Google Git
Sign in
code / google-api-go-client / 35b8a70029d2eefb8abd466de3dd808a939ccf98 / . / iamcredentials / v1 / iamcredentials-api.json
blob: 10388f3f51c736aeec7e1f7558e58b724c3d7df4 [file] [log] [blame]
{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
}
}
}
},
"basePath": "",
"baseUrl": "https://iamcredentials.googleapis.com/",
"batchPath": "batch",
"canonicalName": "IAM Credentials",
"description": "Creates short-lived, limited-privilege credentials for IAM service accounts.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "iamcredentials:v1",
"kind": "discovery#restDescription",
"name": "iamcredentials",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"projects": {
"resources": {
"serviceAccounts": {
"methods": {
"generateAccessToken": {
"description": "Generates an OAuth 2.0 access token for a service account.",
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:generateAccessToken",
"httpMethod": "POST",
"id": "iamcredentials.projects.serviceAccounts.generateAccessToken",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The resource name of the service account for which the credentials\nare requested, in the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}:generateAccessToken",
"request": {
"$ref": "GenerateAccessTokenRequest"
},
"response": {
"$ref": "GenerateAccessTokenResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"generateIdToken": {
"description": "Generates an OpenID Connect ID token for a service account.",
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:generateIdToken",
"httpMethod": "POST",
"id": "iamcredentials.projects.serviceAccounts.generateIdToken",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The resource name of the service account for which the credentials\nare requested, in the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}:generateIdToken",
"request": {
"$ref": "GenerateIdTokenRequest"
},
"response": {
"$ref": "GenerateIdTokenResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"signBlob": {
"description": "Signs a blob using a service account's system-managed private key.",
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signBlob",
"httpMethod": "POST",
"id": "iamcredentials.projects.serviceAccounts.signBlob",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The resource name of the service account for which the credentials\nare requested, in the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}:signBlob",
"request": {
"$ref": "SignBlobRequest"
},
"response": {
"$ref": "SignBlobResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"signJwt": {
"description": "Signs a JWT using a service account's system-managed private key.",
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signJwt",
"httpMethod": "POST",
"id": "iamcredentials.projects.serviceAccounts.signJwt",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The resource name of the service account for which the credentials\nare requested, in the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}:signJwt",
"request": {
"$ref": "SignJwtRequest"
},
"response": {
"$ref": "SignJwtResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
}
}
},
"revision": "20190704",
"rootUrl": "https://iamcredentials.googleapis.com/",
"schemas": {
"GenerateAccessTokenRequest": {
"id": "GenerateAccessTokenRequest",
"properties": {
"delegates": {
"description": "The sequence of service accounts in a delegation chain. Each service\naccount must be granted the `roles/iam.serviceAccountTokenCreator` role\non its next service account in the chain. The last service account in the\nchain must be granted the `roles/iam.serviceAccountTokenCreator` role\non the service account that is specified in the `name` field of the\nrequest.\n\nThe delegates must have the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.",
"items": {
"type": "string"
},
"type": "array"
},
"lifetime": {
"description": "The desired lifetime duration of the access token in seconds.\nMust be set to a value less than or equal to 3600 (1 hour). If a value is\nnot specified, the token's lifetime will be set to a default value of one\nhour.",
"format": "google-duration",
"type": "string"
},
"scope": {
"description": "Code to identify the scopes to be included in the OAuth 2.0 access token.\nSee https://developers.google.com/identity/protocols/googlescopes for more\ninformation.\nAt least one value required.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"GenerateAccessTokenResponse": {
"id": "GenerateAccessTokenResponse",
"properties": {
"accessToken": {
"description": "The OAuth 2.0 access token.",
"type": "string"
},
"expireTime": {
"description": "Token expiration time.\nThe expiration time is always set.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"GenerateIdTokenRequest": {
"id": "GenerateIdTokenRequest",
"properties": {
"audience": {
"description": "The audience for the token, such as the API or account that this token\ngrants access to.",
"type": "string"
},
"delegates": {
"description": "The sequence of service accounts in a delegation chain. Each service\naccount must be granted the `roles/iam.serviceAccountTokenCreator` role\non its next service account in the chain. The last service account in the\nchain must be granted the `roles/iam.serviceAccountTokenCreator` role\non the service account that is specified in the `name` field of the\nrequest.\n\nThe delegates must have the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.",
"items": {
"type": "string"
},
"type": "array"
},
"includeEmail": {
"description": "Include the service account email in the token. If set to `true`, the\ntoken will contain `email` and `email_verified` claims.",
"type": "boolean"
}
},
"type": "object"
},
"GenerateIdTokenResponse": {
"id": "GenerateIdTokenResponse",
"properties": {
"token": {
"description": "The OpenId Connect ID token.",
"type": "string"
}
},
"type": "object"
},
"SignBlobRequest": {
"id": "SignBlobRequest",
"properties": {
"delegates": {
"description": "The sequence of service accounts in a delegation chain. Each service\naccount must be granted the `roles/iam.serviceAccountTokenCreator` role\non its next service account in the chain. The last service account in the\nchain must be granted the `roles/iam.serviceAccountTokenCreator` role\non the service account that is specified in the `name` field of the\nrequest.\n\nThe delegates must have the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.",
"items": {
"type": "string"
},
"type": "array"
},
"payload": {
"description": "The bytes to sign.",
"format": "byte",
"type": "string"
}
},
"type": "object"
},
"SignBlobResponse": {
"id": "SignBlobResponse",
"properties": {
"keyId": {
"description": "The ID of the key used to sign the blob.",
"type": "string"
},
"signedBlob": {
"description": "The signed blob.",
"format": "byte",
"type": "string"
}
},
"type": "object"
},
"SignJwtRequest": {
"id": "SignJwtRequest",
"properties": {
"delegates": {
"description": "The sequence of service accounts in a delegation chain. Each service\naccount must be granted the `roles/iam.serviceAccountTokenCreator` role\non its next service account in the chain. The last service account in the\nchain must be granted the `roles/iam.serviceAccountTokenCreator` role\non the service account that is specified in the `name` field of the\nrequest.\n\nThe delegates must have the following format:\n`projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard\ncharacter is required; replacing it with a project ID is invalid.",
"items": {
"type": "string"
},
"type": "array"
},
"payload": {
"description": "The JWT payload to sign: a JSON object that contains a JWT Claims Set.",
"type": "string"
}
},
"type": "object"
},
"SignJwtResponse": {
"id": "SignJwtResponse",
"properties": {
"keyId": {
"description": "The ID of the key used to sign the JWT.",
"type": "string"
},
"signedJwt": {
"description": "The signed JWT.",
"type": "string"
}
},
"type": "object"
}
},
"servicePath": "",
"title": "IAM Service Account Credentials API",
"version": "v1",
"version_module": true
}