package google.api

Get desktop application:
View/edit binary Protocol Buffers messages

Generated advice about this change, used for providing more information about how a change will affect the existing service.

Used in: ConfigChange

• string description = 2

  Useful description for why this advice was applied and what actions should be taken to mitigate any implied risks.

Configuration for an authentication provider, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).

Used in: Authentication

• string id = 1

  The unique identifier of the auth provider. It will be referred to by `AuthRequirement.provider_id`. Example: "bookstore_auth".

• string issuer = 2

  Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

• string jwks_uri = 3

  URL of the provider's public key set to validate signature of the JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). Optional if the key set document: - can be retrieved from [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of the issuer. - can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs

• string audiences = 4

  The list of JWT [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences: - "https://[service.name]/[google.protobuf.Api.name]" - "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService - https://library-example.googleapis.com/ Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

• string authorization_url = 5

  Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

• repeated JwtLocation jwt_locations = 6

  Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations] (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations) JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations: - header: Authorization value_prefix: "Bearer " - header: x-goog-iap-jwt-assertion - query: access_token

User-defined authentication requirements, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).

Used in: AuthenticationRule

• string provider_id = 1

  [id][google.api.AuthProvider.id] from authentication provider. Example: provider_id: bookstore_auth

• string audiences = 2

  NOTE: This will be deprecated soon, once AuthProvider.audiences is implemented and accepted in all the runtime components. The list of JWT [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService". Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

`Authentication` defines the authentication configuration for API methods provided by an API service. Example: name: calendar.googleapis.com authentication: providers: - id: google_calendar_auth jwks_uri: https://www.googleapis.com/oauth2/v1/certs issuer: https://securetoken.google.com rules: - selector: "*" requirements: provider_id: google_calendar_auth - selector: google.calendar.Delegate oauth: canonical_scopes: https://www.googleapis.com/auth/calendar.read

Used in: Service

• repeated AuthenticationRule rules = 3

  A list of authentication rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order.

• repeated AuthProvider providers = 4

  Defines a set of authentication providers that a service supports.

Authentication rules for the service. By default, if a method has any authentication requirements, every request must include a valid credential matching one of the requirements. It's an error to include more than one kind of credential in a single request. If a method doesn't have any auth requirements, request credentials will be ignored.

Used in: Authentication

• string selector = 1

  Selects the methods to which this rule applies. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.

• optional OAuthRequirements oauth = 2

  The requirements for OAuth credentials.

• bool allow_without_credential = 5

  If true, the service accepts API keys without any other credential. This flag only applies to HTTP and gRPC requests.

• repeated AuthRequirement requirements = 7

  Requirements for additional authentication providers.

`Backend` defines the backend configuration for a service.

Used in: Service

• repeated BackendRule rules = 1

  A list of API backend rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order.

A backend rule provides configuration for an individual API element.

Used in: Backend

• string selector = 1

  Selects the methods to which this rule applies. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.

• string address = 2

  The address of the API backend. The scheme is used to determine the backend protocol and security. The following schemes are accepted: SCHEME PROTOCOL SECURITY http:// HTTP None https:// HTTP TLS grpc:// gRPC None grpcs:// gRPC TLS It is recommended to explicitly include a scheme. Leaving out the scheme may cause constrasting behaviors across platforms. If the port is unspecified, the default is: - 80 for schemes without TLS - 443 for schemes with TLS For HTTP backends, use [protocol][google.api.BackendRule.protocol] to specify the protocol version.

• double deadline = 3

  The number of seconds to wait for a response from a request. The default varies based on the request protocol and deployment environment.

• double min_deadline = 4

  Deprecated, do not use.

• double operation_deadline = 5

  The number of seconds to wait for the completion of a long running operation. The default is no deadline.

