Stay organized with collections
Save and categorize content based on your preferences.
Creates short-lived credentials for impersonating IAM service accounts. Disabling this API also disables the IAM API (iam.googleapis.com). However, enabling this API doesn't enable the IAM API.
To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.
Discovery document
A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery document:
A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-21 UTC."],[[["\u003cp\u003eThis service, \u003ccode\u003eiamcredentials.googleapis.com\u003c/code\u003e, creates short-lived credentials for impersonating IAM service accounts.\u003c/p\u003e\n"],["\u003cp\u003eDisabling this API will also disable the main IAM API, but enabling it does not automatically enable the IAM API.\u003c/p\u003e\n"],["\u003cp\u003eThe service offers a REST API that provides methods for generating OAuth 2.0 access tokens and OpenID Connect ID tokens for service accounts.\u003c/p\u003e\n"],["\u003cp\u003eThis service uses a specified service endpoint \u003ccode\u003ehttps://iamcredentials.googleapis.com\u003c/code\u003e, which is the base URL for all API requests.\u003c/p\u003e\n"],["\u003cp\u003eThe main API supports signing operations using a service account's managed private key, such as \u003ccode\u003esignBlob\u003c/code\u003e and \u003ccode\u003esignJwt\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# IAM Service Account Credentials API\n\nCreates short-lived credentials for impersonating IAM service accounts. Disabling this API also disables the IAM API (iam.googleapis.com). However, enabling this API doesn't enable the IAM API.\n\n- [REST Resource: v1.locations.workforcePools](#v1.locations.workforcePools)\n- [REST Resource: v1.projects.locations.workloadIdentityPools](#v1.projects.locations.workloadIdentityPools)\n- [REST Resource: v1.projects.serviceAccounts](#v1.projects.serviceAccounts)\n\nService: iamcredentials.googleapis.com\n--------------------------------------\n\nTo call this service, we recommend that you use the Google-provided [client libraries](https://cloud.google.com/apis/docs/client-libraries-explained). If your application needs to use your own libraries to call this service, use the following information when you make the API requests.\n\n### Discovery document\n\nA [Discovery Document](https://developers.google.com/discovery/v1/reference/apis) is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery document:\n\n- \u003chttps://iamcredentials.googleapis.com/$discovery/rest?version=v1\u003e\n\n### Service endpoint\n\nA [service endpoint](https://cloud.google.com/apis/design/glossary#api_service_endpoint) is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:\n\n- `https://iamcredentials.googleapis.com`\n\nREST Resource: [v1.locations.workforcePools](/iam/docs/reference/credentials/rest/v1/locations.workforcePools)\n--------------------------------------------------------------------------------------------------------------\n\nREST Resource: [v1.projects.locations.workloadIdentityPools](/iam/docs/reference/credentials/rest/v1/projects.locations.workloadIdentityPools)\n----------------------------------------------------------------------------------------------------------------------------------------------\n\nREST Resource: [v1.projects.serviceAccounts](/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts)\n--------------------------------------------------------------------------------------------------------------"]]
