All APIs
Identity and Access Management (IAM) API logo

Identity and Access Management (IAM) API

Identity and Access Management (IAM) API

Downanalyticsby Google

Google Cloud IAM API manages access control for GCP resources — service accounts, roles, policies, conditional access.

Visit site ↗Health checked 9h ago
Use it when

Fine-grained permission model (resource × role × principal)

Watch for

Many roles and permissions — steep learning curve

First check

POST /v1/projects/{projectId}/serviceAccounts to create a service account; POST /v1/{resource}:setIamPolicy to set the IAM policy.

Auth
CORS
No
HTTPS
Yes
Signup
?
Protocol
REST
Pricing

Uptime · 30-day window

Probes: 1Uptime: 0%
01

About this API

IAM is GCP's access-control core. Its model is the "principal → role → resource" triple — principal is user/serviceAccount/group/domain, role is a set of permissions (predefined like roles/storage.admin or custom), resource is a GCP resource (project/bucket/instance, etc.). A key feature is conditional access — add conditions like "during business hours only", "from corporate IPs only", "only on resources with a specific tag". Service Account is machine identity (for apps, CI, cron), with keys or STS short-lived tokens. IAM API is mainly used for: automated CI/CD permission setup (instead of manual console clicks), compliance audits (export policies for inspection), and large-scale permission management (bulk revoke for departing employees).

02

What you can build

  • 1Programmatically create service accounts
  • 2Bulk-assign/revoke IAM roles
  • 3Audit IAM policies
  • 4Least-privilege configuration for CI/CD pipelines
03

Strengths & limitations

Strengths

  • Fine-grained permission model (resource × role × principal)
  • Conditional access (attribute-based access control) supported
  • Complete and traceable audit logs

Limitations

  • Many roles and permissions — steep learning curve
  • Some resources still use legacy ACLs outside IAM
04

Example request

Generic template — replace <endpoint> with the real path from the docs.
curl https://google.com/<endpoint>
05

Getting started

POST /v1/projects/{projectId}/serviceAccounts to create a service account; POST /v1/{resource}:setIamPolicy to set the IAM policy.

06

FAQ

Are service account keys safe?+

Keys are long-lived credentials — high leak risk. Strongly recommend Workload Identity Federation (short-lived tokens, no keys) instead.

Predefined vs custom roles?+

Start with predefined; only customize if too broad. Custom roles have high maintenance cost (manual permission additions when GCP adds features).

07

Technical details

CORS: NoHTTPS: YesSignup: ?Open source: No
Auth type
unknown
Pricing
unknown
Protocols
REST
SDKs
python, javascript, go, java, csharp
Last health check
5/12/2026, 7:37:35 AM
08

Tags

google-cloudiamidentityaccess-controlsecurity
09

More from Google

View all from Google →
Admin SDK API

Google Workspace Admin SDK API programmatically manages Workspace organizations — users, groups, devices, domains, audit logs, organizational units.

AdMob API

Retrieve AdMob accounts, apps, ad units, ad sources, and generate mediation or network reports.

AdSense Host API

Work with AdSense Host accounts, ad clients, ad units, reports, and ad code generation from one API surface.

Apigee API

Programmatically manage Apigee organizations, API proxy deployments, attributes, certificates, and hybrid operations.

BigQuery API

Google BigQuery API is the REST interface to GCP's flagship data warehouse — execute SQL queries, manage datasets/tables, stream inserts, and use built-in ML.

Binary Authorization API

Control Binary Authorization attestors and policy checks for container images deployed to GKE and Anthos.

Business Profile Performance API

Fetch Business Profile location metrics, daily time series, and monthly search keyword impressions.

Calendar API

Google Calendar API lets apps create, read, and update calendar events programmatically — the go-to integration for scheduling apps.