Package google.api

Index

Advice

Generated advice about this change, used for providing more information about how a change will affect the existing service.

Fields
description

string

Useful description for why this advice was applied and what actions should be taken to mitigate any implied risks.

AuthProvider

Configuration for an anthentication provider, including support for JSON Web Token (JWT).

Fields
id

string

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

issuer

string

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

jwks_uri

string

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document: - can be retrieved from [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of the issuer. - can be inferred from the email domain of the issuer (e.g. a Google service account).

Example: https://www.googleapis.com/oauth2/v1/certs

audiences

string

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://Service_name/API_name" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService".

Example:

audiences: bookstore_android.apps.googleusercontent.com,
           bookstore_web.apps.googleusercontent.com

authorization_url

string

Redirect URL if JWT token is required but no present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

AuthRequirement

User-defined authentication requirements, including support for JSON Web Token (JWT).

Fields
provider_id

string

id from authentication provider.

Example:

provider_id: bookstore_auth

audiences

string

NOTE: This will be deprecated soon, once AuthProvider.audiences is implemented and accepted in all the runtime components.

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://Service_name/API_name" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService".

Example:

audiences: bookstore_android.apps.googleusercontent.com,
           bookstore_web.apps.googleusercontent.com

Authentication

Authentication defines the authentication configuration for an API.

Example for an API targeted for external use:

name: calendar.googleapis.com
authentication:
  providers:
  - id: google_calendar_auth
    jwks_uri: https://www.googleapis.com/oauth2/v1/certs
    issuer: https://securetoken.google.com
  rules:
  - selector: "*"
    requirements:
      provider_id: google_calendar_auth
Fields
rules[]

AuthenticationRule

A list of authentication rules that apply to individual API methods.

NOTE: All service configuration rules follow "last one wins" order.

providers[]

AuthProvider

Defines a set of authentication providers that a service supports.

AuthenticationRule

Authentication rules for the service.

By default, if a method has any authentication requirements, every request must include a valid credential matching one of the requirements. It's an error to include more than one kind of credential in a single request.

If a method doesn't have any auth requirements, request credentials will be ignored.

Fields
selector

string

Selects the methods to which this rule applies.

Refer to selector for syntax details.

oauth

OAuthRequirements

The requirements for OAuth credentials.

custom_auth

CustomAuthRequirements

Configuration for custom authentication.

allow_without_credential

bool

Whether to allow requests without a credential. The credential can be an OAuth token, Google cookies (first-party auth) or EndUserCreds.

For requests without credentials, if the service control environment is specified, each incoming request must be associated with a service consumer. This can be done by passing an API key that belongs to a consumer project.

requirements[]

AuthRequirement

Requirements for additional authentication providers.

AuthorizationConfig

Configuration of authorization.

This section determines the authorization provider, if unspecified, then no authorization check will be done.

Example:

experimental:
  authorization:
    provider: firebaserules.googleapis.com
Fields
provider

string

The name of the authorization provider, such as firebaserules.googleapis.com.

Backend

Backend defines the backend configuration for a service.

Fields
rules[]

BackendRule

A list of API backend rules that apply to individual API methods.

NOTE: All service configuration rules follow "last one wins" order.

BackendRule

A backend rule provides configuration for an individual API element.

Fields
selector

string

Selects the methods to which this rule applies.

Refer to selector for syntax details.

address

string

The address of the API backend.

deadline

double

The number of seconds to wait for a response from a request. The default deadline for gRPC is infinite (no deadline) and HTTP requests is 5 seconds.

min_deadline

double

Minimum deadline in seconds needed for this method. Calls having deadline value lower than this will be rejected.

Billing

Billing related configuration of the service.

The following example shows how to configure monitored resources and metrics for billing:

monitored_resources:
- type: library.googleapis.com/branch
  labels:
  - key: /city
    description: The city where the library branch is located in.
  - key: /name
    description: The name of the branch.
metrics:
- name: library.googleapis.com/book/borrowed_count
  metric_kind: DELTA
  value_type: INT64
billing:
  consumer_destinations:
  - monitored_resource: library.googleapis.com/branch
    metrics:
    - library.googleapis.com/book/borrowed_count
Fields
consumer_destinations[]

BillingDestination

Billing configurations for sending metrics to the consumer project. There can be multiple consumer destinations per service, each one must have a different monitored resource type. A metric can be used in at most one consumer destination.

BillingDestination

Configuration of a specific billing destination (Currently only support bill against consumer project).

Fields
monitored_resource

string

The monitored resource type. The type must be defined in Service.monitored_resources section.

metrics[]

string

Names of the metrics to report to this billing destination. Each name must be defined in Service.metrics section.

ChangeType

Classifies set of possible modifications to an object in the service configuration.

Enums
CHANGE_TYPE_UNSPECIFIED No value was provided.
ADDED The changed object exists in the 'new' service configuration, but not in the 'old' service configuration.
REMOVED The changed object exists in the 'old' service configuration, but not in the 'new' service configuration.
MODIFIED The changed object exists in both service configurations, but its value is different.

ConfigChange

Output generated from semantically comparing two versions of a service configuration.

Includes detailed information about a field that have changed with applicable advice about potential consequences for the change, such as backwards-incompatibility.

Fields
element

string

Object hierarchy path to the change, with levels separated by a '.' character. For repeated fields, an applicable unique identifier field is used for the index (usually selector, name, or id). For maps, the term 'key' is used. If the field has no unique identifier, the numeric index is used. Examples: - visibility.rules[selector=="google.LibraryService.CreateBook"].restriction - quota.metric_rules[selector=="google"].metric_costs[key=="reads"].value - logging.producer_destinations[0]

old_value

string

Value of the changed object in the old Service configuration, in JSON format. This field will not be populated if ChangeType == ADDED.

new_value

string

Value of the changed object in the new Service configuration, in JSON format. This field will not be populated if ChangeType == REMOVED.

change_type

ChangeType

The type for this change, either ADDED, REMOVED, or MODIFIED.

advices[]

Advice

Collection of advice provided for this change, useful for determining the possible impact of this change.

