API Gateway Service, gRPC: ApiGatewayService

A set of methods for managing API gateways.

Call	Description
Get	Returns the specified API gateway.
List	Retrieves the list of API gateways in the specified folder.
Create	Creates an API gateway in the specified folder.
Update	Updates the specified API gateway.
Delete	Deletes the specified API gateway.
AddDomain	Attaches domain to the specified API gateway.
RemoveDomain	Detaches domain from the specified API gateway.
GetOpenapiSpec	Returns the OpenAPI specification of specified API gateway.
ListOperations	Lists operations for the specified API gateway.
ListAccessBindings	Lists existing access bindings for the specified API gateway.
SetAccessBindings	Sets access bindings for the specified API gateway.
UpdateAccessBindings	Updates access bindings for the specified API gateway.

Calls ApiGatewayService

Get

Returns the specified API gateway. Note that only API gateway basic attributes are returned. To get associated openapi specification, make a GetOpenapiSpec request.
To get the list of all available API gateways, make a List request.

rpc Get (GetApiGatewayRequest) returns (ApiGateway)

GetApiGatewayRequest

Field	Description
api_gateway_id	string Required. ID of the API gateway to return. To get a API gateway ID make a ApiGatewayService.List request.

ApiGateway

Field	Description
id	string ID of the API gateway. Generated at creation time.
folder_id	string ID of the folder that the API gateway belongs to.
created_at	google.protobuf.Timestamp Creation timestamp for the API-gateway.
name	string Name of the API gateway. The name is unique within the folder.
description	string Description of the API gateway.
labels	map<string,string> API gateway labels as key:value pairs.
status	enum Status Status of the API gateway. CREATING: API gateway is being created. ACTIVE: API gateway is ready for use. DELETING: API gateway is being deleted. ERROR: API gateway failed. The only allowed action is delete. UPDATING: API gateway is being updated.
domain	string Default domain for the API gateway. Generated at creation time.
log_group_id	string ID of the log group for the API gateway.
attached_domains[]	AttachedDomain List of domains attached to API gateway.
connectivity	Connectivity Network access. If specified the gateway will be attached to specified network/subnet(s).
log_options	LogOptions Options for logging from the API gateway.

AttachedDomain

Field	Description
domain_id	string ID of the domain.
certificate_id	string ID of the domain certificate.
enabled	bool Enabling flag.
domain	string Name of the domain.

Connectivity

Field	Description
network_id	string Network the gateway will have access to. It's essential to specify network with subnets in all availability zones.
subnet_id[]	string Complete list of subnets (from the same network) the gateway can be attached to. It's essential to specify at least one subnet for each availability zones.

LogOptions

Field	Description
disabled	bool Is logging from API gateway disabled.
destination	oneof: log_group_id or folder_id Log entries destination.
log_group_id	string Entry should be written to log group resolved by ID.
folder_id	string Entry should be written to default log group for specified folder.
min_level	yandex.cloud.logging.v1.LogLevel.Level Minimum log entry level. See [LogLevel.Level] for details.

List

Retrieves the list of API gateways in the specified folder.

rpc List (ListApiGatewayRequest) returns (ListApiGatewayResponse)

ListApiGatewayRequest

Field	Description
folder_id	string Required. ID of the folder to list API gateways in. To get a folder ID make a yandex.cloud.resourcemanager.v1.FolderService.List request.
page_size	int64 The maximum number of results per page to return. If the number of available results is larger than pageSize, the service returns a ListApiGatewayResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100.
page_token	string Page token. To get the next page of results, set pageToken to the ListApiGatewayResponse.next_page_token returned by a previous list request.
filter	string A filter expression that filters functions listed in the response. The expression must specify: The field name. Currently filtering can only be applied to the ApiGateway.name field. An = operator. The value in double quotes ("). Must be 3-63 characters long and match the regular expression [a-z]([-a-z0-9]{0,61}[a-z0-9])?. Example of a filter: name=my-apigw.

ListApiGatewayResponse

Field	Description
api_gateways[]	ApiGateway List of API gateways in the specified folder.
next_page_token	string Token for getting the next page of the list. If the number of results is greater than the specified ListApiGatewayRequest.page_size, use nextPageToken as the value for the ListApiGatewayRequest.page_token parameter in the next list request. Each subsequent page will have its own nextPageToken to continue paging through the results.

