Service Networking API

Name: Service Networking API API
Brand: Service Networking API
Availability: InStock

✓ Official Vendor SpecCloud InfrastructureNetworkingoauth225 EndpointsREST

For Agents

Configure private VPC peerings, allocated IP ranges, and DNS zones between Google's managed services and a consumer VPC.

Quickstart

Get started with Service Networking API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a private services access connection"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Service Networking API API.

Create and update private VPC peering connections between a producer service and a consumer VPC

Allocate, list, and delete private IP ranges that producer services can use

Manage producer-side DNS zones and DNS records that resolve inside the consumer network

Configure VPC Service Controls policies on a service connection

GET STARTED

Start building with Service Networking API API

Explore with Jentic

View OpenAPI Document

Use for: Set up private services access for Cloud SQL on my VPC, Allocate a /16 internal range for a new managed service connection, List all VPC peerings my consumer project has with Google services, Delete a stale producer DNS zone

Not supported: Does not handle VPC creation, public load balancing, or general DNS administration — use for producer-consumer VPC peering, allocated ranges, and producer DNS for managed services only.

Service Networking automates the network plumbing required for managed Google Cloud services that need private connectivity into a customer's VPC, like Cloud SQL, Memorystore, and AlloyDB. The API lets you create and manage VPC peerings between a producer service and a consumer VPC, allocate private IP ranges from the consumer side, manage DNS zones for the producer service, and configure VPC Service Controls. It is the control plane behind 'Private services access' in the GCP UI.

Use Cases

Patterns agents use Service Networking API API for, with concrete tasks.

★ Private Services Access for Managed Databases

Provision the VPC peering and reserved IP range that Cloud SQL, Memorystore, AlloyDB, and similar managed services need to reach customer workloads on private IPs. Service Networking creates the producer-side network, peers it with the consumer VPC, and tracks the allocated ranges so the same setup can host many service instances.

Call POST /v1/services/{serviceName}/connections with the consumer VPC network and reservedPeeringRanges set to the allocated range name.

Network Range Lifecycle Management

Allocate, expand, and reclaim private IP ranges as your portfolio of managed services grows. The API exposes addRoles and removePrivateUsedIpRange-style operations under the connections resource, plus IP range management on the consumer side, so operators can extend ranges without manually editing route tables.

Call PATCH /v1/services/{serviceName}/connections/{connectionId} with reservedPeeringRanges updated to include the new range, then poll the long-running operation.

Hybrid DNS Resolution

Configure producer-side DNS zones and records so that consumer workloads resolve managed-service hostnames inside the peered network without leaking through public DNS. Use the dnsRecordSets and dnsZones operations to add CNAMEs, manage forwarding behaviour, and audit records over time.

Call POST /v1/services/{serviceName}/projects/{projectNumber}/global/networks/{network}/dnsZones to create a private zone for the managed service domain.

AI Agent Network Provisioner

An AI agent automates network setup for new managed-service deployments — picking a non-overlapping range, creating the peering, configuring DNS, and reporting back when the long-running operation finishes. Through Jentic the agent searches for the right operation by intent and never holds the customer's GCP service account credentials directly.

Allocate a /20 range that does not collide with existing subnets, call services/{service}/connections to create the peering, then verify with services/{service}/connections.list.

Key Endpoints

25 endpoints — service networking automates the network plumbing required for managed google cloud services that need private connectivity into a customer's vpc, like cloud sql, memorystore, and alloydb.

METHOD

PATH

DESCRIPTION

POST

/v1/services/{serviceName}/connections

Create a VPC peering connection

GET

/v1/services/{serviceName}/connections

List existing connections

PATCH

/v1/services/{serviceName}/connections/{connectionId}

Update a connection's allocated ranges

POST

/v1/services/{serviceName}:addSubnetwork

Add a producer subnetwork to the connection

POST

/v1/services/{serviceName}/dnsZones:add

Add a producer DNS zone

POST

/v1/services/{serviceName}/dnsRecordSets:add

Add a DNS record set inside a producer zone

POST

/v1/services/{serviceName}/connections

Create a VPC peering connection

GET

/v1/services/{serviceName}/connections

List existing connections

PATCH

/v1/services/{serviceName}/connections/{connectionId}

Update a connection's allocated ranges

POST

/v1/services/{serviceName}:addSubnetwork

Add a producer subnetwork to the connection

POST

/v1/services/{serviceName}/dnsZones:add

Add a producer DNS zone

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

GCP service account credentials and OAuth tokens are stored encrypted in the Jentic MAXsystem vault. Agents call Service Networking with a short-lived scoped access token, and never see the long-lived key material, even across multi-VPC provisioning runs.

Intent-based discovery

Agents search Jentic by intent (e.g. 'create a private services access connection') and Jentic returns the matching services.connections.create operation with its full input schema, so the agent does not have to navigate the producer-side network resource model.

Time to first call

Direct integration: 2-5 days to handle peering, allocated ranges, DNS zones, and operation polling. Through Jentic: under 1 hour — search, load, execute, with long-running operations tracked at the SDK layer.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Google Compute Engine API

Owns the consumer VPC networks and IP ranges that Service Networking peers into.

Use Compute Engine to create and inspect the VPC. Use Service Networking to peer it with managed services.

Complementary

Google Cloud DNS API

Manages broader DNS zones and records that complement Service Networking's producer-side DNS.

Use Cloud DNS for general DNS administration. Use Service Networking for DNS specific to managed-service connections.

Complementary

Google Service Management API

Publishes the service definitions that then use Service Networking for private connectivity.

Use Service Management to publish a service. Use Service Networking to plumb its private network access.

Alternative

Google Service Usage API

Manages whether services are enabled on a project, an alternative entry point for service-level admin.

Use Service Usage to flip APIs on or off. Use Service Networking when the next step is private connectivity.

FAQs

Specific to using Service Networking API API through Jentic.

What authentication does the Service Networking API use?

It uses OAuth 2.0 with the cloud-platform or service.management scope and IAM permissions like roles/servicenetworking.networksAdmin on the consumer project. Through Jentic the credentials are stored encrypted in MAXsystem and a scoped token is provided at execution.

Which Google services use Service Networking under the hood?

Cloud SQL private IP, Memorystore for Redis, AlloyDB, Filestore, and several other managed services rely on Service Networking peerings to reach customer VPCs. The same API provisions all of them through the servicenetworking.googleapis.com producer.

What are the rate limits for the Service Networking API?

Google enforces a default per-project quota of 600 read requests per minute and 60 write requests per minute. Most write actions are long-running operations because peering and IP allocation involve VPC programming.

How do I create a private services access connection through Jentic?

Run the Jentic search query 'create a service networking connection', load POST /v1/services/{service}/connections, and execute it with the consumer network and reservedPeeringRanges. Jentic handles the OAuth token and operation polling.

Can I expand an allocated range without recreating the connection?

Yes. PATCH the connection with an updated reservedPeeringRanges list that includes the additional range. Service Networking widens the peering in place; existing service instances continue to work.

Does the API support VPC Service Controls?

Yes. The vpcServiceControls subresource on a connection lets you read and write the VPC-SC policy that governs traffic between the producer and consumer networks for that managed service.