Context

Context defines which contexts an API requests.

Example:

context:
  rules:
  - selector: "*"
    requested:
    - google.rpc.context.ProjectContext
    - google.rpc.context.OriginContext

The above specifies that all methods in the API request google.rpc.context.ProjectContext and google.rpc.context.OriginContext.

Available context types are defined in package google.rpc.context.

Fields
rules[]

ContextRule

A list of RPC context rules that apply to individual API methods.

NOTE: All service configuration rules follow "last one wins" order.

ContextRule

A context rule provides information about the context for an individual API element.

Fields
selector

string

Selects the methods to which this rule applies.

Refer to selector for syntax details.

requested[]

string

A list of full type names of requested contexts.

provided[]

string

A list of full type names of provided contexts.

Control

Selects and configures the service controller used by the service. The service controller handles features like abuse, quota, billing, logging, monitoring, etc.

Fields
environment

string

The service control environment to use. If empty, no control plane feature (like quota and billing) will be enabled.

CustomAuthRequirements

Configuration for a custom authentication provider.

Fields
provider

string

A configuration string containing connection information for the authentication provider, typically formatted as a SmartService string (go/smartservice).

CustomError

Customize service error responses. For example, list any service specific protobuf types that can appear in error detail lists of error responses.

Example:

custom_error:
  types:
  - google.foo.v1.CustomError
  - google.foo.v1.AnotherError
Fields
rules[]

CustomErrorRule

The list of custom error rules that apply to individual API messages.

NOTE: All service configuration rules follow "last one wins" order.

types[]

string

The list of custom error detail types, e.g. 'google.foo.v1.CustomError'.

CustomErrorRule

A custom error rule.

Fields
selector

string

Selects messages to which this rule applies.

Refer to selector for syntax details.

is_error_type

bool

Mark this message as possible payload in error response. Otherwise, objects of this type will be filtered when they appear in error payload.

CustomHttpPattern

A custom pattern is used for defining custom HTTP verb.

Fields
kind

string

The name of this custom HTTP verb.

path

string

The path matched by this custom verb.

Documentation

Documentation provides the information for describing a service.

Example:

documentation:
  summary: >
    The Google Calendar API gives access
    to most calendar features.
  pages:
  - name: Overview
    content: (== include google/foo/overview.md ==)
  - name: Tutorial
    content: (== include google/foo/tutorial.md ==)
    subpages;
    - name: Java
      content: (== include google/foo/tutorial_java.md ==)
  rules:
  - selector: google.calendar.Calendar.Get
    description: >
      ...
  - selector: google.calendar.Calendar.Put
    description: >
      ...

Documentation is provided in markdown syntax. In addition to standard markdown features, definition lists, tables and fenced code blocks are supported. Section headers can be provided and are interpreted relative to the section nesting of the context where a documentation fragment is embedded.

Documentation from the IDL is merged with documentation defined via the config at normalization time, where documentation provided by config rules overrides IDL provided.

A number of constructs specific to the API platform are supported in documentation text.

In order to reference a proto element, the following notation can be used:

[fully.qualified.proto.name][]

To override the display text used for the link, this can be used:

[display text][fully.qualified.proto.name]

Text can be excluded from doc using the following notation:

(-- internal comment --)

Comments can be made conditional using a visibility label. The below text will be only rendered if the BETA label is available:

(--BETA: comment for BETA users --)

A few directives are available in documentation. Note that directives must appear on a single line to be properly identified. The include directive includes a markdown file from an external source:

(== include path/to/file ==)

The resource_for directive marks a message to be the resource of a collection in REST view. If it is not specified, tools attempt to infer the resource from the operations in a collection:

(== resource_for v1.shelves.books ==)

The directive suppress_warning does not directly affect documentation and is documented together with service config validation.

Fields
summary

string

A short summary of what the service does. Can only be provided by plain text.

pages[]

Page

The top level pages for the documentation set.

rules[]

DocumentationRule

A list of documentation rules that apply to individual API elements.

NOTE: All service configuration rules follow "last one wins" order.

documentation_root_url

string

The URL to the root of documentation.

overview

string

Declares a single overview page. For example:

documentation:
  summary: ...
  overview: (== include overview.md ==)

This is a shortcut for the following declaration (using pages style):

documentation:
  summary: ...
  pages:
  - name: Overview
    content: (== include overview.md ==)

Note: you cannot specify both overview field and pages field.

DocumentationRule

A documentation rule provides information about individual API elements.

Fields
selector

string

The selector is a comma-separated list of patterns. Each pattern is a qualified name of the element which may end in "*", indicating a wildcard. Wildcards are only allowed at the end and for a whole component of the qualified name, i.e. "foo.*" is ok, but not "foo.b*" or "foo.*.bar". To specify a default for all applicable elements, the whole pattern "*" is used.

description

string

Description of the selected API(s).

deprecation_description

string

Deprecation description of the selected element(s). It can be provided if an element is marked as deprecated.

Endpoint

Endpoint describes a network endpoint that serves a set of APIs. A service may expose any number of endpoints, and all endpoints share the same service configuration, such as quota configuration and monitoring configuration.

Example service configuration:

name: library-example.googleapis.com
endpoints:
  # Below entry makes 'google.example.library.v1.Library'
  # API be served from endpoint address library-example.googleapis.com.
  # It also allows HTTP OPTIONS calls to be passed to the backend, for
  # it to decide whether the subsequent cross-origin request is
  # allowed to proceed.
- name: library-example.googleapis.com
  allow_cors: true
Fields
name

string

The canonical name of this endpoint.

aliases[]
(deprecated)

string

DEPRECATED: This field is no longer supported. Instead of using aliases, please specify multiple google.api.Endpoint for each of the intented alias.

Additional names that this endpoint will be hosted on.

apis[]

string

The list of APIs served by this endpoint.

