As an alternative, you can use the - wildcard character instead of the project ID:
projects/-/serviceAccounts/{EMAIL_ADDRESS}
projects/-/serviceAccounts/{UNIQUE_ID}
When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not
Found error.
Authorization requires the following IAM permission on the specified resource name:
iam.serviceAccounts.signBlob
Request body
The request body contains data with the following structure:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-07 UTC."],[[["This document outlines the specifications for a deprecated method of signing a blob using a service account's private key."],["The method uses an HTTP POST request to a specific URL, which includes a required `name` path parameter to identify the service account."],["The request body expects a JSON object with a `bytesToSign` field, containing the base64-encoded bytes that will be signed."],["The response body is also in JSON format and contains the `keyId` of the key used and the `signature`, which is the base64-encoded signed blob."],["This method is deprecated, and the document strongly encourages migration to the `signBlob` method within the IAM Service Account Credentials API, providing a link to a migration guide."]]],[]]
