Network Services API

Name: Network Services API API
Brand: Network Services API
Availability: InStock

✓ Official Vendor SpecCloud InfrastructureNetworkingoauth238 EndpointsREST

For Agents

Configure Google Cloud application networking — gateways, service mesh, HTTP/gRPC routes, and traffic extensions — through 38 control-plane endpoints.

Quickstart

Get started with Network Services API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a google cloud http route"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Network Services API API.

Provision gateways and meshes that front backend services with L7 routing

Author HTTP, gRPC, TCP, and TLS routes that map traffic to backend service buckets

Attach service and authz extensions that mutate requests or call external auth servers

Bind individual services into a mesh with service bindings for east-west routing

GET STARTED

Start building with Network Services API API

Explore with Jentic

View OpenAPI Document

Use for: I need to create a new gateway in us-central1, Set up an HTTP route that forwards /api/* to a backend service, Add an authz extension that calls an external IDP for request authorization, List all service bindings attached to a mesh

Not supported: Does not handle VPC firewall enforcement, DNS resolution, or backend service compute provisioning — use for application-layer routing and extension resources only.

The Network Services API manages Google Cloud's application-aware networking resources — gateways, meshes, endpoint policies, HTTP/gRPC/TCP/TLS routes, service bindings, and authorization extensions. It is the control plane for Cloud Service Mesh and managed networking resources that route traffic to backend services with L7 logic. Use it to configure traffic routing, attach service extensions for custom request/response processing, and bind services to meshes. The spec exposes 38 endpoints across regional locations.

Use Cases

Patterns agents use Network Services API API for, with concrete tasks.

★ L7 traffic routing for Cloud Service Mesh

Define HTTP, gRPC, TCP, and TLS routes that direct traffic into backend services based on host, path, headers, and SNI. The Network Services API stores these routes as first-class resources tied to meshes and gateways, enabling progressive delivery patterns like header-based canaries and traffic splits without restarting workloads. Best for teams running gRPC microservices behind Cloud Service Mesh.

Create an HTTP route in us-central1 that sends 90 percent of /checkout traffic to backend service checkout-stable and 10 percent to checkout-canary.

Service extensions for request mutation and auth

Attach lb-traffic and authz extensions that intercept traffic at the load balancer and either mutate headers or call an external authorization server before the request hits the backend. Useful for centralised header injection, custom WAF logic, or zero-trust auth that needs to consult an OPA or external IDP. The extension model means you write the policy logic once and apply it across many routes.

Create an lbTrafficExtension that calls a Cloud Run service to add a custom request-id header, then attach it to forwarding rule fr-prod-https.

Mesh service binding and endpoint policy

Bind individual backend services into a mesh via service bindings and apply endpoint policies that govern how sidecars in the mesh treat traffic for those endpoints. The API treats mesh, service binding, and endpoint policy as separate resources so teams can independently manage membership, routing, and per-endpoint security overrides. Useful for multi-cluster GKE deployments managed centrally.

Create a service binding that attaches the service projects/p/locations/global/services/payments to mesh prod-mesh, then list all bindings on the mesh.

Agent-driven traffic policy automation via Jentic

An AI agent responding to a deployment event can use Jentic to find the right Network Services operation — for example, updating an HTTP route to flip the canary split — and execute it without holding raw OAuth tokens. This lets release bots and SRE chatbots steer production traffic with auditable, scoped credentials. Jentic returns the operation schema so the agent can construct the request body correctly.

Use Jentic to find the operation that updates an HTTP route, load its schema, and shift the traffic weight for backend checkout-canary from 10 to 50.

Key Endpoints

38 endpoints — the network services api manages google cloud's application-aware networking resources — gateways, meshes, endpoint policies, http/grpc/tcp/tls routes, service bindings, and authorization extensions.

METHOD

PATH

DESCRIPTION

POST

/v1/{+parent}/httpRoutes

Create an HTTP route

POST

/v1/{+parent}/grpcRoutes

Create a gRPC route

POST

/v1/{+parent}/gateways

Create a managed gateway

POST

/v1/{+parent}/meshes

Create a service mesh

POST

/v1/{+parent}/serviceBindings

Bind a service into a mesh

POST

/v1/{+parent}/authzExtensions

Create an authz extension

GET

/v1/{+name}/operations

List long-running operations

POST

/v1/{+parent}/httpRoutes

Create an HTTP route

POST

/v1/{+parent}/grpcRoutes

Create a gRPC route

POST

/v1/{+parent}/gateways

Create a managed gateway

POST

/v1/{+parent}/meshes

Create a service mesh

POST

/v1/{+parent}/serviceBindings

Bind a service into a mesh

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth 2.0 access tokens are minted from a service account stored in the Jentic vault (MAXsystem). Agents call the API with scoped, short-lived tokens — the service-account key never enters their context.

Intent-based discovery

Agents search Jentic with intents like update http route or attach authz extension and Jentic returns the matching Network Services operation, its required scopes, and its input schema.

Time to first call

Direct integration with the Network Services API: 1-2 days to handle OAuth, regional endpoints, and long-running operations. Through Jentic: under 30 minutes — search, load, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Compute Engine API

Compute Engine manages backend services and forwarding rules referenced by Network Services routes

Use Compute Engine when the agent needs to create or modify the backend service, NEG, or forwarding rule that a Network Services route targets.

Complementary

Network Security API

Network Security defines TLS and authorization policies that bind into Network Services gateways

Use Network Security when the agent needs to set TLS or authorization policy; use Network Services to attach those policies via gateway and route resources.

Complementary

Cloud DNS API

Cloud DNS resolves the hostnames that Network Services gateways serve

Use Cloud DNS when the agent needs to add or update the DNS record that points users at a gateway IP.

FAQs

Specific to using Network Services API API through Jentic.

What authentication does the Network Services API use?

The API uses Google OAuth 2.0 with the cloud-platform scope. Through Jentic, tokens are minted from a service account stored in the Jentic vault and never exposed to the agent.

Can I create traffic splits with HTTP routes?

Yes. POST to /v1/{+parent}/httpRoutes with destinations carrying weight values to split traffic across multiple backend services for canary or blue/green rollouts.

What are the rate limits for the Network Services API?

Google Cloud applies per-project quotas for mutating control-plane operations, generally a few hundred per minute. Treat large fan-outs as long-running by polling the returned operation rather than retrying writes.

How do I attach an authz extension through Jentic?

Search Jentic for create authz extension, load the schema for the POST on /v1/{+parent}/authzExtensions, and execute it with the extension body. The Jentic SDK returns the long-running operation handle for status polling.

Does this API enforce TLS termination on packets?

No — the API is a control plane that registers route, gateway, and extension resources. The actual TLS termination and routing happens inside Google's load balancer and Envoy data planes.

How do I bind a service into a mesh?

POST to /v1/{+parent}/serviceBindings with the service resource name and the target mesh; existing bindings are listed via GET on the same path.