If no APIs are specified this translates to "all APIs" exported by the service, as defined in the top-level service configuration.

features[]

string

The list of features enabled on this endpoint.

target

string

The specification of an Internet routable address of API frontend that will handle requests to this API Endpoint. It should be either a valid IPv4 address or a fully-qualified domain name. For example, "8.8.8.8" or "myservice.appspot.com".

allow_cors

bool

Allowing CORS, aka cross-domain traffic, would allow the backends served from this endpoint to receive and respond to HTTP OPTIONS requests. The response will be used by the browser to determine whether the subsequent cross-origin request is allowed to proceed.

Experimental

Experimental service configuration. These configuration options can only be used by whitelisted users.

Fields
authorization

AuthorizationConfig

Authorization configuration.

Http

Defines the HTTP configuration for an API service. It contains a list of HttpRule, each specifying the mapping of an RPC method to one or more HTTP REST API methods.

Fields
rules[]

HttpRule

A list of HTTP configuration rules that apply to individual API methods.

NOTE: All service configuration rules follow "last one wins" order.

fully_decode_reserved_expansion

bool

When set to true, URL path parmeters will be fully URI-decoded except in cases of single segment matches in reserved expansion, where "%2F" will be left encoded.

The default behavior is to not decode RFC 6570 reserved characters in multi segment matches.

HttpRule

HttpRule defines the mapping of an RPC method to one or more HTTP REST API methods. The mapping specifies how different portions of the RPC request message are mapped to URL path, URL query parameters, and HTTP request body. The mapping is typically specified as an google.api.http annotation on the RPC method, see "google/api/annotations.proto" for details.

The mapping consists of a field specifying the path template and method kind. The path template can refer to fields in the request message, as in the example below which describes a REST GET operation on a resource collection of messages:

service Messaging {
  rpc GetMessage(GetMessageRequest) returns (Message) {
    option (google.api.http).get = "/v1/messages/{message_id}/{sub.subfield}";
  }
}
message GetMessageRequest {
  message SubMessage {
    string subfield = 1;
  }
  string message_id = 1; // mapped to the URL
  SubMessage sub = 2;    // `sub.subfield` is url-mapped
}
message Message {
  string text = 1; // content of the resource
}

The same http annotation can alternatively be expressed inside the GRPC API Configuration YAML file.

http:
  rules:
    - selector: <proto_package_name>.Messaging.GetMessage
      get: /v1/messages/{message_id}/{sub.subfield}

This definition enables an automatic, bidrectional mapping of HTTP JSON to RPC. Example:

HTTP RPC
GET /v1/messages/123456/foo GetMessage(message_id: "123456" sub: SubMessage(subfield: "foo"))

In general, not only fields but also field paths can be referenced from a path pattern. Fields mapped to the path pattern cannot be repeated and must have a primitive (non-message) type.

Any fields in the request message which are not bound by the path pattern automatically become (optional) HTTP query parameters. Assume the following definition of the request message:

service Messaging {
  rpc GetMessage(GetMessageRequest) returns (Message) {
    option (google.api.http).get = "/v1/messages/{message_id}";
  }
}
message GetMessageRequest {
  message SubMessage {
    string subfield = 1;
  }
  string message_id = 1; // mapped to the URL
  int64 revision = 2;    // becomes a parameter
  SubMessage sub = 3;    // `sub.subfield` becomes a parameter
}

This enables a HTTP JSON to RPC mapping as below:

HTTP RPC
GET /v1/messages/123456?revision=2&sub.subfield=foo GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield: "foo"))

Note that fields which are mapped to HTTP parameters must have a primitive type or a repeated primitive type. Message types are not allowed. In the case of a repeated type, the parameter can be repeated in the URL, as in ...?param=A&param=B.

For HTTP method kinds which allow a request body, the body field specifies the mapping. Consider a REST update method on the message resource collection:

service Messaging {
  rpc UpdateMessage(UpdateMessageRequest) returns (Message) {
    option (google.api.http) = {
      put: "/v1/messages/{message_id}"
      body: "message"
    };
  }
}
message UpdateMessageRequest {
  string message_id = 1; // mapped to the URL
  Message message = 2;   // mapped to the body
}

The following HTTP JSON to RPC mapping is enabled, where the representation of the JSON in the request body is determined by protos JSON encoding:

HTTP RPC
PUT /v1/messages/123456 { "text": "Hi!" } UpdateMessage(message_id: "123456" message { text: "Hi!" })

The special name * can be used in the body mapping to define that every field not bound by the path template should be mapped to the request body. This enables the following alternative definition of the update method:

service Messaging {
  rpc UpdateMessage(Message) returns (Message) {
    option (google.api.http) = {
      put: "/v1/messages/{message_id}"
      body: "*"
    };
  }
}
message Message {
  string message_id = 1;
  string text = 2;
}

The following HTTP JSON to RPC mapping is enabled:

HTTP RPC
PUT /v1/messages/123456 { "text": "Hi!" } UpdateMessage(message_id: "123456" text: "Hi!")

Note that when using * in the body mapping, it is not possible to have HTTP parameters, as all fields not bound by the path end in the body. This makes this option more rarely used in practice of defining REST APIs. The common usage of * is in custom methods which don't use the URL at all for transferring data.

It is possible to define multiple HTTP methods for one RPC by using the additional_bindings option. Example:

service Messaging {
  rpc GetMessage(GetMessageRequest) returns (Message) {
    option (google.api.http) = {
      get: "/v1/messages/{message_id}"
      additional_bindings {
        get: "/v1/users/{user_id}/messages/{message_id}"
      }
    };
  }
}
message GetMessageRequest {
  string message_id = 1;
  string user_id = 2;
}

This enables the following two alternative HTTP JSON to RPC mappings:

HTTP RPC
GET /v1/messages/123456 GetMessage(message_id: "123456")
GET /v1/users/me/messages/123456 GetMessage(user_id: "me" message_id: "123456")

Rules for HTTP mapping

The rules for mapping HTTP path, query parameters, and body fields to the request message are as follows:

  1. The body field specifies either * or a field path, or is omitted. If omitted, it indicates there is no HTTP request body.
  2. Leaf fields (recursive expansion of nested messages in the request) can be classified into three types: (a) Matched in the URL template. (b) Covered by body (if body is *, everything except (a) fields; else everything under the body field) (c) All other fields.
  3. URL query parameters found in the HTTP request are mapped to (c) fields.
  4. Any body sent with an HTTP request can contain only (b) fields.