• BackendRule.PathTranslation path_translation = 6

• oneof authentication

  Authentication settings used by the backend. These are typically used to provide service management functionality to a backend served on a publicly-routable URL. The `authentication` details should match the authentication behavior used by the backend. For example, specifying `jwt_audience` implies that the backend expects authentication via a JWT. When authentication is unspecified, the resulting behavior is the same as `disable_auth` set to `true`. Refer to https://developers.google.com/identity/protocols/OpenIDConnect for JWT ID token.

  • string jwt_audience = 7

    The JWT audience is used when generating a JWT ID token for the backend. This ID token will be added in the HTTP "authorization" header, and sent to the backend.

  • bool disable_auth = 8

    When disable_auth is true, a JWT ID token won't be generated and the original "Authorization" HTTP header will be preserved. If the header is used to carry the original token and is expected by the backend, this field must be set to true to preserve the header.

• string protocol = 9

  The protocol used for sending a request to the backend. The supported values are "http/1.1" and "h2". The default value is inferred from the scheme in the [address][google.api.BackendRule.address] field: SCHEME PROTOCOL http:// http/1.1 https:// http/1.1 grpc:// h2 grpcs:// h2 For secure HTTP backends (https://) that support HTTP/2, set this field to "h2" for improved performance. Configuring this field to non-default values is only supported for secure HTTP backends. This field will be ignored for all other backends. See https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids for more details on the supported values.

• map<string, BackendRule> overrides_by_request_protocol = 10

  The map between request protocol and the backend address.

Path Translation specifies how to combine the backend address with the request path in order to produce the appropriate forwarding URL for the request. Path Translation is applicable only to HTTP-based backends. Backends which do not accept requests over HTTP/HTTPS should leave `path_translation` unspecified.

Used in: BackendRule

• PATH_TRANSLATION_UNSPECIFIED = 0

• CONSTANT_ADDRESS = 1

  Use the backend address as-is, with no modification to the path. If the URL pattern contains variables, the variable names and values will be appended to the query string. If a query string parameter and a URL pattern variable have the same name, this may result in duplicate keys in the query string. # Examples Given the following operation config: Method path: /api/company/{cid}/user/{uid} Backend address: https://example.cloudfunctions.net/getUser Requests to the following request paths will call the backend at the translated path: Request path: /api/company/widgetworks/user/johndoe Translated: https://example.cloudfunctions.net/getUser?cid=widgetworks&uid=johndoe Request path: /api/company/widgetworks/user/johndoe?timezone=EST Translated: https://example.cloudfunctions.net/getUser?timezone=EST&cid=widgetworks&uid=johndoe

• APPEND_PATH_TO_ADDRESS = 2

  The request path will be appended to the backend address. # Examples Given the following operation config: Method path: /api/company/{cid}/user/{uid} Backend address: https://example.appspot.com Requests to the following request paths will call the backend at the translated path: Request path: /api/company/widgetworks/user/johndoe Translated: https://example.appspot.com/api/company/widgetworks/user/johndoe Request path: /api/company/widgetworks/user/johndoe?timezone=EST Translated: https://example.appspot.com/api/company/widgetworks/user/johndoe?timezone=EST

Billing related configuration of the service. The following example shows how to configure monitored resources and metrics for billing, `consumer_destinations` is the only supported destination and the monitored resources need at least one label key `cloud.googleapis.com/location` to indicate the location of the billing usage, using different monitored resources between monitoring and billing is recommended so they can be evolved independently: monitored_resources: - type: library.googleapis.com/billing_branch labels: - key: cloud.googleapis.com/location description: | Predefined label to support billing location restriction. - key: city description: | Custom label to define the city where the library branch is located in. - key: name description: Custom label to define the name of the library branch. metrics: - name: library.googleapis.com/book/borrowed_count metric_kind: DELTA value_type: INT64 unit: "1" billing: consumer_destinations: - monitored_resource: library.googleapis.com/billing_branch metrics: - library.googleapis.com/book/borrowed_count

Used in: Service

• repeated Billing.BillingDestination consumer_destinations = 8

  Billing configurations for sending metrics to the consumer project. There can be multiple consumer destinations per service, each one must have a different monitored resource type. A metric can be used in at most one consumer destination.

