Method: projects.serviceAccounts.keys.delete

Deletes a ServiceAccountKey . Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.

HTTP request

DELETE https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*/keys/*}

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. The resource name of the service account key.

Use one of the following formats:

  • projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}/keys/{KEY_ID}
  • projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}/keys/{KEY_ID}

As an alternative, you can use the - wildcard character instead of the project ID:

  • projects/-/serviceAccounts/{EMAIL_ADDRESS}/keys/{KEY_ID}
  • projects/-/serviceAccounts/{UNIQUE_ID}/keys/{KEY_ID}

When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account key projects/-/serviceAccounts/fake@example.com/keys/fake-key, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.

Authorization requires the following IAM permission on the specified resource name:

  • iam.serviceAccountKeys.delete

Request body

The request body must be empty.

Response body

If successful, the response body is an empty JSON object.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年05月21日 UTC.