The syntax of the path template is as follows:

Template = "/" Segments [ Verb ] ;
Segments = Segment { "/" Segment } ;
Segment  = "*" | "**" | LITERAL | Variable ;
Variable = "{" FieldPath [ "=" Segments ] "}" ;
FieldPath = IDENT { "." IDENT } ;
Verb     = ":" LITERAL ;

The syntax * matches a single path segment. The syntax ** matches zero or more path segments, which must be the last part of the path except the Verb. The syntax LITERAL matches literal text in the path.

The syntax Variable matches part of the URL path as specified by its template. A variable template must not contain other variables. If a variable matches a single path segment, its template may be omitted, e.g. {var} is equivalent to {var=*}.

If a variable contains exactly one path segment, such as "{var}" or "{var=*}", when such a variable is expanded into a URL path, all characters except [-_.~0-9a-zA-Z] are percent-encoded. Such variables show up in the Discovery Document as {var}.

If a variable contains one or more path segments, such as "{var=foo/*}" or "{var=**}", when such a variable is expanded into a URL path, all characters except [-_.~/0-9a-zA-Z] are percent-encoded. Such variables show up in the Discovery Document as {+var}.

NOTE: While the single segment variable matches the semantics of RFC 6570 Section 3.2.2 Simple String Expansion, the multi segment variable does not match RFC 6570 Reserved Expansion. The reason is that the Reserved Expansion does not expand special characters like ? and #, which would lead to invalid URLs.

NOTE: the field paths in variables and in the body must not refer to repeated fields or map fields.

Fields
selector

string

Selects methods to which this rule applies.

Refer to selector for syntax details.

body

string

The name of the request field whose value is mapped to the HTTP body, or * for mapping all fields not captured by the path pattern to the HTTP body. NOTE: the referred field must not be a repeated field and must be present at the top-level of request message type.

response_body

string

The name of the response field whose value is mapped to the HTTP body of response. Other response fields are ignored. This field is optional. When not set, the response message will be used as HTTP body of response. NOTE: the referred field must be not a repeated field and must be present at the top-level of response message type.

media_upload

MediaUpload

Use this only for Scotty Requests. Do not use this for media support using Bytestream, add instead [][google.bytestream.RestByteStream] as an API to your configuration for Bytestream methods.

media_download

MediaDownload

Use this only for Scotty Requests. Do not use this for bytestream methods. For media support, add instead [][google.bytestream.RestByteStream] as an API to your configuration.

additional_bindings[]

HttpRule

Additional HTTP bindings for the selector. Nested bindings must not contain an additional_bindings field themselves (that is, the nesting may only be one level deep).

Union field pattern. Determines the URL pattern is matched by this rules. This pattern can be used with any of the {get|put|post|delete|patch} methods. A custom method can be defined using the 'custom' field. pattern can be only one of the following:
get

string

Used for listing and getting information about resources.

put

string

Used for updating a resource.

post

string

Used for creating a resource.

delete

string

Used for deleting a resource.

patch

string

Used for updating a resource.

custom

CustomHttpPattern

The custom pattern is used for specifying an HTTP method that is not included in the pattern field, such as HEAD, or "*" to leave the HTTP method unspecified for this rule. The wild-card rule is useful for services that provide content to Web (HTML) clients.

LabelDescriptor

A description of a label.

Fields
key

string

The label key.

value_type

ValueType

The type of data that can be assigned to the label.

description

string

A human-readable description for the label.

ValueType

Value types that can be used as label values.

Enums
STRING A variable-length string. This is the default.
BOOL Boolean; true or false.
INT64 A 64-bit signed integer.

LogDescriptor

A description of a log type. Example in YAML format:

- name: library.googleapis.com/activity_history
  description: The history of borrowing and returning library items.
  display_name: Activity
  labels:
  - key: /customer_id
    description: Identifier of a library customer
Fields
name

string

The name of the log. It must be less than 512 characters long and can include the following characters: upper- and lower-case alphanumeric characters [A-Za-z0-9], and punctuation characters including slash, underscore, hyphen, period [/_-.].

labels[]

LabelDescriptor

The set of labels that are available to describe a specific log entry. Runtime requests that contain labels not specified here are considered invalid.

description

string

A human-readable description of this log. This information appears in the documentation and can contain details.

display_name

string

The human-readable name for this log. This information appears on the user interface and should be concise.

Logging

Logging configuration of the service.

The following example shows how to configure logs to be sent to the producer and consumer projects. In the example, the activity_history log is sent to both the producer and consumer projects, whereas the purchase_history log is only sent to the producer project.

monitored_resources:
- type: library.googleapis.com/branch
  labels:
  - key: /city
    description: The city where the library branch is located in.
  - key: /name
    description: The name of the branch.
logs:
- name: activity_history
  labels:
  - key: /customer_id
- name: purchase_history
logging:
  producer_destinations:
  - monitored_resource: library.googleapis.com/branch
    logs:
    - activity_history
    - purchase_history
  consumer_destinations:
  - monitored_resource: library.googleapis.com/branch
    logs:
    - activity_history
Fields
producer_destinations[]

LoggingDestination

Logging configurations for sending logs to the producer project. There can be multiple producer destinations, each one must have a different monitored resource type. A log can be used in at most one producer destination.

consumer_destinations[]

LoggingDestination

Logging configurations for sending logs to the consumer project. There can be multiple consumer destinations, each one must have a different monitored resource type. A log can be used in at most one consumer destination.

LoggingDestination

Configuration of a specific logging destination (the producer project or the consumer project).

Fields
monitored_resource

string

The monitored resource type. The type must be defined in the Service.monitored_resources section.

logs[]

string

Names of the logs to be sent to this destination. Each name must be defined in the Service.logs section. If the log name is not a domain scoped name, it will be automatically prefixed with the service name followed by "/".