Configuration of a specific billing destination (Currently only support bill against consumer project).

Used in: Billing

• string monitored_resource = 1

  The monitored resource type. The type must be defined in [Service.monitored_resources][google.api.Service.monitored_resources] section.

• repeated string metrics = 2

  Names of the metrics to report to this billing destination. Each name must be defined in [Service.metrics][google.api.Service.metrics] section.

Classifies set of possible modifications to an object in the service configuration.

Used in: ConfigChange

• CHANGE_TYPE_UNSPECIFIED = 0

  No value was provided.

• ADDED = 1

  The changed object exists in the 'new' service configuration, but not in the 'old' service configuration.

• REMOVED = 2

  The changed object exists in the 'old' service configuration, but not in the 'new' service configuration.

• MODIFIED = 3

  The changed object exists in both service configurations, but its value is different.

To where should client libraries be published?

Used in: CommonLanguageSettings

• CLIENT_LIBRARY_DESTINATION_UNSPECIFIED = 0

  Client libraries will neither be generated nor published to package managers.

• GITHUB = 10

  Generate the client library in a repo under github.com/googleapis, but don't publish it to package managers.

• PACKAGE_MANAGER = 20

  Publish the library to package managers like nuget.org and npmjs.com.

The organization for which the client libraries are being published. Affects the url where generated docs are published, etc.

Used in: Publishing

• CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED = 0

  Not useful.

• CLOUD = 1

  Google Cloud Platform Org.

• ADS = 2

  Ads (Advertising) Org.

• PHOTOS = 3

  Photos Org.

• STREET_VIEW = 4

  Street View Org.

• SHOPPING = 5

  Shopping Org.

• GEO = 6

  Geo Org.

• GENERATIVE_AI = 7

  Generative AI - https://developers.generativeai.google

Details about how and where to publish client libraries.

Used in: Publishing

• string version = 1

  Version of the API to apply these settings to. This is the full protobuf package for the API, ending in the version element. Examples: "google.cloud.speech.v1" and "google.spanner.admin.database.v1".

• LaunchStage launch_stage = 2

  Launch stage of this version of the API.

• bool rest_numeric_enums = 3

  When using transport=rest, the client request will encode enums as numbers rather than strings.

• optional JavaSettings java_settings = 21

  Settings for legacy Java features, supported in the Service YAML.

• optional CppSettings cpp_settings = 22

  Settings for C++ client libraries.

• optional PhpSettings php_settings = 23

  Settings for PHP client libraries.

• optional PythonSettings python_settings = 24

  Settings for Python client libraries.

• optional NodeSettings node_settings = 25

  Settings for Node client libraries.

• optional DotnetSettings dotnet_settings = 26

  Settings for .NET client libraries.

• optional RubySettings ruby_settings = 27

  Settings for Ruby client libraries.

• optional GoSettings go_settings = 28

  Settings for Go client libraries.

Required information for every language.

Used in: CppSettings, DotnetSettings, GoSettings, JavaSettings, NodeSettings, PhpSettings, PythonSettings, RubySettings

• string reference_docs_uri = 1

  Link to automatically generated reference documentation. Example: https://cloud.google.com/nodejs/docs/reference/asset/latest

• repeated ClientLibraryDestination destinations = 2

  The destination where API teams want this client library to be published.

• optional SelectiveGapicGeneration selective_gapic_generation = 3

  Configuration for which RPCs should be generated in the GAPIC client.

Output generated from semantically comparing two versions of a service configuration. Includes detailed information about a field that have changed with applicable advice about potential consequences for the change, such as backwards-incompatibility.

