Service Accounts
Service account management and authentication
Returns all ServiceAccounts.
The bearer token can be obtained by creating a ServiceAccount.
Happy response.
Error object.
GET /api/v1/service-accounts HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"items": [
{
"name": "text",
"display_name": "text",
"id": "text",
"lrn": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"groups": [
{
"name": "text",
"display_name": "text",
"sso_name": "text",
"lrn": "text",
"id": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"user_count": 1,
"sa_count": 1,
"role_count": 1,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
],
"token_expires_at": "2025-11-15T12:27:16.904Z",
"token_expired": true,
"last_seen_at": "2025-11-15T12:27:16.904Z",
"is_admin": true,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
]
}Creates a new ServiceAccount.
The bearer token can be obtained by creating a ServiceAccount.
Sets the unique name of the new service account. It must be a valid HQ resource name: it can only contain lowercase alphanumeric characters or hyphens; hyphens cannot appear at the end or start; the length is 63 characters at most.
Sets | the display name of the new service account. If not provided, the value of "name" will be used.
Sets the description of the new service account.
Determines the moment of token expiration. If not specified, the token will never expire.
Happy response.
Error object.
POST /api/v1/service-accounts HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 150
{
"name": "text",
"display_name": "text",
"description": "text",
"token_expires_at": "2025-11-15T12:27:16.904Z",
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}{
"name": "text",
"display_name": "text",
"id": "text",
"lrn": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"groups": [
{
"name": "text",
"display_name": "text",
"sso_name": "text",
"lrn": "text",
"id": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"user_count": 1,
"sa_count": 1,
"role_count": 1,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
],
"token_expires_at": "2025-11-15T12:27:16.904Z",
"token_expired": true,
"last_seen_at": "2025-11-15T12:27:16.904Z",
"is_admin": true,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"token": "text"
}Returns a specific ServiceAccount.
The bearer token can be obtained by creating a ServiceAccount.
Happy response.
Error object.
GET /api/v1/service-accounts/{name} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
"name": "text",
"display_name": "text",
"id": "text",
"lrn": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"groups": [
{
"name": "text",
"display_name": "text",
"sso_name": "text",
"lrn": "text",
"id": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"user_count": 1,
"sa_count": 1,
"role_count": 1,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
],
"token_expires_at": "2025-11-15T12:27:16.904Z",
"token_expired": true,
"last_seen_at": "2025-11-15T12:27:16.904Z",
"is_admin": true,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}Deletes a ServiceAccount.
The bearer token can be obtained by creating a ServiceAccount.
Successful deletion.
Error object.
DELETE /api/v1/service-accounts/{name} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
No content
Updates a service account.
The bearer token can be obtained by creating a ServiceAccount.
Updates a service account. Absent fields are left untouched.
Updates the display name of the service account.
Updates the description of a service account.
Happy response.
Error object.
PATCH /api/v1/service-accounts/{name} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 90
{
"display_name": "text",
"description": "text",
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}{
"name": "text",
"display_name": "text",
"id": "text",
"lrn": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"groups": [
{
"name": "text",
"display_name": "text",
"sso_name": "text",
"lrn": "text",
"id": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"user_count": 1,
"sa_count": 1,
"role_count": 1,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
],
"token_expires_at": "2025-11-15T12:27:16.904Z",
"token_expired": true,
"last_seen_at": "2025-11-15T12:27:16.904Z",
"is_admin": true,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}Renews the service account's token. The current token is invalidated and a new one is generated. An optional expiration timestamp can be provided.
The bearer token can be obtained by creating a ServiceAccount.
Determines the moment of token expiration. If not specified, the token will never expire.
Happy response.
Error object.
POST /api/v1/service-accounts/{name}/renew-token HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 47
{
"token_expires_at": "2025-11-15T12:27:16.904Z"
}{
"name": "text",
"display_name": "text",
"id": "text",
"lrn": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"groups": [
{
"name": "text",
"display_name": "text",
"sso_name": "text",
"lrn": "text",
"id": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"user_count": 1,
"sa_count": 1,
"role_count": 1,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
],
"token_expires_at": "2025-11-15T12:27:16.904Z",
"token_expired": true,
"last_seen_at": "2025-11-15T12:27:16.904Z",
"is_admin": true,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
},
"token": "text"
}Assigns the given service account exactly to the provided groups, ensuring they are not part of any other groups.
The bearer token can be obtained by creating a ServiceAccount.
The name of the service account.
Defines the groups a user or service account should be exactly a member of.
Adds the user or service account to the groups (specified by their names).
Removes the user or service account from the groups (specified by their names). If a group is specified in both add_to_groups as well in here, removal wins.
Sets the user or service account memberships to those groups (specified by their names) in an absolute fashion (ensures user/sa will be exactly a member of those), if provided. Cannot be combined with the add_to_groups or remove_from_groups.
Service account groups membership updated successfully.
Error object.
PUT /api/v1/service-accounts/{name}/groups HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 78
{
"add_to_groups": [
"text"
],
"remove_from_groups": [
"text"
],
"set_groups": [
"text"
]
}{
"name": "text",
"display_name": "text",
"id": "text",
"lrn": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"groups": [
{
"name": "text",
"display_name": "text",
"sso_name": "text",
"lrn": "text",
"id": "text",
"created_at": "2025-11-15T12:27:16.904Z",
"description": "text",
"user_count": 1,
"sa_count": 1,
"role_count": 1,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}
],
"token_expires_at": "2025-11-15T12:27:16.904Z",
"token_expired": true,
"last_seen_at": "2025-11-15T12:27:16.904Z",
"is_admin": true,
"metadata": {
"ANY_ADDITIONAL_PROPERTY": "text"
}
}Last updated
Was this helpful?