Cloud Resource Manager API

Name: Cloud Resource Manager API API
Brand: Cloud Resource Manager API
Availability: InStock

✓ Official Vendor SpecCloud InfrastructureComputeoauth228 EndpointsREST

For Agents

Programmatically create, list, and update GCP projects, folders, organizations, and tags, plus manage IAM bindings on those resource containers. Lets agents structure tenancy and apply policy across a Google Cloud hierarchy.

Quickstart

Get started with Cloud Resource Manager API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a google cloud project"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Cloud Resource Manager API API.

Create and undelete GCP projects under a parent folder or organization

Search and list folders, organizations, and projects accessible to the caller

Get, set, and test IAM policies on projects, folders, and organizations

Apply tag keys and tag values to resources for policy and billing segmentation

GET STARTED

Start building with Cloud Resource Manager API API

Explore with Jentic

View OpenAPI Document

Use for: I need to create a new Google Cloud project under a folder, List all folders my service account can access, Search for projects whose display name contains a keyword, Get the IAM policy attached to a specific organization

Not supported: Does not provision compute, storage, or networking resources, and does not manage service account keys — use for the GCP project, folder, organization, and tag hierarchy only.

The Cloud Resource Manager API creates, reads, and updates metadata for Google Cloud Platform resource containers including projects, folders, organizations, tag keys, and tag values. It exposes hierarchical IAM controls for managing access to those containers and supports lien protection to prevent accidental project deletion. Resource Manager is the foundation for organizing GCP resources at scale and underpins billing, policy enforcement, and asset inventory across the platform.

Use Cases

Patterns agents use Cloud Resource Manager API API for, with concrete tasks.

★ Programmatic Project Provisioning

Automate the creation of new Google Cloud projects for each customer, environment, or workload. Cloud Resource Manager exposes project create, get, and update operations alongside folder placement so platform teams can spin up isolated tenants on demand and attach the correct billing account and tags. End-to-end provisioning typically completes in under a minute per project.

Create a new project named acme-prod-eu under folder folders/12345 and tag it with environment=production

Hierarchy-Wide IAM Audit

Enumerate organizations, folders, and projects to retrieve their IAM policies and identify over-permissioned principals or stale bindings. Cloud Resource Manager pairs search endpoints with getIamPolicy on every container, giving compliance teams a single source for hierarchy-wide access reviews without scraping the console.

Iterate through every project in organizations/9999 and return any binding granting roles/owner to a non-corporate identity

Tag-Driven Cost Allocation

Apply tag keys and tag values to projects and folders so billing exports and policy controls can group spend by team, product, or environment. Cloud Resource Manager creates tag bindings programmatically, letting finance and platform teams roll out a consistent tagging taxonomy across thousands of projects without manual click-ops.

Create tag value tagValues/cost-center-42 under tag key environment and bind it to project projects/acme-prod-eu

Agent-Driven Landing Zone Setup

An AI agent invoked through Jentic can stand up a complete landing zone by calling Cloud Resource Manager to create the folder structure, provision projects, and apply baseline IAM and tag policies. Because Jentic returns the operation schema directly, the agent does not need to crawl Google's discovery docs to build each request.

Use Jentic to search 'create gcp project', load the projects.create schema, and provision three projects under folders/dev, folders/stage, and folders/prod

Key Endpoints

28 endpoints — the cloud resource manager api creates, reads, and updates metadata for google cloud platform resource containers including projects, folders, organizations, tag keys, and tag values.

METHOD

PATH

DESCRIPTION

POST

/v3/projects

Create a new GCP project

GET

/v3/projects:search

Search projects accessible to the caller

GET

/v3/folders

List folders under a parent

POST

/v3/folders

Create a folder in the resource hierarchy

GET

/v3/effectiveTags

Look up effective tags inherited on a resource

POST

/v3/liens

Place a lien to block project deletion

POST

/v3/projects

Create a new GCP project

GET

/v3/projects:search

Search projects accessible to the caller

GET

/v3/folders

List folders under a parent

POST

/v3/folders

Create a folder in the resource hierarchy

GET

/v3/effectiveTags

Look up effective tags inherited on a resource

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth 2.0 client credentials and refresh tokens for Cloud Resource Manager are encrypted in the Jentic vault. Agents receive scoped, short-lived access tokens at execution time — long-lived secrets never enter the agent context.

Intent-based discovery

Agents search Jentic with intents like 'create a gcp project' or 'set iam policy on folder' and Jentic returns the matching Resource Manager operation along with its request schema, so the agent calls the correct endpoint without parsing Google's discovery document.

Time to first call

Direct integration with Cloud Resource Manager: 1-3 days for OAuth setup, scope review, and long-running operation polling. Through Jentic: under 1 hour — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Identity and Access Management (IAM) API

Manages service accounts, roles, and keys that Resource Manager IAM policies reference

Use IAM API when you need to mint a service account or define a custom role; use Resource Manager when you need to bind those identities to a project, folder, or organization

Complementary

Compute Engine API

Provisions VMs and networks inside the projects Resource Manager creates

After Resource Manager creates a project, switch to Compute Engine to launch the actual workload resources

Alternative

Cloud Deployment Manager API

Declarative resource provisioning that can also create projects and apply IAM

Choose Deployment Manager when you want a template-driven, idempotent rollout; choose Resource Manager when you need direct imperative control over a single container

FAQs

Specific to using Cloud Resource Manager API API through Jentic.

What authentication does the Cloud Resource Manager API use?

It uses Google OAuth 2.0 with scopes such as https://www.googleapis.com/auth/cloud-platform and https://www.googleapis.com/auth/cloud-platform.read-only. Through Jentic, the OAuth refresh token and client secret are stored in the Jentic vault and never exposed to the agent runtime.

Can I create new GCP projects with the Cloud Resource Manager API?

Yes. Send a POST to /v3/projects with the parent folder or organization, a project ID, and a display name. The endpoint returns a long-running operation that you can poll until the project is fully provisioned.

What are the rate limits for the Cloud Resource Manager API?

Google enforces per-project read and write quotas on Resource Manager, with mutating operations like project creation and IAM policy updates limited far more aggressively than reads. Run heavy hierarchy scans against the search endpoints with backoff and request quota increases for large landing-zone rollouts.

How do I apply tag bindings to a project through Jentic?

Search Jentic for 'apply tag binding to gcp project', load the tagBindings.create schema, and execute a call against /v3/tagBindings with the parent project resource name and the tag value. Jentic returns the input schema so the agent can fill the required fields without reading Google's discovery doc.

Is the Cloud Resource Manager API free?

The API itself has no per-call charge — you only pay for the underlying Google Cloud resources you create. Quota limits apply at the project level even when usage is free.

How does the API handle deletion protection?

Place a lien on a project via /v3/liens to block deletion until the lien is removed. Liens are useful guard rails when an agent or CI pipeline has broad project-write permissions but you want explicit confirmation before destructive actions.