• string element = 1

  Object hierarchy path to the change, with levels separated by a '.' character. For repeated fields, an applicable unique identifier field is used for the index (usually selector, name, or id). For maps, the term 'key' is used. If the field has no unique identifier, the numeric index is used. Examples: - visibility.rules[selector=="google.LibraryService.ListBooks"].restriction - quota.metric_rules[selector=="google"].metric_costs[key=="reads"].value - logging.producer_destinations[0]

• string old_value = 2

  Value of the changed object in the old Service configuration, in JSON format. This field will not be populated if ChangeType == ADDED.

• string new_value = 3

  Value of the changed object in the new Service configuration, in JSON format. This field will not be populated if ChangeType == REMOVED.

• ChangeType change_type = 4

  The type for this change, either ADDED, REMOVED, or MODIFIED.

• repeated Advice advices = 5

  Collection of advice provided for this change, useful for determining the possible impact of this change.

`Context` defines which contexts an API requests. Example: context: rules: - selector: "*" requested: - google.rpc.context.ProjectContext - google.rpc.context.OriginContext The above specifies that all methods in the API request `google.rpc.context.ProjectContext` and `google.rpc.context.OriginContext`. Available context types are defined in package `google.rpc.context`. This also provides mechanism to allowlist any protobuf message extension that can be sent in grpc metadata using “x-goog-ext-<extension_id>-bin” and “x-goog-ext-<extension_id>-jspb” format. For example, list any service specific protobuf types that can appear in grpc metadata as follows in your yaml file: Example: context: rules: - selector: "google.example.library.v1.LibraryService.CreateBook" allowed_request_extensions: - google.foo.v1.NewExtension allowed_response_extensions: - google.foo.v1.NewExtension You can also specify extension ID instead of fully qualified extension name here.

Used in: Service

• repeated ContextRule rules = 1

  A list of RPC context rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order.

A context rule provides information about the context for an individual API element.

Used in: Context

• string selector = 1

  Selects the methods to which this rule applies. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.

• repeated string requested = 2

  A list of full type names of requested contexts, only the requested context will be made available to the backend.

• repeated string provided = 3

  A list of full type names of provided contexts. It is used to support propagating HTTP headers and ETags from the response extension.

• repeated string allowed_request_extensions = 4

  A list of full type names or extension IDs of extensions allowed in grpc side channel from client to backend.

• repeated string allowed_response_extensions = 5

  A list of full type names or extension IDs of extensions allowed in grpc side channel from backend to client.

Selects and configures the service controller used by the service. Example: control: environment: servicecontrol.googleapis.com

Used in: Service

• string environment = 1

  The service controller environment to use. If empty, no control plane feature (like quota and billing) will be enabled. The recommended value for most services is servicecontrol.googleapis.com

• repeated MethodPolicy method_policies = 4

  Defines policies applying to the API methods of the service.

Settings for C++ client libraries.

Used in: ClientLibrarySettings

• optional CommonLanguageSettings common = 1

  Some settings.

A custom pattern is used for defining custom HTTP verb.

Used in: HttpRule

• string kind = 1

  The name of this custom HTTP verb.

• string path = 2

  The path matched by this custom verb.

`Distribution` contains summary statistics for a population of values. It optionally contains a histogram representing the distribution of those values across a set of buckets. The summary statistics are the count, mean, sum of the squared deviation from the mean, the minimum, and the maximum of the set of population of values. The histogram is based on a sequence of buckets and gives a count of values that fall into each bucket. The boundaries of the buckets are given either explicitly or by formulas for buckets of fixed or exponentially increasing widths. Although it is not forbidden, it is generally a bad idea to include non-finite values (infinities or NaNs) in the population of values, as this will render the `mean` and `sum_of_squared_deviation` fields meaningless.

• int64 count = 1

  The number of values in the population. Must be non-negative. This value must equal the sum of the values in `bucket_counts` if a histogram is provided.

• double mean = 2

  The arithmetic mean of the values in the population. If `count` is zero then this field must be zero.

• double sum_of_squared_deviation = 3

  The sum of squared deviations from the mean of the values in the population. For values x_i this is: Sum[i=1..n]((x_i - mean)^2) Knuth, "The Art of Computer Programming", Vol. 2, page 232, 3rd edition describes Welford's method for accumulating this sum in one pass. If `count` is zero then this field must be zero.