ApiGateway

Field	Description
id	string ID of the API gateway. Generated at creation time.
folder_id	string ID of the folder that the API gateway belongs to.
created_at	google.protobuf.Timestamp Creation timestamp for the API-gateway.
name	string Name of the API gateway. The name is unique within the folder.
description	string Description of the API gateway.
labels	map<string,string> API gateway labels as key:value pairs.
status	enum Status Status of the API gateway. CREATING: API gateway is being created. ACTIVE: API gateway is ready for use. DELETING: API gateway is being deleted. ERROR: API gateway failed. The only allowed action is delete. UPDATING: API gateway is being updated.
domain	string Default domain for the API gateway. Generated at creation time.
log_group_id	string ID of the log group for the API gateway.
attached_domains[]	AttachedDomain List of domains attached to API gateway.
connectivity	Connectivity Network access. If specified the gateway will be attached to specified network/subnet(s).
log_options	LogOptions Options for logging from the API gateway.

AttachedDomain

Field	Description
domain_id	string ID of the domain.
certificate_id	string ID of the domain certificate.
enabled	bool Enabling flag.
domain	string Name of the domain.

Connectivity

Field	Description
network_id	string Network the gateway will have access to. It's essential to specify network with subnets in all availability zones.
subnet_id[]	string Complete list of subnets (from the same network) the gateway can be attached to. It's essential to specify at least one subnet for each availability zones.

LogOptions

Field	Description
disabled	bool Is logging from API gateway disabled.
destination	oneof: log_group_id or folder_id Log entries destination.
log_group_id	string Entry should be written to log group resolved by ID.
folder_id	string Entry should be written to default log group for specified folder.
min_level	yandex.cloud.logging.v1.LogLevel.Level Minimum log entry level. See [LogLevel.Level] for details.

Create

Creates an API gateway in the specified folder.

rpc Create (CreateApiGatewayRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:CreateApiGatewayMetadata

    Operation.response:ApiGateway

CreateApiGatewayRequest

Field	Description
folder_id	string Required. ID of the folder to create an API gateway in. To get a folder ID make a yandex.cloud.resourcemanager.v1.FolderService.List request.
name	string Name of the API gateway. The name must be unique within the folder. Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])?.
description	string Description of the API gateway. The maximum string length in characters is 256.
labels	map<string,string> Resource labels as key:value pairs. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_./\\@0-9a-z]*. The string length in characters for each key must be 1-63. Each key must match the regular expression [a-z][-_./\\@0-9a-z]*.
spec	oneof: openapi_spec OpenAPI specification of API gateway.
openapi_spec	string The text of specification, JSON or YAML.
connectivity	Connectivity Gateway connectivity. If specified the gateway will be attached to specified network/subnet(s).
log_options	LogOptions Options for logging from the API gateway.

Connectivity

Field	Description
network_id	string Network the gateway will have access to. It's essential to specify network with subnets in all availability zones.
subnet_id[]	string Complete list of subnets (from the same network) the gateway can be attached to. It's essential to specify at least one subnet for each availability zones.

LogOptions

Field	Description
disabled	bool Is logging from API gateway disabled.
destination	oneof: log_group_id or folder_id Log entries destination.
log_group_id	string Entry should be written to log group resolved by ID.
folder_id	string Entry should be written to default log group for specified folder.
min_level	yandex.cloud.logging.v1.LogLevel.Level Minimum log entry level. See [LogLevel.Level] for details.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata	google.protobuf.Any<CreateApiGatewayMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<ApiGateway> if operation finished successfully.

CreateApiGatewayMetadata

Field	Description
api_gateway_id	string ID of the API gateway that is being created.

ApiGateway

Field	Description
id	string ID of the API gateway. Generated at creation time.
folder_id	string ID of the folder that the API gateway belongs to.
created_at	google.protobuf.Timestamp Creation timestamp for the API-gateway.
name	string Name of the API gateway. The name is unique within the folder.
description	string Description of the API gateway.
labels	map<string,string> API gateway labels as key:value pairs.
status	enum Status Status of the API gateway. CREATING: API gateway is being created. ACTIVE: API gateway is ready for use. DELETING: API gateway is being deleted. ERROR: API gateway failed. The only allowed action is delete. UPDATING: API gateway is being updated.
domain	string Default domain for the API gateway. Generated at creation time.
log_group_id	string ID of the log group for the API gateway.
attached_domains[]	AttachedDomain List of domains attached to API gateway.
connectivity	Connectivity Network access. If specified the gateway will be attached to specified network/subnet(s).
log_options	LogOptions Options for logging from the API gateway.

