Method: projects.serviceAccounts.signBlob

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
Examples
Try it!

Signs a blob using the system-managed private key for a ServiceAccount .

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:signBlob

Path parameters

Parameters

name
 (deprecated)

string

Required. Deprecated. Migrate to Service Account Credentials API .

The resource name of the service account.

Use one of the following formats:

projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}
projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}

As an alternative, you can use the - wildcard character instead of the project ID:

projects/-/serviceAccounts/{EMAIL_ADDRESS}
projects/-/serviceAccounts/{UNIQUE_ID}

When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account projects/-/serviceAccounts/fake@example.com , which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.

Authorization requires the following IAM permission on the specified resource name :

iam.serviceAccounts.signBlob

Request body

The request body contains data with the following structure:

JSON representation
{ "bytesToSign" : string }

Fields

Fields
`bytesToSign (deprecated)`	`string ( bytes format)` Required. Deprecated. Migrate to Service Account Credentials API . The bytes to sign. A base64-encoded string.

bytesToSign
 (deprecated)

string ( bytes format)

Required. Deprecated. Migrate to Service Account Credentials API .

The bytes to sign.

A base64-encoded string.

Response body

Deprecated. Migrate to Service Account Credentials API .

The service account sign blob response.

If successful, the response body contains data with the following structure:

JSON representation
{ "keyId" : string , "signature" : string }

Fields

Fields
`keyId (deprecated)`	`string` This item is deprecated! Deprecated. Migrate to Service Account Credentials API . The id of the key used to sign the blob.
`signature (deprecated)`	`string ( bytes format)` This item is deprecated! Deprecated. Migrate to Service Account Credentials API . The signed blob. A base64-encoded string.

keyId
 (deprecated)

string

Deprecated. Migrate to Service Account Credentials API .

The id of the key used to sign the blob.

signature
 (deprecated)

string ( bytes format)

Deprecated. Migrate to Service Account Credentials API .

The signed blob.

A base64-encoded string.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview .