All APIs
Binary Authorization API logo

Binary Authorization API

Binary Authorization API

Upanalyticsby Google

Control Binary Authorization attestors and policy checks for container images deployed to GKE and Anthos.

Visit site ↗Health checked 9h ago
Use it when

Includes attestors and validation calls directly

Watch for

This is a governance API, not an image-build API

First check

Use an OAuth token with the cloud-platform scope. Start by reading attestors, then validate validateAttestationOccurrence, getIamPolicy, and setIamPolicy against a non-production project.

Auth
oauth
CORS
No
HTTPS
Yes
Signup
Required
Latency
44 ms
Protocol
REST
Pricing

Uptime · 30-day window

Probes: 1Uptime: 100%Avg latency: 44ms
01

About this API

This spec is about Binary Authorization policy enforcement rather than image storage itself: the core operations revolve around attestors, IAM policy, and validateAttestationOccurrence. The OpenAPI document exposes paths such as "/v1beta1/{attestor}:validateAttestationOccurrence", "/v1beta1/{name}", "/v1beta1/{parent}/attestors", and "/v1beta1/{resource}:getIamPolicy" and tags like "projects" and "systempolicy".

That shape maps well to create or maintain attestors, validate an attestation occurrence before deployment, and set iam policy on gke or anthos-related resources. The spec lists scopes such as "https://www.googleapis.com/auth/cloud-platform".

This is a governance API, not an image-build API The scope is cloud-platform, so project-side permissions still matter

02

What you can build

  • 1Create or maintain attestors
  • 2Validate an attestation occurrence before deployment
  • 3Set IAM policy on GKE or Anthos-related resources
03

Strengths & limitations

Strengths

  • Includes attestors and validation calls directly
  • Covers GKE and Anthos policy checks in one surface
  • Includes the IAM policy paths you need for governance

Limitations

  • This is a governance API, not an image-build API
  • The scope is cloud-platform, so project-side permissions still matter
04

Example request

Generic template — replace <endpoint> with the real path from the docs.
curl https://google.com/<endpoint> \
  -H "Authorization: Bearer $ACCESS_TOKEN"
05

Getting started

Use an OAuth token with the cloud-platform scope. Start by reading attestors, then validate validateAttestationOccurrence, getIamPolicy, and setIamPolicy against a non-production project.

06

Technical details

CORS: NoHTTPS: YesSignup: YesOpen source: No
Auth type
oauth
Pricing
unknown
Protocols
REST
Response time
44 ms
Last health check
5/12/2026, 7:37:30 AM
07

Tags

securitybinary-authorizationgkeanthos
08

More from Google

View all from Google →
Admin SDK API

Google Workspace Admin SDK API programmatically manages Workspace organizations — users, groups, devices, domains, audit logs, organizational units.

AdMob API

Retrieve AdMob accounts, apps, ad units, ad sources, and generate mediation or network reports.

AdSense Host API

Work with AdSense Host accounts, ad clients, ad units, reports, and ad code generation from one API surface.

Apigee API

Programmatically manage Apigee organizations, API proxy deployments, attributes, certificates, and hybrid operations.

BigQuery API

Google BigQuery API is the REST interface to GCP's flagship data warehouse — execute SQL queries, manage datasets/tables, stream inserts, and use built-in ML.

Business Profile Performance API

Fetch Business Profile location metrics, daily time series, and monthly search keyword impressions.

Calendar API

Google Calendar API lets apps create, read, and update calendar events programmatically — the go-to integration for scheduling apps.

Chrome Management API

Chrome Management API manages enterprise Chrome browsers and Chrome OS devices — policy deployment, extension control, user activity reports.