• optional Distribution.Range range = 4

  If specified, contains the range of the population values. The field must not be present if the `count` is zero.

• optional Distribution.BucketOptions bucket_options = 6

  Defines the histogram bucket boundaries. If the distribution does not contain a histogram, then omit this field.

• repeated int64 bucket_counts = 7

  The number of values in each bucket of the histogram, as described in `bucket_options`. If the distribution does not have a histogram, then omit this field. If there is a histogram, then the sum of the values in `bucket_counts` must equal the value in the `count` field of the distribution. If present, `bucket_counts` should contain N values, where N is the number of buckets specified in `bucket_options`. If you supply fewer than N values, the remaining values are assumed to be 0. The order of the values in `bucket_counts` follows the bucket numbering schemes described for the three bucket types. The first value must be the count for the underflow bucket (number 0). The next N-2 values are the counts for the finite buckets (number 1 through N-2). The N'th value in `bucket_counts` is the count for the overflow bucket (number N-1).

• repeated Distribution.Exemplar exemplars = 10

  Must be in increasing order of `value` field.

`BucketOptions` describes the bucket boundaries used to create a histogram for the distribution. The buckets can be in a linear sequence, an exponential sequence, or each bucket can be specified explicitly. `BucketOptions` does not include the number of values in each bucket. A bucket has an inclusive lower bound and exclusive upper bound for the values that are counted for that bucket. The upper bound of a bucket must be strictly greater than the lower bound. The sequence of N buckets for a distribution consists of an underflow bucket (number 0), zero or more finite buckets (number 1 through N - 2) and an overflow bucket (number N - 1). The buckets are contiguous: the lower bound of bucket i (i > 0) is the same as the upper bound of bucket i - 1. The buckets span the whole range of finite values: lower bound of the underflow bucket is -infinity and the upper bound of the overflow bucket is +infinity. The finite buckets are so-called because both bounds are finite.

Used in: Distribution

• oneof options

  Exactly one of these three fields must be set.

  • BucketOptions.Linear linear_buckets = 1

    The linear bucket.

  • BucketOptions.Exponential exponential_buckets = 2

    The exponential buckets.

  • BucketOptions.Explicit explicit_buckets = 3

    The explicit buckets.

Specifies a set of buckets with arbitrary widths. There are `size(bounds) + 1` (= N) buckets. Bucket `i` has the following boundaries: Upper bound (0 <= i < N-1): bounds[i] Lower bound (1 <= i < N); bounds[i - 1] The `bounds` field must contain at least one element. If `bounds` has only one element, then there are no finite buckets, and that single element is the common boundary of the overflow and underflow buckets.

Used in: BucketOptions

• repeated double bounds = 1

  The values must be monotonically increasing.

Specifies an exponential sequence of buckets that have a width that is proportional to the value of the lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket. There are `num_finite_buckets + 2` (= N) buckets. Bucket `i` has the following boundaries: Upper bound (0 <= i < N-1): scale * (growth_factor ^ i). Lower bound (1 <= i < N): scale * (growth_factor ^ (i - 1)).

Used in: BucketOptions

• int32 num_finite_buckets = 1

  Must be greater than 0.

• double growth_factor = 2

  Must be greater than 1.

• double scale = 3

  Must be greater than 0.

Specifies a linear sequence of buckets that all have the same width (except overflow and underflow). Each bucket represents a constant absolute uncertainty on the specific value in the bucket. There are `num_finite_buckets + 2` (= N) buckets. Bucket `i` has the following boundaries: Upper bound (0 <= i < N-1): offset + (width * i). Lower bound (1 <= i < N): offset + (width * (i - 1)).

Used in: BucketOptions

• int32 num_finite_buckets = 1

  Must be greater than 0.

• double width = 2

  Must be greater than 0.

