openapi-directory/api/googleapis.com/iam.json

Building & bundling https://github.com/APIs-guru/openapi-directory for easy use from JS

{"openapi":"3.0.0","servers":[{"url":"https://iam.googleapis.com/"}],"x-hasEquivalentPaths":true,"info":{"contact":{"name":"Google","url":"https://google.com","x-twitter":"youtube"},"description":"Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. ","license":{"name":"Creative Commons Attribution 3.0","url":"http://creativecommons.org/licenses/by/3.0/"},"termsOfService":"https://developers.google.com/terms/","title":"Identity and Access Management (IAM) API","version":"v2","x-apiClientRegistration":{"url":"https://console.developers.google.com"},"x-apisguru-categories":["analytics","media"],"x-logo":{"url":"https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png"},"x-origin":[{"format":"google","url":"https://iam.googleapis.com/$discovery/rest?version=v2","version":"v1"}],"x-preferred":true,"x-providerName":"googleapis.com","x-serviceName":"iam"},"externalDocs":{"url":"https://cloud.google.com/iam/"},"tags":[{"name":"policies"}],"paths":{"/v2/{name}":{"delete":{"description":"Deletes a policy. This action is permanent.","operationId":"iam.policies.delete","parameters":[{"description":"Required. The resource name of the policy to delete. Format: `policies/{attachment_point}/denypolicies/{policy_id}` Use the URL-encoded full resource name, which means that the forward-slash character, `/`, must be written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-policy`. For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID.","in":"path","name":"name","required":true,"schema":{"type":"string"}},{"description":"Optional. The expected `etag` of the policy to delete. If the value does not match the value that is stored in IAM, the request fails with a `409` error code and `ABORTED` status. If you omit this field, the policy is deleted regardless of its current `etag`.","in":"query","name":"etag","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleLongrunningOperation"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["policies"]},"get":{"description":"Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.","operationId":"iam.policies.operations.get","parameters":[{"description":"The name of the operation resource.","in":"path","name":"name","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleLongrunningOperation"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["policies"]},"parameters":[{"$ref":"#/components/parameters/_.xgafv"},{"$ref":"#/components/parameters/access_token"},{"$ref":"#/components/parameters/alt"},{"$ref":"#/components/parameters/callback"},{"$ref":"#/components/parameters/fields"},{"$ref":"#/components/parameters/key"},{"$ref":"#/components/parameters/oauth_token"},{"$ref":"#/components/parameters/prettyPrint"},{"$ref":"#/components/parameters/quotaUser"},{"$ref":"#/components/parameters/upload_protocol"},{"$ref":"#/components/parameters/uploadType"}],"put":{"description":"Updates the specified policy. You can update only the rules and the display name for the policy. To update a policy, you should use a read-modify-write loop: 1. Use GetPolicy to read the current version of the policy. 2. Modify the policy as needed. 3. Use `UpdatePolicy` to write the updated policy. This pattern helps prevent conflicts between concurrent updates.","operationId":"iam.policies.update","parameters":[{"description":"Immutable. The resource name of the `Policy`, which must be unique. Format: `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, `/`, must be written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the full resource name. For projects, requests can use the alphanumeric or the numeric ID. Responses always contain the numeric ID.","in":"path","name":"name","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleIamV2Policy"}}}},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleLongrunningOperation"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["policies"]}},"/v2/{parent}":{"get":{"description":"Retrieves the policies of the specified kind that are attached to a resource. The response lists only policy metadata. In particular, policy rules are omitted.","operationId":"iam.policies.listPolicies","parameters":[{"description":"Required. The resource that the policy is attached to, along with the kind of policy to list. Format: `policies/{attachment_point}/denypolicies` The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, `/`, must be written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID.","in":"path","name":"parent","required":true,"schema":{"type":"string"}},{"description":"The maximum number of policies to return. IAM ignores this value and uses the value 1000.","in":"query","name":"pageSize","schema":{"type":"integer"}},{"description":"A page token received in a ListPoliciesResponse. Provide this token to retrieve the next