If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail.
To re-enable the service account, use serviceAccounts.enable. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens.
To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with serviceAccounts.delete.
HTTP request
POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:disable
As an alternative, you can use the - wildcard character instead of the project ID:
projects/-/serviceAccounts/{EMAIL_ADDRESS}
projects/-/serviceAccounts/{UNIQUE_ID}
When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not
Found error.
Authorization requires the following IAM permission on the specified resource name:
iam.serviceAccounts.disable
Request body
The request body must be empty.
Response body
If successful, the response body is an empty JSON object.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-01-16 UTC."],[[["This method immediately disables a specified Service Account, preventing it from authenticating and accessing Google APIs or Cloud resources."],["Disabling a service account is recommended before deletion to avoid unplanned outages, with a suggested 24-hour waiting period to monitor for any unintended consequences."],["The HTTP request to disable a service account is a POST request to a specific URL, which utilizes gRPC Transcoding syntax."],["The request requires a `name` parameter, specifying the service account resource name, and authorization with the `iam.serviceAccounts.disable` IAM permission."],["The request body must be empty, and a successful response will contain an empty JSON object."]]],[]]