AttachedDomain

Field	Description
domain_id	string ID of the domain.
certificate_id	string ID of the domain certificate.
enabled	bool Enabling flag.
domain	string Name of the domain.

Update

Updates the specified API gateway.

rpc Update (UpdateApiGatewayRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:UpdateApiGatewayMetadata

    Operation.response:ApiGateway

UpdateApiGatewayRequest

Field	Description
api_gateway_id	string Required. ID of the API gateway to update. To get a API gateway ID make a ApiGatewayService.List request.
update_mask	google.protobuf.FieldMask Field mask that specifies which attributes of the API gateway should be updated.
name	string New name for the API gateway. The name must be unique within the folder. Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])?.
description	string New description for the API gateway. The maximum string length in characters is 256.
labels	map<string,string> API gateway labels as key:value pairs. Existing set of labels is completely replaced by the provided set, so if you just want to add or remove a label, request the current set of labels with a yandex.cloud.serverless.apigateway.v1.ApiGatewayService.Get request. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_./\\@0-9a-z]*. The string length in characters for each key must be 1-63. Each key must match the regular expression [a-z][-_./\\@0-9a-z]*.
spec	oneof: openapi_spec New OpenAPI specification of API gateway.
openapi_spec	string The text of specification, JSON or YAML.
connectivity	Connectivity Gateway connectivity. If specified the gateway will be attached to specified network/subnet(s).
log_options	LogOptions Options for logging from the API gateway.

Connectivity

Field	Description
network_id	string Network the gateway will have access to. It's essential to specify network with subnets in all availability zones.
subnet_id[]	string Complete list of subnets (from the same network) the gateway can be attached to. It's essential to specify at least one subnet for each availability zones.

LogOptions

Field	Description
disabled	bool Is logging from API gateway disabled.
destination	oneof: log_group_id or folder_id Log entries destination.
log_group_id	string Entry should be written to log group resolved by ID.
folder_id	string Entry should be written to default log group for specified folder.
min_level	yandex.cloud.logging.v1.LogLevel.Level Minimum log entry level. See [LogLevel.Level] for details.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata	google.protobuf.Any<UpdateApiGatewayMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<ApiGateway> if operation finished successfully.

UpdateApiGatewayMetadata

Field	Description
api_gateway_id	string ID of the API gateway that is being updated.

ApiGateway

Field	Description
id	string ID of the API gateway. Generated at creation time.
folder_id	string ID of the folder that the API gateway belongs to.
created_at	google.protobuf.Timestamp Creation timestamp for the API-gateway.
name	string Name of the API gateway. The name is unique within the folder.
description	string Description of the API gateway.
labels	map<string,string> API gateway labels as key:value pairs.
status	enum Status Status of the API gateway. CREATING: API gateway is being created. ACTIVE: API gateway is ready for use. DELETING: API gateway is being deleted. ERROR: API gateway failed. The only allowed action is delete. UPDATING: API gateway is being updated.
domain	string Default domain for the API gateway. Generated at creation time.
log_group_id	string ID of the log group for the API gateway.
attached_domains[]	AttachedDomain List of domains attached to API gateway.
connectivity	Connectivity Network access. If specified the gateway will be attached to specified network/subnet(s).
log_options	LogOptions Options for logging from the API gateway.

AttachedDomain

Field	Description
domain_id	string ID of the domain.
certificate_id	string ID of the domain certificate.
enabled	bool Enabling flag.
domain	string Name of the domain.

Delete

Deletes the specified API gateway.

rpc Delete (DeleteApiGatewayRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:DeleteApiGatewayMetadata

    Operation.response:google.protobuf.Empty

DeleteApiGatewayRequest

Field	Description
api_gateway_id	string Required. ID of the API gateway to update. To get a API gateway ID make a ApiGatewayService.List request.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata	google.protobuf.Any<DeleteApiGatewayMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<google.protobuf.Empty> if operation finished successfully.

DeleteApiGatewayMetadata

Field	Description
api_gateway_id	string ID of the API gateway that is being deleted.

AddDomain

Attaches domain to the specified API gateway.

rpc AddDomain (AddDomainRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:AddDomainMetadata

    Operation.response:google.protobuf.Empty

AddDomainRequest

Field	Description
api_gateway_id	string Required. ID of the API gateway that the domain is attached to.
domain_name	string Name of the attaching domain.
certificate_id	string ID of certificate for the attaching domain.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata	google.protobuf.Any<AddDomainMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<google.protobuf.Empty> if operation finished successfully.

AddDomainMetadata

Field	Description
api_gateway_id	string ID of the API gateway that the domain is attached to.
domain_id	string ID of the attached domain.
domain_name	string Name of the attaching domain.
certificate_id	string ID of the certificate for provided domain.

RemoveDomain

Detaches domain from the specified API gateway.

rpc RemoveDomain (RemoveDomainRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:RemoveDomainMetadata

    Operation.response:google.protobuf.Empty

RemoveDomainRequest

Field	Description
api_gateway_id	string Required. ID of the API gateway from which the domain is being detached.
domain_id	string Required. ID of the detaching domain.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata	google.protobuf.Any<RemoveDomainMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<google.protobuf.Empty> if operation finished successfully.

RemoveDomainMetadata

Field	Description
api_gateway_id	string ID of the API gateway from which the domain is being detached.
domain_id	string ID of the detaching domain.

GetOpenapiSpec

Returns the OpenAPI specification of specified API gateway.

rpc GetOpenapiSpec (GetOpenapiSpecRequest) returns (GetOpenapiSpecResponse)

GetOpenapiSpecRequest

Field	Description
api_gateway_id	string Required. ID of the API gateway to get specification from.
format	enum Format Format of returned specification. Default is the original format used in CreateApiGatewayRequest.

GetOpenapiSpecResponse

Field	Description
api_gateway_id	string ID of the API gateway.
openapi_spec	string The text of specification, JSON or YAML.

ListOperations

Lists operations for the specified API gateway.

rpc ListOperations (ListOperationsRequest) returns (ListOperationsResponse)

ListOperationsRequest

Field	Description
api_gateway_id	string Required. ID of the API gateway to list operations for.
page_size	int64 The maximum number of results per page that should be returned. If the number of available results is larger than pageSize, the service returns a ListOperationsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. Acceptable values are 0 to 1000, inclusive.
page_token	string Page token. To get the next page of results, set pageToken to the ListOperationsResponse.next_page_token returned by a previous list request. The maximum string length in characters is 100.
filter	string A filter expression that filters resources listed in the response. The expression must specify: The field name. Currently filtering can be applied to the operation.Operation.done, operation.Operation.created_by field. An = operator. The value in double quotes ("). Must be 3-63 characters long and match the regular expression [a-z][-a-z0-9]{1,61}[a-z0-9]. Examples of a filter: done=false, created_by='John.Doe'. The maximum string length in characters is 1000.

ListOperationsResponse

Field	Description
operations[]	operation.Operation List of operations for the specified API gateway.
next_page_token	string Token for getting the next page of the list. If the number of results is greater than the specified ListOperationsRequest.page_size, use nextPageToken as the value for the ListOperationsRequest.page_token parameter in the next list request. Each subsequent page will have its own nextPageToken to continue paging through the results.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata	google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.

ListAccessBindings

Lists existing access bindings for the specified API gateway.

rpc ListAccessBindings (ListAccessBindingsRequest) returns (ListAccessBindingsResponse)

ListAccessBindingsRequest

Field	Description
resource_id	string Required. ID of the resource to list access bindings for. To get the resource ID, use a corresponding List request. For example, use the yandex.cloud.resourcemanager.v1.CloudService.List request to get the Cloud resource ID. The maximum string length in characters is 50.
page_size	int64 The maximum number of results per page that should be returned. If the number of available results is larger than page_size, the service returns a ListAccessBindingsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
page_token	string Page token. Set page_token to the ListAccessBindingsResponse.next_page_token returned by a previous list request to get the next page of results. The maximum string length in characters is 100.