MediaDownload

Defines the Media configuration for a service in case of a download. Use this only for Scotty Requests. Do not use this for media support using Bytestream, add instead [][google.bytestream.RestByteStream] as an API to your configuration for Bytestream methods.

Fields
enabled

bool

Whether download is enabled.

download_service

string

DO NOT USE FIELDS BELOW THIS LINE UNTIL THIS WARNING IS REMOVED.

Specify name of the download service if one is used for download.

dropzone

string

Name of the Scotty dropzone to use for the current API.

complete_notification

bool

A boolean that determines whether a notification for the completion of a download should be sent to the backend.

use_direct_download

bool

A boolean that determines if direct download from ESF should be used for download of this media.

max_direct_download_size

int64

Optional maximum acceptable size for direct download. The size is specified in bytes.

MediaUpload

Defines the Media configuration for a service in case of an upload. Use this only for Scotty Requests. Do not use this for media support using Bytestream, add instead [][google.bytestream.RestByteStream] as an API to your configuration for Bytestream methods.

Fields
enabled

bool

Whether upload is enabled.

upload_service

string

DO NOT USE FIELDS BELOW THIS LINE UNTIL THIS WARNING IS REMOVED.

Specify name of the upload service if one is used for upload.

dropzone

string

Name of the Scotty dropzone to use for the current API.

mime_types[]

string

An array of mimetype patterns. Esf will only accept uploads that match one of the given patterns.

max_size

int64

Optional maximum acceptable size for an upload. The size is specified in bytes.

start_notification

bool

Whether to receive a notification on the start of media upload.

progress_notification

bool

Whether to receive a notification for progress changes of media upload.

complete_notification

bool

A boolean that determines whether a notification for the completion of an upload should be sent to the backend. These notifications will not be seen by the client and will not consume quota.

MetricDescriptor

Defines a metric type and its schema. Once a metric descriptor is created, deleting or altering it stops data collection and makes the metric type's existing data unusable.

Fields
name

string

The resource name of the metric descriptor. Depending on the implementation, the name typically includes: (1) the parent resource name that defines the scope of the metric type or of its data; and (2) the metric's URL-encoded type, which also appears in the type field of this descriptor. For example, following is the resource name of a custom metric within the GCP project my-project-id:

"projects/my-project-id/metricDescriptors/custom.googleapis.com%2Finvoice%2Fpaid%2Famount"

type

string

The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined custom metric types have the DNS name custom.googleapis.com. Metric types should use a natural hierarchical grouping. For example:

"custom.googleapis.com/invoice/paid/amount"
"appengine.googleapis.com/http/server/response_latencies"

labels[]

LabelDescriptor

The set of labels that can be used to describe a specific instance of this metric type. For example, the appengine.googleapis.com/http/server/response_latencies metric type has a label for the HTTP response code, response_code, so you can look at latencies for successful responses or just for responses that failed.

metric_kind

MetricKind

Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metric_kind and value_type might not be supported.

value_type

ValueType

Whether the measurement is an integer, a floating-point number, etc. Some combinations of metric_kind and value_type might not be supported.

unit

string

The unit in which the metric value is reported. It is only applicable if the value_type is INT64, DOUBLE, or DISTRIBUTION. The supported units are a subset of The Unified Code for Units of Measure standard:

Basic units (UNIT)

  • bit bit
  • By byte
  • s second
  • min minute
  • h hour
  • d day

Prefixes (PREFIX)

  • k kilo (10**3)
  • M mega (10**6)
  • G giga (10**9)
  • T tera (10**12)
  • P peta (10**15)
  • E exa (10**18)
  • Z zetta (10**21)
  • Y yotta (10**24)
  • m milli (10**-3)
  • u micro (10**-6)
  • n nano (10**-9)
  • p pico (10**-12)
  • f femto (10**-15)
  • a atto (10**-18)
  • z zepto (10**-21)
  • y yocto (10**-24)
  • Ki kibi (2**10)
  • Mi mebi (2**20)
  • Gi gibi (2**30)
  • Ti tebi (2**40)

Grammar

The grammar includes the dimensionless unit 1, such as 1/s.

The grammar also includes these connectors:

  • / division (as an infix operator, e.g. 1/s).
  • . multiplication (as an infix operator, e.g. GBy.d)

The grammar for a unit is as follows:

Expression = Component { "." Component } { "/" Component } ;

Component = [ PREFIX ] UNIT [ Annotation ]
          | Annotation
          | "1"
          ;

Annotation = "{" NAME "}" ;

Notes:

  • Annotation is just a comment if it follows a UNIT and is equivalent to 1 if it is used alone. For examples, {requests}/s == 1/s, By{transmitted}/s == By/s.
  • NAME is a sequence of non-blank printable ASCII characters not containing '{' or '}'.

description

string

A detailed description of the metric, which can be used in documentation.

display_name

string

A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count".

MetricKind

The kind of measurement. It describes how the data is reported.

Enums
METRIC_KIND_UNSPECIFIED Do not use this default value.
GAUGE An instantaneous measurement of a value.
DELTA The change in a value during a time interval.
CUMULATIVE A value accumulated over a time interval. Cumulative measurements in a time series should have the same start time and increasing end times, until an event resets the cumulative value to zero and sets a new start time for the following points.

ValueType

The value type of a metric.

Enums
VALUE_TYPE_UNSPECIFIED Do not use this default value.
BOOL The value is a boolean. This value type can be used only if the metric kind is GAUGE.
INT64 The value is a signed 64-bit integer.
DOUBLE The value is a double precision floating point number.
STRING The value is a text string. This value type can be used only if the metric kind is GAUGE.
DISTRIBUTION The value is a [Distribution][google.api.Distribution].
MONEY The value is money.

MetricRule

Bind API methods to metrics. Binding a method to a metric causes that metric's configured quota behaviors to apply to the method call.

Fields
selector

string

Selects the methods to which this rule applies.

