API Keys API

Name: API Keys API API
Brand: API Keys API
Availability: InStock

✓ Official Vendor SpecSecuritySecrets Managementoauth28 EndpointsREST

For Agents

Create, restrict, and rotate Google Cloud API keys for projects. Useful for agents that need to provision scoped credentials for unauthenticated APIs like Maps, Translate, or Cloud Vision public quotas.

Quickstart

Get started with API Keys API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a restricted google cloud api key"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with API Keys API API.

Create API keys scoped to specific Google APIs and clients

Restrict keys by IP, HTTP referrer, Android package, or iOS bundle

Rotate keys by creating a new key and deleting the old one

Undelete a recently deleted key within the recovery window

Look up the project and metadata for a given key string

GET STARTED

Start building with API Keys API API

Explore with Jentic

View OpenAPI Spec

Use Cases

Patterns agents use API Keys API API for, with concrete tasks.

★ Scoped API key provisioning for client apps

Mobile and web teams provision API keys restricted to a specific app identifier so that even if the key is extracted from the binary, it cannot be used elsewhere. The keys.create operation accepts api targets and client restrictions in one call, replacing console clicks with reproducible scripts.

Create an API key under projects/p restricted to Android package com.example.app with SHA-1 ABC123 and limited to API target maps-android-backend.googleapis.com.

Scheduled key rotation

Security teams rotate API keys on a schedule. The agent creates a new key with the same restrictions, swaps it into the application config, then deletes the old key. The undelete endpoint provides a safety net inside the recovery window if rotation breaks something.

Create a new key cloning restrictions of key K-old, push the new key string to Secret Manager, then delete K-old.

Leaked key triage

When a key shows up in a public repo or alert, security uses keys.lookupKey to find which project owns it, then deletes it from that project. Combined with audit logs the team can identify the leak source and rotate the affected service.

Call /v2/keys:lookupKey with the suspect key string, then delete the returned key resource and post the audit log link to the incident channel.

AI agent credential lifecycle through Jentic

An AI agent acting on infra tickets handles 'rotate maps key' or 'create scoped key for new mobile build' by calling Jentic-mediated API Keys operations. The agent never holds the project's service account JSON, only short-lived scoped tokens at execution.

On ticket 'rotate maps key for android build', create a new restricted key, return its key string in an encrypted reply, and delete the previous key after the requester confirms.

Key Endpoints

8 endpoints — the google cloud api keys api manages the api keys associated with developer projects.

METHOD

PATH

DESCRIPTION

GET

/v2/keys:lookupKey

Look up the project and metadata for a key string

DELETE

/v2/{+name}

Delete an API key

GET

/v2/{+name}/keyString

Retrieve the secret key string for a key resource

POST

/v2/{+name}:undelete

Undelete a recently deleted key

GET

/v2/{+parent}/keys

List API keys under a project

GET

/v2/keys:lookupKey

Look up the project and metadata for a key string

DELETE

/v2/{+name}

Delete an API key

GET

/v2/{+name}/keyString

Retrieve the secret key string for a key resource

POST

/v2/{+name}:undelete

Undelete a recently deleted key

GET

/v2/{+parent}/keys

List API keys under a project

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

The Google Cloud service account that manages keys is stored encrypted in the Jentic vault. Agents call API Keys operations through Jentic with scoped access tokens; the management credentials and the API key strings themselves never leak into agent prompts or logs.

Intent-based discovery

Agents search Jentic with phrases like 'create restricted api key' or 'rotate api key' and Jentic returns the matching operation with its input schema, so the agent does not have to navigate the small but easily mis-used key restriction model.

Time to first call

Direct integration: half a day to wire create, restrict, and rotate flows. Through Jentic: under one hour to start provisioning and rotating restricted keys.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

App Engine Admin API

Hosts services that consume API keys for unauthenticated outbound calls.

Use App Engine for the runtime; use API Keys to provision and rotate scoped credentials those services use.

Complementary

API Gateway API

Accepts API key auth for traffic into deployed gateways.

Use API Gateway to enforce API key auth at the edge; use API Keys to mint and restrict the keys consumers will use.

Alternative

Apigee API

Issues consumer keys with quotas for full-lifecycle API management.

Choose Apigee consumer keys when you need product-level grouping, quotas, and developer portals; choose Google API Keys for direct, scoped credentials to Google services.

FAQs

Specific to using API Keys API API through Jentic.

What authentication does the Google API Keys API use?

OAuth 2.0 with Google Cloud credentials. Note this is the management API for API keys themselves; the keys it produces are then used to authenticate calls to other Google APIs that accept API keys. Through Jentic, the management credentials are vaulted.

Can I restrict an API key to a single Google API?

Yes. The key resource accepts a restrictions block with apiTargets, where each target lists the service name (e.g. translate.googleapis.com) and optional methods. Calls to other services with that key will be rejected.

What are the rate limits for the Google API Keys API?

Standard Google Cloud per-project per-minute quotas apply to management calls. Key rotations are infrequent operations; the data-plane quota of services authenticated by the key is enforced separately by each target service.

How do I create a restricted API key through Jentic?

Search Jentic for 'create google api key', load the schema for the keys.create operation, and execute it with the parent project, displayName, and restrictions block (apiTargets plus client restriction). Jentic returns the operation handle to poll until done.

Is the Google API Keys API free?

Yes. Managing API keys carries no separate fee. Costs accrue only when the keys are used to call paid services like Maps, Translate, or Vision.

Can I recover a deleted API key?

Yes, within the recovery window. Call /v2/{+name}:undelete on the deleted key resource. After the recovery window the key is purged and cannot be restored; create a new key instead.