General API reference documentation
-
Authenticate to IAM
Authenticate to IAM programmatically so that you can access the IAM API.
-
Retry failed requests
Find out how to retry failed requests to the IAM API.
-
Client libraries
Use a client library to integrate your application with IAM.
-
gcloud iam
commandsUse the
gcloud iam
commands to work with IAM from the command line.
REST API reference documentation
-
IAM REST API
Manage roles and permissions, and manage your service accounts and keys, with the REST API.
-
Privileged Access Manager REST API
Manage just-in-time temporary role grants with the REST API.
-
Security Token Service REST API
Exchange access tokens.
-
Service Account Credentials REST API
Create short-lived, limited-privilege credentials for service accounts.
RPC API reference documentation
IAM Conditions reference documentation
-
Conditions attribute reference
Learn about attributes that you can use to conditionally grant or deny access.
-
Conditions resource attribute value reference
Grant access to specific Google Cloud services, resource types, and resource names.
-
Resource types that accept conditional role bindings
Find out which resource types let you add conditional role bindings to their allow policies.
Other reference documentation
-
Basic and predefined roles reference
View IAM basic roles, as well as a complete list of IAM predefined roles and the permissions they contain.
-
Full resource names
Understand the format that IAM uses to identify another service's resources.
-
Identity federation: supported products and limitations
Lists Google Cloud products that work with workforce identity federation, and provides associated product limitations.
-
Permissions reference
View a complete list of IAM permissions and the roles that grant them.
-
Permissions supported in deny policies
Learn which IAM permissions you can use in deny policies.
-
Permissions that principal access boundary policies can block
Learn which IAM permissions each version of principal access boundary policies can block.
-
Principal identifiers
Understand the identifiers that you use when listing principals in allow policies and deny policies.
-
Resource types that accept allow policies
Learn which resource types accept allow policies.
-
Resource types with built-in identities
Learn which resource have built-in identities and what the principal identifiers for those built-in identities are.
-
Service agents
Get details about the service accounts that Google Cloud services use to access your resources.
-
Support levels for permissions in custom roles
Learn which IAM permissions you can use in custom roles.