k0rdent AI Docs
Serviceaccounts

Create service account

Visibility: public · internal ( OpenAPI Custom Extension: x-visibility )

Create a new service account scoped to a level in the resource hierarchy. Only tenant administrators can create service accounts.

The service account is created with a server-generated clientId but no credentials. Use the credential sub-resource endpoints to create a client_secret after the service account exists.

The scope level may be constrained by org-level policy.

POST
/v1/regions/global/iam/service-accounts

Authorization

bearerAuth
AuthorizationBearer <token>

Bearer token authentication using OAuth2/OIDC tokens

In: header

Request Body

application/json

id?string

Client-provided resource identifier. If omitted, the server generates one. Must match a-z?.

Match^[a-z]([-a-z0-9]*[a-z0-9])?$
Length1 <= length <= 63
displayName*string

Human-readable display name.

Length1 <= length <= 255
description?string

Optional description of purpose.

Lengthlength <= 1024
scope*string

The hierarchy level this service account is scoped to. Subject to org-level policy.

Value in"organization" | "project"
scopeId*string

Resource identifier for the scope target. Must be a resource the caller has access to.

roles?array<string>

Roles to assign to the service account. Each must be a valid org-defined role slug that the calling administrator holds within the requested scope (scope-down principle).

Response Body

application/json

application/json

application/json

application/json

application/json

application/json

application/json

curl -X POST "https://api.k0rdent.ai/v1/regions/global/iam/service-accounts" \  -H "Content-Type: application/json" \  -d '{    "displayName": "Production CI/CD Pipeline",    "scope": "project",    "scopeId": "proj-abc123"  }'
{
  "selfLink": "/v1/iam/service-accounts/sa-pipeline-prod",
  "uid": "07cc67f4-45d6-494b-adac-09b5cbc7e2b5",
  "id": "sa-pipeline-prod",
  "displayName": "Production CI/CD Pipeline",
  "description": "string",
  "clientId": "sa-pipeline-prod@myorg.iam",
  "scope": "project",
  "scopeId": "proj-abc123",
  "roles": [
    "compute.deployer",
    "storage.writer"
  ],
  "status": "active",
  "createdBy": "user-admin-001",
  "createdAt": "2019-08-24T14:15:22Z",
  "updatedAt": "2019-08-24T14:15:22Z",
  "activeCredentialCount": 2
}
{
  "error": {
    "code": 0,
    "message": "string",
    "details": [
      {}
    ]
  }
}
{
  "error": {
    "code": 0,
    "message": "string",
    "details": [
      {}
    ]
  }
}
{
  "error": {
    "code": 0,
    "message": "string",
    "details": [
      {}
    ]
  }
}

{
  "code": "CONFLICT",
  "message": "A resource with id 'my-deploy-key' already exists."
}

{
  "error": {
    "code": 0,
    "message": "string",
    "details": [
      {}
    ]
  }
}
{
  "error": {
    "code": 0,
    "message": "string",
    "details": [
      {}
    ]
  }
}

How is this guide?

Create service account credential POST

Previous Page

Delete credential DELETE

Next Page

On this page

No Headings