Access Context Manager API

Name: Access Context Manager API API
Brand: Access Context Manager API
Availability: InStock

✓ Official Vendor SpecSecurityComplianceoauth222 EndpointsREST

For Agents

Define and manage Google Cloud access policies, access levels, and service perimeters so an agent can enforce attribute-based access control and VPC Service Controls programmatically.

Quickstart

Get started with Access Context Manager API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a service perimeter in google cloud"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Access Context Manager API API.

Create and manage access policies scoped to a Google Cloud organisation

Define access levels using boolean expressions over device posture, IP ranges, and identity attributes

Configure service perimeters that restrict which projects can read or write to specified Google Cloud services

List the GCP services supported by VPC Service Controls so policies stay in sync with new launches

GET STARTED

Start building with Access Context Manager API API

Explore with Jentic

View OpenAPI Spec

Use for: I need to create a new access level that requires a corp-managed device, List all service perimeters in an organisation, Add a project to an existing service perimeter, Get the current configuration of a specific access policy

Not supported: Does not handle IAM role grants, audit log retrieval, or Google personnel access decisions — use for managing access policies, access levels, and service perimeters only.

The Access Context Manager API lets Google Cloud organisations define attribute-based access controls on requests to Google Cloud services. It exposes operations to manage access policies, access levels (boolean expressions over device, IP, and identity attributes), and service perimeters that restrict data movement between projects. Security and platform teams use it to enforce zero-trust controls and to build VPC Service Controls perimeters around regulated workloads.

Use Cases

Patterns agents use Access Context Manager API API for, with concrete tasks.

★ VPC Service Controls Rollout

A platform team wraps regulated GCP projects in a VPC Service Controls perimeter to prevent data exfiltration. The Access Context Manager API exposes accessPolicies and servicePerimeters operations so the team can define perimeter resources, add projects, and stage changes via dry-run before committing to enforcement.

Create a service perimeter named 'regulated-data' under accessPolicies/123, add projects/billing-prod and projects/audit-prod, and restrict storage.googleapis.com and bigquery.googleapis.com.

Conditional Access Levels

A security team enforces that only managed devices on the corporate IP range can call sensitive admin APIs. Access Context Manager exposes access-level resources whose conditions combine device posture, IP CIDR, and identity attributes; the team attaches the access level to IAM Conditions to gate access at the API edge.

Create an access level 'corp-managed' under accessPolicies/123 that requires devicePolicy.requireCorpOwned=true and an IP in 203.0.113.0/24.

Cross-Organisation Ingress Allowlisting

A multi-tenant SaaS hosting customer data in different organisations whitelists specific partner orgs to reach a shared analytics perimeter. Authorized orgs descriptors expose the partner allowlist, and ingress and egress policies on the perimeter reference those descriptors to permit defined flows.

Create an authorizedOrgsDescriptor named 'partner-org' listing the customer's organisation IDs, and reference it from the ingress policy of the analytics perimeter.

AI Agent Policy Audit

An AI agent embedded in the platform tooling reviews every access policy weekly through Jentic. It enumerates access levels and perimeters, flags overly broad IP ranges or unrestricted services, and posts a summary to the security review channel.

List every accessLevel in accessPolicies/123, identify any with an IP condition broader than /16 or a missing device-policy clause, and reply with a markdown audit summary.

Key Endpoints

22 endpoints — the access context manager api lets google cloud organisations define attribute-based access controls on requests to google cloud services.

METHOD

PATH

DESCRIPTION

GET

/v1/accessPolicies

List access policies under an organisation

POST

/v1/accessPolicies

Create a new access policy

GET

/v1/services

List Google Cloud services supported by VPC Service Controls

GET

/v1/{+name}

Get an access policy, level, perimeter, or service resource

POST

/v1/{+name}:cancel

Cancel an in-progress long-running operation

GET

/v1/accessPolicies

List access policies under an organisation

POST

/v1/accessPolicies

Create a new access policy

GET

/v1/services

List Google Cloud services supported by VPC Service Controls

GET

/v1/{+name}

Get an access policy, level, perimeter, or service resource

POST

/v1/{+name}:cancel

Cancel an in-progress long-running operation

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth 2.0 credentials are stored encrypted in the Jentic vault (MAXsystem) and exchanged for short-lived access tokens at request time. The agent never sees the refresh token directly, and scope is limited by the IAM roles bound to the principal.

Intent-based discovery

Agents search by intent (e.g., 'create access level for corp devices') and Jentic returns the matching accessLevels.create or servicePerimeters.replaceAll operation with its input schema.

Time to first call

Direct integration: 2-5 days for OAuth setup, IAM role provisioning, and dry-run perimeter validation. Through Jentic: under 2 hours — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Access Approval API

Approve or dismiss Google personnel access requests against the same organisation

Use Access Approval to control Google support access and Access Context Manager to control end-user and service access — they cover different attack surfaces of the same organisation.

Complementary

Google Cloud IAM API

Manage IAM policies and Conditions that reference access levels

Use IAM to bind an access-level condition to a role grant — Access Context Manager defines the level, IAM enforces it on principal-role bindings.

Complementary

Cloud Resource Manager API

List projects and folders that perimeters reference

Use Cloud Resource Manager to discover projects under an organisation before adding them to a service perimeter.

FAQs

Specific to using Access Context Manager API API through Jentic.

What authentication does the Access Context Manager API use?

It uses Google OAuth 2.0 with the https://www.googleapis.com/auth/cloud-platform scope. The calling principal needs the accesscontextmanager.policyAdmin or policyEditor role on the access policy. Jentic stores the OAuth credential in its encrypted vault and exchanges it for short-lived access tokens at request time.

Can I create a service perimeter without disrupting traffic?

Yes. The API supports dry-run perimeters via servicePerimeters.replaceAll and the commit operation. Dry-run perimeters log violations without blocking traffic, so teams can validate the perimeter scope and then call accessPolicies.servicePerimeters.commit to enforce.

What are the rate limits for the Access Context Manager API?

The default quota is 60 write requests and 600 read requests per minute per organisation, shared across access policies, levels, and perimeters. Long-running operations (perimeter creates and updates) return an Operation resource that the client polls until done.

How do I list all service perimeters in an organisation through Jentic?

Run jentic search 'list service perimeters in google cloud', load the accessPolicies.servicePerimeters.list operation, and execute it with the parent set to accessPolicies/{policy_id}. The agent receives a typed list of perimeter resources with their restrictedServices and resources arrays.

Is the Access Context Manager API free?

Yes. There is no per-call charge for Access Context Manager. The underlying Google Cloud services that the perimeters protect are billed normally.