such as logging, monitoring, to managed services. Therefore, the callers of the Service Control API typically are server applications. Here are general recommendations on how to handle errors at the REST/RPC API level:

• Your server should log all errors returned by the Service Control API and you can use the data to toubleshoot your managed service.
• If your server receives 429 errors from the Service Control API, it should return 429 errors to its clients.
• If your server cannot access the Service Control API, it can choose to either fail-open (ignore the error) or fail-close (return 503 to its client).
• If your server receives 500 errors from the Service Control API, it should return 500 error to its clients. Such errors typically mean bugs within the Service Control API.
• If your server receives other errors from the Service Control API, it should return 500 error to its clients. Such errors typically mean bugs within your managed service.

What does the "service not enabled" error mean?

To use any Google API service, you need to have a Google Cloud project, enable the service for that project, and pass an API key or an OAuth access token associated with the project for each API request. See Auth Guide for details. To fix this error, you need to enable the service for your project using the Google Cloud console, Google Cloud CLI, or Service Usage API. To learn how to enable a service, see Enabling and Disabling Services.

How do I fix permission denied errors?

Such errors typically mean the caller doesn't have the right Identity and Access Management permission on certain resources. For information on the required permissions for each of the following Service Infrastructure APIs, see the respective Access Control page:

• Service Control API Access Control
• Service Management API Access Control

How do I perform a retry on API errors?

It is recommended to perform a retry with exponential intervals plus randomness. The minimum retry interval should be 30s for 429 quota errors; 1s for 500 and 503 server errors. For other errors, retry should only be performed based on additional error information. See google.rpc.Code for more details.

How do I request higher API quota?

To learn how to apply for higher quota for each of the following Service Infrastructure APIs, visit the respective section of the Quotas and Limits page:

• Service Control API Quota
• Service Consumer Management API Quota
• Service Management API Quota

How do I fix "Ownership for domain name cannot be verified" errors?

This error indicates the caller does not have the ownership of the domain name used for the managed service name specified in a service configuration. Follow the guide to use a valid domain.