• double offset = 3

  Lower bound of the first bucket.

Exemplars are example points that may be used to annotate aggregated distribution values. They are metadata that gives information about a particular value added to a Distribution bucket, such as a trace ID that was active when a value was added. They may contain further information, such as a example values and timestamps, origin, etc.

Used in: Distribution

• double value = 1

  Value of the exemplar point. This value determines to which bucket the exemplar belongs.

• optional protobuf.Timestamp timestamp = 2

  The observation (sampling) time of the above value.

• repeated protobuf.Any attachments = 3

  Contextual information about the example value. Examples are: Trace: type.googleapis.com/google.monitoring.v3.SpanContext Literal string: type.googleapis.com/google.protobuf.StringValue Labels dropped during aggregation: type.googleapis.com/google.monitoring.v3.DroppedLabels There may be only a single attachment of any given message type in a single exemplar, and this is enforced by the system.

The range of the population values.

Used in: Distribution

• double min = 1

  The minimum of the population values.

• double max = 2

  The maximum of the population values.

`Documentation` provides the information for describing a service. Example: <pre><code>documentation: summary: > The Google Calendar API gives access to most calendar features. pages: - name: Overview content: &#40;== include google/foo/overview.md ==&#41; - name: Tutorial content: &#40;== include google/foo/tutorial.md ==&#41; subpages: - name: Java content: &#40;== include google/foo/tutorial_java.md ==&#41; rules: - selector: google.calendar.Calendar.Get description: > ... - selector: google.calendar.Calendar.Put description: > ... </code></pre> Documentation is provided in markdown syntax. In addition to standard markdown features, definition lists, tables and fenced code blocks are supported. Section headers can be provided and are interpreted relative to the section nesting of the context where a documentation fragment is embedded. Documentation from the IDL is merged with documentation defined via the config at normalization time, where documentation provided by config rules overrides IDL provided. A number of constructs specific to the API platform are supported in documentation text. In order to reference a proto element, the following notation can be used: <pre><code>&#91;fully.qualified.proto.name]&#91;]</code></pre> To override the display text used for the link, this can be used: <pre><code>&#91;display text]&#91;fully.qualified.proto.name]</code></pre> Text can be excluded from doc using the following notation: <pre><code>&#40;-- internal comment --&#41;</code></pre> A few directives are available in documentation. Note that directives must appear on a single line to be properly identified. The `include` directive includes a markdown file from an external source: <pre><code>&#40;== include path/to/file ==&#41;</code></pre> The `resource_for` directive marks a message to be the resource of a collection in REST view. If it is not specified, tools attempt to infer the resource from the operations in a collection: <pre><code>&#40;== resource_for v1.shelves.books ==&#41;</code></pre> The directive `suppress_warning` does not directly affect documentation and is documented together with service config validation.

Used in: Service

• string summary = 1

  A short description of what the service does. The summary must be plain text. It becomes the overview of the service displayed in Google Cloud Console. NOTE: This field is equivalent to the standard field `description`.

• repeated Page pages = 5

  The top level pages for the documentation set.

• repeated DocumentationRule rules = 3

  A list of documentation rules that apply to individual API elements. **NOTE:** All service configuration rules follow "last one wins" order.

• string documentation_root_url = 4

  The URL to the root of documentation.

• string service_root_url = 6

  Specifies the service root url if the default one (the service name from the yaml file) is not suitable. This can be seen in any fully specified service urls as well as sections that show a base that other urls are relative to.

• string overview = 2

  Declares a single overview page. For example: <pre><code>documentation: summary: ... overview: &#40;== include overview.md ==&#41; </code></pre> This is a shortcut for the following declaration (using pages style): <pre><code>documentation: summary: ... pages: - name: Overview content: &#40;== include overview.md ==&#41; </code></pre> Note: you cannot specify both `overview` field and `pages` field.

A documentation rule provides information about individual API elements.