page.","in":"query","name":"pageToken","schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleIamV2ListPoliciesResponse"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["policies"]},"parameters":[{"$ref":"#/components/parameters/_.xgafv"},{"$ref":"#/components/parameters/access_token"},{"$ref":"#/components/parameters/alt"},{"$ref":"#/components/parameters/callback"},{"$ref":"#/components/parameters/fields"},{"$ref":"#/components/parameters/key"},{"$ref":"#/components/parameters/oauth_token"},{"$ref":"#/components/parameters/prettyPrint"},{"$ref":"#/components/parameters/quotaUser"},{"$ref":"#/components/parameters/upload_protocol"},{"$ref":"#/components/parameters/uploadType"}],"post":{"description":"Creates a policy.","operationId":"iam.policies.createPolicy","parameters":[{"description":"Required. The resource that the policy is attached to, along with the kind of policy to create. Format: `policies/{attachment_point}/denypolicies` The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, `/`, must be written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies`. For organizations and folders, use the numeric ID in the full resource name. For projects, you can use the alphanumeric or the numeric ID.","in":"path","name":"parent","required":true,"schema":{"type":"string"}},{"description":"The ID to use for this policy, which will become the final component of the policy's resource name. The ID must contain 3 to 63 characters. It can contain lowercase letters and numbers, as well as dashes (`-`) and periods (`.`). The first character must be a lowercase letter.","in":"query","name":"policyId","schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleIamV2Policy"}}}},"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GoogleLongrunningOperation"}}},"description":"Successful response"}},"security":[{"Oauth2":["https://www.googleapis.com/auth/cloud-platform"],"Oauth2c":["https://www.googleapis.com/auth/cloud-platform"]}],"tags":["policies"]}}},"components":{"parameters":{"_.xgafv":{"description":"V1 error format.","in":"query","name":"$.xgafv","schema":{"enum":["1","2"],"type":"string"}},"access_token":{"description":"OAuth access token.","in":"query","name":"access_token","schema":{"type":"string"}},"alt":{"description":"Data format for response.","in":"query","name":"alt","schema":{"enum":["json","media","proto"],"type":"string"}},"callback":{"description":"JSONP","in":"query","name":"callback","schema":{"type":"string"}},"fields":{"description":"Selector specifying which fields to include in a partial response.","in":"query","name":"fields","schema":{"type":"string"}},"key":{"description":"API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.","in":"query","name":"key","schema":{"type":"string"}},"oauth_token":{"description":"OAuth 2.0 token for the current user.","in":"query","name":"oauth_token","schema":{"type":"string"}},"prettyPrint":{"description":"Returns response with indentations and line breaks.","in":"query","name":"prettyPrint","schema":{"type":"boolean"}},"quotaUser":{"description":"Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.","in":"query","name":"quotaUser","schema":{"type":"string"}},"uploadType":{"description":"Legacy upload protocol for media (e.g. \"media\", \"multipart\").","in":"query","name":"uploadType","schema":{"type":"string"}},"upload_protocol":{"description":"Upload protocol for media (e.g. \"raw\", \"multipart\").","in":"query","name":"upload_protocol","schema":{"type":"string"}}},"schemas":{"GoogleCloudCommonOperationMetadata":{"description":"Represents the metadata of the long-running operation.","properties":{"apiVersion":{"description":"Output only. API version used to start the operation.","readOnly":true,"type":"string"},"cancelRequested":{"description":"Output only. Identifies whether the user has requested cancellation of the operation. Operations that have been cancelled successfully have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.","readOnly":true,"type":"boolean"},"createTime":{"description":"Output only. The time the operation was created.","format":"google-datetime","readOnly":true,"type":"string"},"endTime":{"description":"Output only. The time the operation finished running.","format":"google-datetime","readOnly":true,"type":"string"},"statusDetail":{"description":"Output only. Human-readable status of the operation, if any.","readOnly":true,"type":"string"},"target":{"description":"Output only. Server-defined resource path for the target of the operation.","readOnly":true,"type":"string"},"verb":{"description":"Output only. Name of the verb executed by the operation.","readOnly":true,"type":"string"}},"type":"object"},"GoogleIamAdminV1AuditData":{"description":"Audit log information specific to Cloud IAM admin APIs. This message is serialized as an `Any` type in the `ServiceData` message of an `AuditLog` message.","properties":{"permissionDelta":{"$ref":"#/components/schemas/GoogleIamAdminV1AuditDataPermissionDelta","description":"The permission_delta when when creating or updating a Role."}},"type":"object"},"GoogleIamAdminV1AuditDataPermissionDelta":{"description":"A PermissionDelta message to record the added_permissions and removed_permissions inside a role.","properties":{"addedPermissions":{"description":"Added permissions.","items":{"type":"string"},"type":"array"},"removedPermissions":{"description":"Removed permissions.","items":{"type":"string"},"type":"array"}},"type":"object"},"GoogleIamV1BindingDelta":{"description":"One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.","properties":{"action":{"description":"The action that was performed on a Binding. Required","enum":["ACTION_UNSPECIFIED","ADD","REMOVE"],"type":"string"},"condition":{"$ref":"#/components/schemas/GoogleTypeExpr","description":"The condition that is associated with this binding."},"member":{"description":"A single identity requesting access for a Google Cloud resource. Follows the same format of Binding.members. Required","type":"string"},"role":{"description":"Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Required","type":"string"}},"type":"object"},"GoogleIamV1LoggingAuditData":{"description":"Audit log information specific to Cloud IAM. This message is serialized as an `Any` type in the `ServiceData` message of an `AuditLog` message.","properties":{"policyDelta":{"$ref":"#/components/schemas/GoogleIamV1PolicyDelta","description":"Policy delta between the original policy and the newly set policy."}},"type":"object"},"GoogleIamV1PolicyDelta":{"description":"The difference delta between two policies.","properties":{"bindingDeltas":{"description":"The delta for Bindings between two policies.","items":{"$ref":"#/components/schemas/GoogleIamV1BindingDelta"},"type":"array"}},"type":"object"},"GoogleIamV1betaWorkloadIdentityPoolOperationMetadata":{"description":"Metadata for long-running WorkloadIdentityPool operations.","properties":{},"type":"object"},"GoogleIamV2DenyRule":{"description":"A deny rule in an IAM deny policy.","properties":{"denialCondition":{"$ref":"#/components/schemas/GoogleTypeExpr","description":"The condition that determines whether this deny rule applies to a request. If the condition expression evaluates to `true`, then the deny rule is applied; otherwise, the deny rule is not applied. Each deny rule is evaluated independently. If this deny rule does not apply to a request, other deny rules might still apply. The condition can use CEL functions that evaluate [resource tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other functions and operators are not supported."},"deniedPermissions":{"description":"The permissions that are explicitly denied by this rule. Each permission uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`.","items":{"type":"string"},"type":"array"},"deniedPrincipals":{"description":"The identities that are prevented from using one or more permissions on Google Cloud resources. This field can contain the following values: * `principal://goog/subject/{email_id}`: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example, `principal://goog/subject/alice@example.com`. * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`: A Google Cloud service account. For example, `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`. * `principalSet://goog/group/{group_id}`: A Google group. For example, `principalSet://goog/group/admins@example.com`. * `principalSet://goog/public:all`: A special identifier that represents any principal that is on the internet, even if they do not have a Google Account or are not logged in. * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example, `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific Google Account that was deleted recently. For example, `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account. * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group that was deleted recently. For example, `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If the Google group is restored, this identifier reverts to the standard identifier for a Google group. * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`: A Google Cloud service account that was deleted recently. For example, `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`. If the service account is undeleted, this identifier reverts to the standard identifier for a service account. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.","items":{"type":"string"},"type":"array"},"exceptionPermissions":{"description":"Specifies the permissions that this rule excludes from the set of denied permissions given by `denied_permissions`. If a permission appears in `denied_permissions` _and_ in `exception_permissions` then it will _not_ be denied. The excluded permissions can be specified using the same syntax as `denied_permissions`.","items":{"type":"string"},"type":"array"},"exceptionPrincipals":{"description":"The identities that are excluded from the deny rule, even if they are listed in the `denied_principals`. For example, you could add a Google group to the `denied_principals`, then exclude specific users who belong to that group. This field can contain the same values as the `denied_principals` field, excluding `principalSet://goog/public:all`, which represents all users on the internet.","items":{"type":"string"},"type":"array"}},"type":"object"},"GoogleIamV2ListPoliciesResponse":{"description":"Response message for `ListPolicies`.","properties":{"nextPageToken":{"description":"A page token that you can use in a ListPoliciesRequest to retrieve the next page. If this field is omitted, there are no additional pages.","type":"string"},"policies":{"description":"Metadata for the policies that are attached to the resource.","items":{"$ref":"#/components/schemas/GoogleIamV2Policy"},"type":"array"}},"type":"object"},"GoogleIamV2Policy":{"description":"Data for an IAM