Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
HTTP request
POST https://apigateway.googleapis.com/v1beta/{resource=projects/*/locations/*/apis/*}:testIamPermissions
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
The set of permissions to check for the resource. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see IAM Overview.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-28 UTC."],[[["\u003cp\u003eThis endpoint is designed to return the permissions a caller has on a specified resource, or an empty set if the resource does not exist, primarily for UI and tool development, not for authorization checking.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request to test permissions on a resource is a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003ehttps://apigateway.googleapis.com/v1beta/{resource=projects/*/locations/*/apis/*}:testIamPermissions\u003c/code\u003e, where the \u003ccode\u003eresource\u003c/code\u003e parameter is required.\u003c/p\u003e\n"],["\u003cp\u003eThe request body should be structured in JSON format with a \u003ccode\u003epermissions\u003c/code\u003e array, to check the permissions on a resource, but wildcards within permissions are not permitted.\u003c/p\u003e\n"],["\u003cp\u003eIf the request is successful, the response body will contain a \u003ccode\u003eTestIamPermissionsResponse\u003c/code\u003e instance.\u003c/p\u003e\n"],["\u003cp\u003eMaking a call to this endpoint requires the OAuth scope \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,[]]