Used in: Documentation

• string selector = 1

  The selector is a comma-separated list of patterns for any element such as a method, a field, an enum value. Each pattern is a qualified name of the element which may end in "*", indicating a wildcard. Wildcards are only allowed at the end and for a whole component of the qualified name, i.e. "foo.*" is ok, but not "foo.b*" or "foo.*.bar". A wildcard will match one or more components. To specify a default for all applicable elements, the whole pattern "*" is used.

• string description = 2

  Description of the selected proto element (e.g. a message, a method, a 'service' definition, or a field). Defaults to leading & trailing comments taken from the proto source definition of the proto element.

• string deprecation_description = 3

  Deprecation description of the selected element(s). It can be provided if an element is marked as `deprecated`.

Settings for Dotnet client libraries.

Used in: ClientLibrarySettings

• optional CommonLanguageSettings common = 1

  Some settings.

• map<string, string> renamed_services = 2

  Map from original service names to renamed versions. This is used when the default generated types would cause a naming conflict. (Neither name is fully-qualified.) Example: Subscriber to SubscriberServiceApi.

• map<string, string> renamed_resources = 3

  Map from full resource types to the effective short name for the resource. This is used when otherwise resource named from different services would cause naming collisions. Example entry: "datalabeling.googleapis.com/Dataset": "DataLabelingDataset"

• repeated string ignored_resources = 4

  List of full resource types to ignore during generation. This is typically used for API-specific Location resources, which should be handled by the generator as if they were actually the common Location resources. Example entry: "documentai.googleapis.com/Location"

• repeated string forced_namespace_aliases = 5

  Namespaces which must be aliased in snippets due to a known (but non-generator-predictable) naming collision

• repeated string handwritten_signatures = 6

  Method signatures (in the form "service.method(signature)") which are provided separately, so shouldn't be generated. Snippets *calling* these methods are still generated, however.

`Endpoint` describes a network address of a service that serves a set of APIs. It is commonly known as a service endpoint. A service may expose any number of service endpoints, and all service endpoints share the same service definition, such as quota limits and monitoring metrics. Example: type: google.api.Service name: library-example.googleapis.com endpoints: # Declares network address `https://library-example.googleapis.com` # for service `library-example.googleapis.com`. The `https` scheme # is implicit for all service endpoints. Other schemes may be # supported in the future. - name: library-example.googleapis.com allow_cors: false - name: content-staging-library-example.googleapis.com # Allows HTTP OPTIONS calls to be passed to the API frontend, for it # to decide whether the subsequent cross-origin request is allowed # to proceed. allow_cors: true

Used in: Service

• string name = 1

  The canonical name of this endpoint.

• repeated string aliases = 2

  Aliases for this endpoint, these will be served by the same UrlMap as the parent endpoint, and will be provisioned in the GCP stack for the Regional Endpoints.

• string target = 101

  The specification of an Internet routable address of API frontend that will handle requests to this [API Endpoint](https://cloud.google.com/apis/design/glossary). It should be either a valid IPv4 address or a fully-qualified domain name. For example, "8.8.8.8" or "myservice.appspot.com".

• bool allow_cors = 5

  Allowing [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), aka cross-domain traffic, would allow the backends served from this endpoint to receive and respond to HTTP OPTIONS requests. The response will be used by the browser to determine whether the subsequent cross-origin request is allowed to proceed.

Defines the supported values for `google.rpc.ErrorInfo.reason` for the `googleapis.com` error domain. This error domain is reserved for [Service Infrastructure](https://cloud.google.com/service-infrastructure/docs/overview). For each error info of this domain, the metadata key "service" refers to the logical identifier of an API service, such as "pubsub.googleapis.com". The "consumer" refers to the entity that consumes an API Service. It typically is a Google project that owns the client application or the server resource, such as "projects/123". Other metadata keys are specific to each error reason. For more information, see the definition of the specific error reason.

• ERROR_REASON_UNSPECIFIED = 0

  Do not use this default value.