Refer to selector for syntax details.

metric_costs

map<string, int64>

Metrics to update when the selected methods are called, and the associated cost applied to each metric.

The key of the map is the metric name, and the values are the amount increased for the metric against which the quota limits are defined. The value must not be negative.

MonitoredResourceDescriptor

An object that describes the schema of a MonitoredResource object using a type name and a set of labels. For example, the monitored resource descriptor for Google Compute Engine VM instances has a type of "gce_instance" and specifies the use of the labels "instance_id" and "zone" to identify particular VM instances.

Different APIs can support different monitored resource types. APIs generally provide a list method that returns the monitored resource descriptors used by the API.

Fields
name

string

Optional. The resource name of the monitored resource descriptor: "projects/{project_id}/monitoredResourceDescriptors/{type}" where {type} is the value of the type field in this object and {project_id} is a project ID that provides API-specific context for accessing the type. APIs that do not use project information can use the resource name format "monitoredResourceDescriptors/{type}".

type

string

Required. The monitored resource type. For example, the type "cloudsql_database" represents databases in Google Cloud SQL. The maximum length of this value is 256 characters.

display_name

string

Optional. A concise name for the monitored resource type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners. For example, "Google Cloud SQL Database".

description

string

Optional. A detailed description of the monitored resource type that might be used in documentation.

labels[]

LabelDescriptor

Required. A set of labels used to describe instances of this monitored resource type. For example, an individual Google Cloud SQL database is identified by values for the labels "database_id" and "zone".

Monitoring

Monitoring configuration of the service.

The example below shows how to configure monitored resources and metrics for monitoring. In the example, a monitored resource and two metrics are defined. The library.googleapis.com/book/returned_count metric is sent to both producer and consumer projects, whereas the library.googleapis.com/book/overdue_count metric is only sent to the consumer project.

monitored_resources:
- type: library.googleapis.com/branch
  labels:
  - key: /city
    description: The city where the library branch is located in.
  - key: /name
    description: The name of the branch.
metrics:
- name: library.googleapis.com/book/returned_count
  metric_kind: DELTA
  value_type: INT64
  labels:
  - key: /customer_id
- name: library.googleapis.com/book/overdue_count
  metric_kind: GAUGE
  value_type: INT64
  labels:
  - key: /customer_id
monitoring:
  producer_destinations:
  - monitored_resource: library.googleapis.com/branch
    metrics:
    - library.googleapis.com/book/returned_count
  consumer_destinations:
  - monitored_resource: library.googleapis.com/branch
    metrics:
    - library.googleapis.com/book/returned_count
    - library.googleapis.com/book/overdue_count
Fields
producer_destinations[]

MonitoringDestination

Monitoring configurations for sending metrics to the producer project. There can be multiple producer destinations, each one must have a different monitored resource type. A metric can be used in at most one producer destination.

consumer_destinations[]

MonitoringDestination

Monitoring configurations for sending metrics to the consumer project. There can be multiple consumer destinations, each one must have a different monitored resource type. A metric can be used in at most one consumer destination.

MonitoringDestination

Configuration of a specific monitoring destination (the producer project or the consumer project).

Fields
monitored_resource

string

The monitored resource type. The type must be defined in Service.monitored_resources section.

metrics[]

string

Names of the metrics to report to this monitoring destination. Each name must be defined in Service.metrics section.

OAuthRequirements

OAuth scopes are a way to define data and permissions on data. For example, there are scopes defined for "Read-only access to Google Calendar" and "Access to Cloud Platform". Users can consent to a scope for an application, giving it permission to access that data on their behalf.

OAuth scope specifications should be fairly coarse grained; a user will need to see and understand the text description of what your scope means.

In most cases: use one or at most two OAuth scopes for an entire family of products. If your product has multiple APIs, you should probably be sharing the OAuth scope across all of those APIs.

When you need finer grained OAuth consent screens: talk with your product management about how developers will use them in practice.

Please note that even though each of the canonical scopes is enough for a request to be accepted and passed to the backend, a request can still fail due to the backend requiring additional scopes or permissions.

Fields
canonical_scopes

string

The list of publicly documented OAuth scopes that are allowed access. An OAuth token containing any of these scopes will be accepted.

Example:

 canonical_scopes: https://www.googleapis.com/auth/calendar,
                   https://www.googleapis.com/auth/calendar.read

Page

Represents a documentation page. A page can contain subpages to represent nested documentation set structure.

Fields
name

string

The name of the page. It will be used as an identity of the page to generate URI of the page, text of the link to this page in navigation, etc. The full page name (start from the root page name to this page concatenated with .) can be used as reference to the page in your documentation. For example:

pages:
- name: Tutorial
  content: (== include tutorial.md ==)
  subpages:
  - name: Java
    content: (== include tutorial_java.md ==)

You can reference Java page using Markdown reference link syntax: [Java][Tutorial.Java].

content

string

The Markdown content of the page. You can use

(== include {path} ==)

to include content from a Markdown file.

subpages[]

Page

Subpages of this page. The order of subpages specified here will be honored in the generated docset.

Quota

Quota configuration helps to achieve fairness and budgeting in service usage.

The quota configuration works this way: - The service configuration defines a set of metrics. - For API calls, the quota.metric_rules maps methods to metrics with corresponding costs. - The quota.limits defines limits on the metrics, which will be used for quota checks at runtime.

An example quota configuration in yaml format:

quota:

 - name: apiWriteQpsPerProject
   metric: library.googleapis.com/write_calls
   unit: "1/min/{project}"  # rate limit for consumer projects
   values:
     STANDARD: 10000


 # The metric rules bind all methods to the read_calls metric,
 # except for the UpdateBook and DeleteBook methods. These two methods
 # are mapped to the write_calls metric, with the UpdateBook method
 # consuming at twice rate as the DeleteBook method.
 metric_rules:
 - selector: "*"
   metric_costs:
     library.googleapis.com/read_calls: 1
 - selector: google.example.library.v1.LibraryService.UpdateBook
   metric_costs:
     library.googleapis.com/write_calls: 2
 - selector: google.example.library.v1.LibraryService.DeleteBook
   metric_costs:
     library.googleapis.com/write_calls: 1

Corresponding Metric definition:

 metrics:
 - name: library.googleapis.com/read_calls
   display_name: Read requests
   metric_kind: DELTA
   value_type: INT64

 - name: library.googleapis.com/write_calls
   display_name: Write requests
   metric_kind: DELTA
   value_type: INT64
Fields
limits[]

QuotaLimit

List of QuotaLimit definitions for the service.

metric_rules[]

MetricRule

List of MetricRule definitions, each one mapping a selected method to one or more metrics.

QuotaLimit

QuotaLimit defines a specific limit that applies over a specified duration for a limit type. There can be at most one limit for a duration and limit type combination defined within a QuotaGroup.

Fields
name

string

Name of the quota limit. The name is used to refer to the limit when overriding the default limit on per-consumer basis.

For metric-based quota limits, the name must be provided, and it must be unique within the service. The name can only include alphanumeric characters as well as '-'.

The maximum length of the limit name is 64 characters.

The name of a limit is used as a unique identifier for this limit. Therefore, once a limit has been put into use, its name should be immutable. You can use the display_name field to provide a user-friendly name for the limit. The display name can be evolved over time without affecting the identity of the limit.

description

string

Optional. User-visible, extended description for this quota limit. Should be used only when more context is needed to understand this limit than provided by the limit's display name (see: display_name).

default_limit

int64

Default number of tokens that can be consumed during the specified duration. This is the number of tokens assigned when a client application developer activates the service for his/her project.

Specifying a value of 0 will block all requests. This can be used if you are provisioning quota to selected consumers and blocking others. Similarly, a value of -1 will indicate an unlimited quota. No other negative values are allowed.

Used by group-based quotas only.

max_limit

int64

Maximum number of tokens that can be consumed during the specified duration. Client application developers can override the default limit up to this maximum. If specified, this value cannot be set to a value less than the default limit. If not specified, it is set to the default limit.

To allow clients to apply overrides with no upper bound, set this to -1, indicating unlimited maximum quota.

Used by group-based quotas only.

free_tier

int64

Free tier value displayed in the Developers Console for this limit. The free tier is the number of tokens that will be subtracted from the billed amount when billing is enabled. This field can only be set on a limit with duration "1d", in a billable group; it is invalid on any other limit. If this field is not set, it defaults to 0, indicating that there is no free tier for this service.

Used by group-based quotas only.

duration

string

Duration of this limit in textual notation. Example: "100s", "24h", "1d". For duration longer than a day, only multiple of days is supported. We support only "100s" and "1d" for now. Additional support will be added in the future. "0" indicates indefinite duration.

Used by group-based quotas only.

metric

string

The name of the metric this quota limit applies to. The quota limits with the same metric will be checked together during runtime. The metric must be defined within the service config.

Used by metric-based quotas only.

unit

string

Specify the unit of the quota limit. It uses the same syntax as [Metric.unit][]. The supported unit kinds are determined by the quota backend system.

The Google Service Control supports the following unit components: * One of the time intevals: * "/min" for quota every minute. * "/d" for quota every 24 hours, starting 00:00 US Pacific Time. * Otherwise the quota won't be reset by time, such as storage limit. * One and only one of the granted containers: * "/{project}" quota for a project

Here are some examples: * "1/min/{project}" for quota per minute per project.

Note: the order of unit components is insignificant. The "1" at the beginning is required to follow the metric unit syntax.

Used by metric-based quotas only.

values

map<string, int64>

Tiered limit values, currently only STANDARD is supported.

display_name

string

User-visible display name for this limit. Optional. If not set, the UI will provide a default display name based on the quota configuration. This field can be used to override the default display name generated from the configuration.

Service

Service is the root object of Google service configuration schema. It describes basic information about a service, such as the name and the title, and delegates other aspects to sub-sections. Each sub-section is either a proto message or a repeated proto message that configures a specific aspect, such as auth. See each proto message definition for details.

Example:

type: google.api.Service
config_version: 3
name: calendar.googleapis.com
title: Google Calendar API
apis:
- name: google.calendar.v3.Calendar
authentication:
  providers:
  - id: google_calendar_auth
    jwks_uri: https://www.googleapis.com/oauth2/v1/certs
    issuer: https://securetoken.google.com
  rules:
  - selector: "*"
    requirements:
      provider_id: google_calendar_auth
Fields
config_version

UInt32Value

The semantic version of the service configuration. The config version affects the interpretation of the service configuration. For example, certain features are enabled by default for certain config versions. The latest config version is 3.

name

string

The DNS address at which this service is available, e.g. calendar.googleapis.com.

id

string

A unique ID for a specific instance of this message, typically assigned by the client for tracking purpose. If empty, the server may choose to generate one instead.

title

string

The product title for this service.

producer_project_id

string

The Google project that owns this service.

apis[]

Api

A list of API interfaces exported by this service. Only the name field of the google.protobuf.Api needs to be provided by the configuration author, as the remaining fields will be derived from the IDL during the normalization process. It is an error to specify an API interface here which cannot be resolved against the associated IDL files.

types[]

Type

A list of all proto message types included in this API service. Types referenced directly or indirectly by the apis are automatically included. Messages which are not referenced but shall be included, such as types used by the google.protobuf.Any type, should be listed here by name. Example:

types:
- name: google.protobuf.Int32

enums[]

Enum

A list of all enum types included in this API service. Enums referenced directly or indirectly by the apis are automatically included. Enums which are not referenced but shall be included should be listed here by name. Example:

enums:
- name: google.someapi.v1.SomeEnum

documentation

Documentation

Additional API documentation.

visibility

Visibility

API visibility configuration.

backend

Backend

API backend configuration.

http

Http

HTTP configuration.

quota

Quota

Quota configuration.

authentication

Authentication

Auth configuration.

context

Context

Context configuration.

usage

Usage

Configuration controlling usage of this service.

custom_error

CustomError

Custom error configuration.

endpoints[]

Endpoint

Configuration for network endpoints. If this is empty, then an endpoint with the same name as the service is automatically generated to service all defined APIs.

control

Control

Configuration for the service control plane.

logs[]

LogDescriptor

Defines the logs used by this service.

metrics[]

MetricDescriptor

Defines the metrics used by this service.

monitored_resources[]

MonitoredResourceDescriptor

Defines the monitored resources used by this service. This is required by the Service.monitoring and Service.logging configurations.

billing

Billing

Billing configuration.

logging

Logging

Logging configuration.

monitoring

Monitoring

Monitoring configuration.

system_parameters

SystemParameters

System parameter configuration.

source_info

SourceInfo

Output only. The source information for this configuration if available.

experimental

Experimental

Experimental configuration.

system_types[]

Type

A list of all proto message types included in this API service. It serves similar purpose as google.api.Service.types, except that these types are not needed by user-defined APIs. Therefore, they will not show up in the generated discovery doc. This field should only be used to define system APIs in ESF.

SourceInfo

Source information used to create a Service Config

Fields
source_files[]

Any

All files used during config generation.

SystemParameter

Define a parameter's name and location. The parameter may be passed as either an HTTP header or a URL query parameter, and if both are passed the behavior is implementation-dependent.

Fields
name

string

Define the name of the parameter, such as "api_key" . It is case sensitive.

http_header

string

Define the HTTP header name to use for the parameter. It is case insensitive.

url_query_parameter

string

Define the URL query parameter name to use for the parameter. It is case sensitive.

SystemParameterRule

Define a system parameter rule mapping system parameter definitions to methods.

Fields
selector

string

Selects the methods to which this rule applies. Use '*' to indicate all methods in all APIs.

Refer to selector for syntax details.

parameters[]

SystemParameter

Define parameters. Multiple names may be defined for a parameter. For a given method call, only one of them should be used. If multiple names are used the behavior is implementation-dependent. If none of the specified names are present the behavior is parameter-dependent.

SystemParameters

System parameter configuration

A system parameter is a special kind of parameter defined by the API system, not by an individual API. It is typically mapped to an HTTP header and/or a URL query parameter. This configuration specifies which methods change the names of the system parameters.

Fields
rules[]

SystemParameterRule

Define system parameters.

The parameters defined here will override the default parameters implemented by the system. If this field is missing from the service config, default system parameters will be used. Default system parameters and names is implementation-dependent.

Example: define api key for all methods

system_parameters
  rules:
    - selector: "*"
      parameters:
        - name: api_key
          url_query_parameter: api_key

Example: define 2 api key names for a specific method.

system_parameters
  rules:
    - selector: "/ListShelves"
      parameters:
        - name: api_key
          http_header: Api-Key1
        - name: api_key
          http_header: Api-Key2

NOTE: All service configuration rules follow "last one wins" order.

Usage

Configuration controlling usage of a service.

Fields
requirements[]

string

Requirements that must be satisfied before a consumer project can use the service. Each requirement is of the form <service.name>/; for example 'serviceusage.googleapis.com/billing-enabled'.

rules[]

UsageRule

A list of usage rules that apply to individual API methods.

NOTE: All service configuration rules follow "last one wins" order.

producer_notification_channel

string

The full resource name of a channel used for sending notifications to the service producer.

Google Service Management currently only supports Google Cloud Pub/Sub as a notification channel. To use Google Cloud Pub/Sub as the channel, this must be the name of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format documented in https://cloud.google.com/pubsub/docs/overview.

UsageRule

Usage configuration rules for the service.

NOTE: Under development.

Use this rule to configure unregistered calls for the service. Unregistered calls are calls that do not contain consumer project identity. (Example: calls that do not contain an API key). By default, API methods do not allow unregistered calls, and each method call must be identified by a consumer project identity. Use this rule to allow/disallow unregistered calls.

Example of an API that wants to allow unregistered calls for entire service.

usage:
  rules:
  - selector: "*"
    allow_unregistered_calls: true

Example of a method that wants to allow unregistered calls.

usage:
  rules:
  - selector: "google.example.library.v1.LibraryService.CreateBook"
    allow_unregistered_calls: true
Fields
selector

string

Selects the methods to which this rule applies. Use '*' to indicate all methods in all APIs.

Refer to selector for syntax details.

allow_unregistered_calls

bool

True, if the method allows unregistered calls; false otherwise.

skip_service_control

bool

True, if the method should skip service control. If so, no control plane feature (like quota and billing) will be enabled.

Visibility

Visibility defines restrictions for the visibility of service elements. Restrictions are specified using visibility labels (e.g., TRUSTED_TESTER) that are elsewhere linked to users and projects.

Users and projects can have access to more than one visibility label. The effective visibility for multiple labels is the union of each label's elements, plus any unrestricted elements.

If an element and its parents have no restrictions, visibility is unconditionally granted.

Example:

visibility:
  rules:
  - selector: google.calendar.Calendar.EnhancedSearch
    restriction: TRUSTED_TESTER
  - selector: google.calendar.Calendar.Delegate
    restriction: GOOGLE_INTERNAL

Here, all methods are publicly visible except for the restricted methods EnhancedSearch and Delegate.

Fields
rules[]

VisibilityRule

A list of visibility rules that apply to individual API elements.

NOTE: All service configuration rules follow "last one wins" order.

VisibilityRule

A visibility rule provides visibility configuration for an individual API element.

Fields
selector

string

Selects methods, messages, fields, enums, etc. to which this rule applies.

Refer to selector for syntax details.

restriction

string

A comma-separated list of visibility labels that apply to the selector. Any of the listed labels can be used to grant the visibility.

If a rule has multiple labels, removing one of the labels but not all of them can break clients.

Example:

visibility:
  rules:
  - selector: google.calendar.Calendar.EnhancedSearch
    restriction: GOOGLE_INTERNAL, TRUSTED_TESTER

Removing GOOGLE_INTERNAL from this restriction will break clients that rely on this method and only had access to it through GOOGLE_INTERNAL.

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.