Method: projects.serviceAccounts.keys.list

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
Examples
Try it!

Lists every ServiceAccountKey for a service account.

HTTP request

GET https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}/keys

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`name`	`string` Required. The resource name of the service account. Use one of the following formats: `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: `projects/-/serviceAccounts/{EMAIL_ADDRESS}` `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error. Authorization requires the following IAM permission on the specified resource `name`: `iam.serviceAccountKeys.list`

name

string

Required. The resource name of the service account.

Use one of the following formats:

projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}
projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}

As an alternative, you can use the - wildcard character instead of the project ID:

projects/-/serviceAccounts/{EMAIL_ADDRESS}
projects/-/serviceAccounts/{UNIQUE_ID}

When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.

Authorization requires the following IAM permission on the specified resource name:

iam.serviceAccountKeys.list

Query parameters

Parameters

Parameters
`keyTypes[]`	`enum (KeyType)` Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.

keyTypes[]

enum (KeyType)

Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.

Request body

The request body must be empty.

Response body

The service account keys list response.

If successful, the response body contains data with the following structure:

JSON representation
{ "keys": [ { object (`ServiceAccountKey`) } ] }

Fields

Fields
`keys[]`	`object (ServiceAccountKey)` The public keys for the service account.

keys[]

object (ServiceAccountKey)

The public keys for the service account.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.