- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- Examples
- Try it!
Lists every ServiceAccountKey
for a service account.
HTTP request
GET https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}/keys
The URL uses gRPC Transcoding syntax.
Path parameters
name
string
Required. The resource name of the service account.
Use one of the following formats:
-
projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS} -
projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}
As an alternative, you can use the -
wildcard character instead of the project ID:
-
projects/-/serviceAccounts/{EMAIL_ADDRESS} -
projects/-/serviceAccounts/{UNIQUE_ID}
When possible, avoid using the -
wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account projects/-/serviceAccounts/fake@example.com
, which does not exist, the response contains an HTTP 403 Forbidden
error instead of a 404 Not
Found
error.
Authorization requires the following IAM
permission on the specified resource name
:
-
iam.serviceAccountKeys.list
Query parameters
| Parameters | |
|---|---|
keyTypes[]
|
Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned. |
Request body
The request body must be empty.
Response body
The service account keys list response.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{
"keys"
:
[
{
object (
|
| Fields | |
|---|---|
keys[]
|
The public keys for the service account. |
Authorization scopes
Requires one of the following OAuth scopes:
-
https://www.googleapis.com/auth/iam -
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview .
