Access Approval API

Name: Access Approval API API
Brand: Access Approval API
Availability: InStock

✓ Official Vendor SpecSecurityComplianceoauth27 EndpointsREST

For Agents

Manage Google Cloud Access Approval settings and respond to approval requests so an agent can grant, dismiss, or invalidate Google personnel access on a project or organisation.

Quickstart

Get started with Access Approval API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"list pending google cloud access approval requests"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Access Approval API API.

Configure Access Approval settings on a project, folder, or organisation, including notification recipients and enrolled services

List pending and historical approval requests for a given resource scope

Approve a specific access request to grant Google personnel time-bound access to customer data

Dismiss an approval request to deny Google personnel access while preserving the audit record

GET STARTED

Start building with Access Approval API API

Explore with Jentic

View OpenAPI Spec

Use for: List all pending Access Approval requests on a project, Approve an Access Approval request for a Google support case, Dismiss an Access Approval request that was raised against a non-production folder, Invalidate an active Access Approval to revoke Google personnel access

Not supported: Does not handle IAM role grants, VPC perimeter policies, or audit log retrieval — use for managing Access Approval settings and decisions only.

The Access Approval API gives Google Cloud customers explicit control over when Google personnel can access their data. It exposes operations to configure approval settings on a project, folder, or organisation, list pending approval requests, and approve, dismiss, or invalidate each request. Compliance and security teams use it to satisfy regulatory requirements that demand documented, customer-approved access by the cloud provider's support staff.

Use Cases

Patterns agents use Access Approval API API for, with concrete tasks.

★ Regulated Workload Compliance

A financial services team running regulated workloads on Google Cloud requires that every Google support engineer accessing their data is explicitly approved by a named officer. The Access Approval API exposes list, approve, dismiss, and invalidate operations on approvalRequests, with each decision captured in audit logs for downstream review.

List all PENDING approvalRequests under organizations/123456789, summarise each by requested resource and reason, and post a Slack message to the security channel with one-click approve and dismiss actions.

Centralised Settings Management

A platform team manages Access Approval settings across hundreds of GCP projects from a central tool. The API exposes settings.get and updateAccessApprovalSettings on every project, folder, and organisation, so the team can roll out a uniform notification list and enrolled-service set without clicking through the console.

For every project under folders/987, set the Access Approval notification email to security-on-call@example.com and enrol all GA Google Cloud services.

Incident Response Revocation

When a Google support case is closed, an incident-response runbook revokes the corresponding Access Approval to ensure no further Google personnel access. The invalidate operation immediately ends an approved access window while preserving the original approval record for audit.

Given a support case ID, find the matching approvalRequest, call invalidate, and write the resulting state to the incident timeline.

AI Agent Compliance Triage

An AI agent embedded in the security operations console reviews Access Approval requests through Jentic. It summarises the requested resource, the stated reason, and any related support case before recommending approval or dismissal to the on-call officer.

Pull the latest 5 PENDING approvalRequests, look up each requested resource type, and reply with a recommended action and a one-paragraph justification.

Key Endpoints

7 endpoints — the access approval api gives google cloud customers explicit control over when google personnel can access their data.

METHOD

PATH

DESCRIPTION

GET

/v1/{+parent}/approvalRequests

List approval requests under a project, folder, or organisation

GET

/v1/{+name}

Get a single approval request or settings resource

POST

/v1/{+name}:approve

Approve an access request

POST

/v1/{+name}:dismiss

Dismiss an access request

POST

/v1/{+name}:invalidate

Invalidate a previously approved request

GET

/v1/{+parent}/approvalRequests

List approval requests under a project, folder, or organisation

GET

/v1/{+name}

Get a single approval request or settings resource

POST

/v1/{+name}:approve

Approve an access request

POST

/v1/{+name}:dismiss

Dismiss an access request

POST

/v1/{+name}:invalidate

Invalidate a previously approved request

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth 2.0 credentials are stored encrypted in the Jentic vault (MAXsystem) and exchanged for short-lived access tokens at request time. The agent never sees the refresh token directly, and scope is limited to the IAM roles granted to the service principal.

Intent-based discovery

Agents search by intent (e.g., 'approve google access request') and Jentic returns the matching approve, dismiss, or invalidate operation with its input schema.

Time to first call

Direct integration: 1-3 days for OAuth setup, IAM role provisioning, and audit-log plumbing. Through Jentic: under 1 hour — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Access Context Manager API

Define attribute-based access policies for Google Cloud services on the same organisation

Use Access Context Manager to set perimeter and access-level policies and Access Approval to control Google-personnel access to data inside those perimeters.

Complementary

Google Cloud IAM API

Manage service accounts, roles, and policy bindings across the same projects

Use IAM to grant the accessapproval.approver role to the right principals before delegating approve/dismiss to an agent.

Complementary

Cloud Resource Manager API

Enumerate projects, folders, and organisations targeted by Access Approval settings

Use Cloud Resource Manager first to list the projects under an organisation, then iterate Access Approval settings across them.

FAQs

Specific to using Access Approval API API through Jentic.

What authentication does the Access Approval API use?

It uses Google OAuth 2.0 with the https://www.googleapis.com/auth/cloud-platform scope. The calling principal must hold the accessapproval.requests.approve and accessapproval.settings.update IAM roles on the target project, folder, or organisation. Jentic stores the OAuth credential in its encrypted vault and exchanges it for short-lived access tokens at request time.

Can I approve a request without using the Cloud Console UI?

Yes. POST /v1/{name}:approve approves a specific approvalRequest by resource name, where name follows the format projects/{project}/approvalRequests/{request_id}. The same path supports :dismiss and :invalidate for the other state transitions.

What are the rate limits for the Access Approval API?

Google does not publish a dedicated quota for Access Approval. Calls count against the standard Google Cloud APIs per-project quota, which defaults to 600 read requests and 60 write requests per minute. Approval decisions are inherently low-volume, so default quotas are rarely a constraint.

How do I list pending approval requests through Jentic?

Run jentic search 'list pending google cloud access approval requests', load the approvalRequests.list operation, and execute it with the parent resource (e.g., projects/my-project) and a filter of state=PENDING. The agent receives a typed list of requests with requestedResourceName and requestedReason.

Is the Access Approval API free?

Yes. There is no per-call charge for the Access Approval API. Customers must enrol the service on their organisation, and the underlying Google Cloud services that emit approval requests are billed normally.