API keys are associated with the Google Cloud project in which
they have been created. If your API requires an API key, you either have to give
your API users a key from the project that you created the Cloud Endpoints
service in, or you can let users enable your API in their own Google Cloud
project and create an API key. This page shows you how to grant the permission
that users need to enable your API.
Granting access
Endpoints uses the
Identity and Access Management (IAM)Service Consumer role to allow someone who isn't a member of your
Google Cloud project to enable your API in their own Google Cloud
project. This section shows you how to grant access using the
Google Cloud console or the Google Cloud CLI.
Google Cloud console
In the Google Cloud console, go to the Endpoints > Services
page for your project.
If you have more than one API, click the name of the API that you want to
grant access to.
If the Permissions side panel isn't open, click Show Permissions Panel.
In the Add Principal field, enter the email address of the person or
Google Group that
you want to grant access to.
In the Select a role drop-down menu, select Service Management >
Service Consumer.
Click Save.
Repeat adding members and selecting the role, as needed.
Contact the users or groups that you added and let them know they can
enable the API in their Google Cloud projects. See
Enable an API in your Google Cloud
project for information on how to enable a service in APIs & services.
gcloud
Open Cloud Shell, or if you have the Google Cloud CLI installed, open
a terminal window.
Contact the users or groups that you added and let them know they can enable
the API in their Google Cloud projects. See
Enable an API in your Google Cloud
project for information on how to enable a service in APIs & services.
Revoking access
You revoke access to your API by removing the Service Consumer role from a
user or group that previously had the role. After you revoke someone's access,
they won't be able to enable your API.
This section shows you how to revoke access using the Google Cloud console or
the Google Cloud CLI.
Google Cloud console
In the Google Cloud console, go to the Endpoints > Services
page for your Google Cloud project.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-09 UTC."],[[["API keys are linked to the Google Cloud project where they were created, allowing users to use keys from the service's project or enable the API in their own project."],["Granting access to an API for others' Google Cloud projects is done using the Identity and Access Management (IAM) Service Consumer role, assignable through the Google Cloud console or the Google Cloud CLI."],["To grant access, you need to add the email or Google Group to the service and assign them the 'Service Consumer' role, and then notify the added users that they can now enable the API."],["Revoking access involves removing the Service Consumer role from the user or group via the Google Cloud console or the gcloud command, preventing them from enabling the API, but not impacting existing users."],["The documentation provides further steps to inform users on how to enable the API on their side, along with more information on sharing API keys and the Cloud Endpoints portal."]]],[]]