ListAccessBindingsResponse

Field	Description
access_bindings[]	AccessBinding List of access bindings for the specified resource.
next_page_token	string This token allows you to get the next page of results for list requests. If the number of results is larger than ListAccessBindingsRequest.page_size, use the next_page_token as the value for the ListAccessBindingsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

AccessBinding

Field	Description
role_id	string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject. The maximum string length in characters is 50.
subject	Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

Subject

Field	Description
id	string Required. ID of the subject. It can contain one of the following values: allAuthenticatedUsers: A special system identifier that represents anyone who is authenticated. It can be used only if the type is system. allUsers: A special system identifier that represents anyone. No authentication is required. For example, you don't need to specify the IAM token in an API query. <cloud generated id>: An identifier that represents a user account. It can be used only if the type is userAccount, federatedUser or serviceAccount. The maximum string length in characters is 50.
type	string Required. Type of the subject. It can contain one of the following values: userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud. serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource. federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory. system: System group. This type represents several accounts with a common system identifier. For more information, see Subject to which the role is assigned. The maximum string length in characters is 100.

SetAccessBindings

Sets access bindings for the specified API gateway.

rpc SetAccessBindings (SetAccessBindingsRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:SetAccessBindingsMetadata

    Operation.response:google.protobuf.Empty

SetAccessBindingsRequest

Field	Description
resource_id	string Required. ID of the resource for which access bindings are being set. To get the resource ID, use a corresponding List request. The maximum string length in characters is 50.
access_bindings[]	AccessBinding Required. Access bindings to be set. For more information, see Access Bindings.

AccessBinding

Field	Description
role_id	string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject. The maximum string length in characters is 50.
subject	Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

Subject

Field	Description
id	string Required. ID of the subject. It can contain one of the following values: allAuthenticatedUsers: A special system identifier that represents anyone who is authenticated. It can be used only if the type is system. allUsers: A special system identifier that represents anyone. No authentication is required. For example, you don't need to specify the IAM token in an API query. <cloud generated id>: An identifier that represents a user account. It can be used only if the type is userAccount, federatedUser or serviceAccount. The maximum string length in characters is 50.
type	string Required. Type of the subject. It can contain one of the following values: userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud. serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource. federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory. system: System group. This type represents several accounts with a common system identifier. For more information, see Subject to which the role is assigned. The maximum string length in characters is 100.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata	google.protobuf.Any<SetAccessBindingsMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<google.protobuf.Empty> if operation finished successfully.

SetAccessBindingsMetadata

Field	Description
resource_id	string ID of the resource for which access bindings are being set.

UpdateAccessBindings

Updates access bindings for the specified API gateway.

rpc UpdateAccessBindings (UpdateAccessBindingsRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:UpdateAccessBindingsMetadata

    Operation.response:google.protobuf.Empty

UpdateAccessBindingsRequest

Field	Description
resource_id	string Required. ID of the resource for which access bindings are being updated. The maximum string length in characters is 50.
access_binding_deltas[]	AccessBindingDelta Required. Updates to access bindings. The number of elements must be greater than 0.

AccessBindingDelta

Field	Description
action	enum AccessBindingAction Required. The action that is being performed on an access binding. ADD: Addition of an access binding. REMOVE: Removal of an access binding.
access_binding	AccessBinding Required. Access binding. For more information, see Access Bindings.

AccessBinding

Field	Description
role_id	string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject. The maximum string length in characters is 50.
subject	Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

Subject

Field	Description
id	string Required. ID of the subject. It can contain one of the following values: allAuthenticatedUsers: A special system identifier that represents anyone who is authenticated. It can be used only if the type is system. allUsers: A special system identifier that represents anyone. No authentication is required. For example, you don't need to specify the IAM token in an API query. <cloud generated id>: An identifier that represents a user account. It can be used only if the type is userAccount, federatedUser or serviceAccount. The maximum string length in characters is 50.
type	string Required. Type of the subject. It can contain one of the following values: userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud. serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource. federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory. system: System group. This type represents several accounts with a common system identifier. For more information, see Subject to which the role is assigned. The maximum string length in characters is 100.

Operation

Field	Description
id	string ID of the operation.
description	string Description of the operation. 0-256 characters long.
created_at	google.protobuf.Timestamp Creation timestamp.
created_by	string ID of the user or service account who initiated the operation.
modified_at	google.protobuf.Timestamp The time when the Operation resource was last modified.
done	bool If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata	google.protobuf.Any<UpdateAccessBindingsMetadata> Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result	oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
error	google.rpc.Status The error result of the operation in case of failure or cancellation.
response	google.protobuf.Any<google.protobuf.Empty> if operation finished successfully.

UpdateAccessBindingsMetadata

Field	Description
resource_id	string ID of the resource for which access bindings are being updated.