policy.","properties":{"annotations":{"additionalProperties":{"type":"string"},"description":"A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters. Values can be up to 255 characters.","type":"object"},"createTime":{"description":"Output only. The time when the `Policy` was created.","format":"google-datetime","readOnly":true,"type":"string"},"deleteTime":{"description":"Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.","format":"google-datetime","readOnly":true,"type":"string"},"displayName":{"description":"A user-specified description of the `Policy`. This value can be up to 63 characters.","type":"string"},"etag":{"description":"An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help manage concurrent updates, so they do not cause one update to be overwritten by another. If this field is present in a CreatePolicyRequest, the value is ignored.","type":"string"},"kind":{"description":"Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.","readOnly":true,"type":"string"},"name":{"description":"Immutable. The resource name of the `Policy`, which must be unique. Format: `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, `/`, must be written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the full resource name. For projects, requests can use the alphanumeric or the numeric ID. Responses always contain the numeric ID.","type":"string"},"rules":{"description":"A list of rules that specify the behavior of the `Policy`. All of the rules should be of the `kind` specified in the `Policy`.","items":{"$ref":"#/components/schemas/GoogleIamV2PolicyRule"},"type":"array"},"uid":{"description":"Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is created.","type":"string"},"updateTime":{"description":"Output only. The time when the `Policy` was last updated.","format":"google-datetime","readOnly":true,"type":"string"}},"type":"object"},"GoogleIamV2PolicyOperationMetadata":{"description":"Metadata for long-running `Policy` operations.","properties":{"createTime":{"description":"Timestamp when the `google.longrunning.Operation` was created.","format":"google-datetime","type":"string"}},"type":"object"},"GoogleIamV2PolicyRule":{"description":"A single rule in a `Policy`.","properties":{"denyRule":{"$ref":"#/components/schemas/GoogleIamV2DenyRule","description":"A rule for a deny policy."},"description":{"description":"A user-specified description of the rule. This value can be up to 256 characters.","type":"string"}},"type":"object"},"GoogleLongrunningOperation":{"description":"This resource represents a long-running operation that is the result of a network API call.","properties":{"done":{"description":"If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.","type":"boolean"},"error":{"$ref":"#/components/schemas/GoogleRpcStatus","description":"The error result of the operation in case of failure or cancellation."},"metadata":{"additionalProperties":{"description":"Properties of the object. Contains field @type with type URL."},"description":"Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.","type":"object"},"name":{"description":"The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.","type":"string"},"response":{"additionalProperties":{"description":"Properties of the object. Contains field @type with type URL."},"description":"The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.","type":"object"}},"type":"object"},"GoogleRpcStatus":{"description":"The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).","properties":{"code":{"description":"The status code, which should be an enum value of google.rpc.Code.","format":"int32","type":"integer"},"details":{"description":"A list of messages that carry the error details. There is a common set of message types for APIs to use.","items":{"additionalProperties":{"description":"Properties of the object. Contains field @type with type URL."},"type":"object"},"type":"array"},"message":{"description":"A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.","type":"string"}},"type":"object"},"GoogleTypeExpr":{"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() < 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.","properties":{"description":{"description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","type":"string"},"expression":{"description":"Textual representation of an expression in Common Expression Language syntax.","type":"string"},"location":{"description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","type":"string"},"title":{"description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","type":"string"}},"type":"object"}},"securitySchemes":{"Oauth2":{"description":"Oauth 2.0 implicit authentication","flows":{"implicit":{"authorizationUrl":"https://accounts.google.com/o/oauth2/auth","scopes":{"https://www.googleapis.com/auth/cloud-platform":"See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."}}},"type":"oauth2"},"Oauth2c":{"description":"Oauth 2.0 authorizationCode authentication","flows":{"authorizationCode":{"authorizationUrl":"https://accounts.google.com/o/oauth2/auth","scopes":{"https://www.googleapis.com/auth/cloud-platform":"See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."},"tokenUrl":"https://accounts.google.com/o/oauth2/token"}},"type":"oauth2"}}}}