• SERVICE_DISABLED = 1

  The request is calling a disabled service for a consumer. Example of an ErrorInfo when the consumer "projects/123" contacting "pubsub.googleapis.com" service which is disabled: { "reason": "SERVICE_DISABLED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "pubsub.googleapis.com" } } This response indicates the "pubsub.googleapis.com" has been disabled in "projects/123".

• BILLING_DISABLED = 2

  The request whose associated billing account is disabled. Example of an ErrorInfo when the consumer "projects/123" fails to contact "pubsub.googleapis.com" service because the associated billing account is disabled: { "reason": "BILLING_DISABLED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "pubsub.googleapis.com" } } This response indicates the billing account associated has been disabled.

• API_KEY_INVALID = 3

  The request is denied because the provided [API key](https://cloud.google.com/docs/authentication/api-keys) is invalid. It may be in a bad format, cannot be found, or has been expired). Example of an ErrorInfo when the request is contacting "storage.googleapis.com" service with an invalid API key: { "reason": "API_KEY_INVALID", "domain": "googleapis.com", "metadata": { "service": "storage.googleapis.com", } }

• API_KEY_SERVICE_BLOCKED = 4

  The request is denied because it violates [API key API restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_api_restrictions). Example of an ErrorInfo when the consumer "projects/123" fails to call the "storage.googleapis.com" service because this service is restricted in the API key: { "reason": "API_KEY_SERVICE_BLOCKED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com" } }

• API_KEY_HTTP_REFERRER_BLOCKED = 7

  The request is denied because it violates [API key HTTP restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_http_restrictions). Example of an ErrorInfo when the consumer "projects/123" fails to call "storage.googleapis.com" service because the http referrer of the request violates API key HTTP restrictions: { "reason": "API_KEY_HTTP_REFERRER_BLOCKED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com", } }

• API_KEY_IP_ADDRESS_BLOCKED = 8

  The request is denied because it violates [API key IP address restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_application_restrictions). Example of an ErrorInfo when the consumer "projects/123" fails to call "storage.googleapis.com" service because the caller IP of the request violates API key IP address restrictions: { "reason": "API_KEY_IP_ADDRESS_BLOCKED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com", } }

• API_KEY_ANDROID_APP_BLOCKED = 9

  The request is denied because it violates [API key Android application restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_application_restrictions). Example of an ErrorInfo when the consumer "projects/123" fails to call "storage.googleapis.com" service because the request from the Android apps violates the API key Android application restrictions: { "reason": "API_KEY_ANDROID_APP_BLOCKED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com" } }

• API_KEY_IOS_APP_BLOCKED = 13

  The request is denied because it violates [API key iOS application restrictions](https://cloud.google.com/docs/authentication/api-keys#adding_application_restrictions). Example of an ErrorInfo when the consumer "projects/123" fails to call "storage.googleapis.com" service because the request from the iOS apps violates the API key iOS application restrictions: { "reason": "API_KEY_IOS_APP_BLOCKED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com" } }

• RATE_LIMIT_EXCEEDED = 5

  The request is denied because there is not enough rate quota for the consumer. Example of an ErrorInfo when the consumer "projects/123" fails to contact "pubsub.googleapis.com" service because consumer's rate quota usage has reached the maximum value set for the quota limit "ReadsPerMinutePerProject" on the quota metric "pubsub.googleapis.com/read_requests": { "reason": "RATE_LIMIT_EXCEEDED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "pubsub.googleapis.com", "quota_metric": "pubsub.googleapis.com/read_requests", "quota_limit": "ReadsPerMinutePerProject" } } Example of an ErrorInfo when the consumer "projects/123" checks quota on the service "dataflow.googleapis.com" and hits the organization quota limit "DefaultRequestsPerMinutePerOrganization" on the metric "dataflow.googleapis.com/default_requests". { "reason": "RATE_LIMIT_EXCEEDED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "dataflow.googleapis.com", "quota_metric": "dataflow.googleapis.com/default_requests", "quota_limit": "DefaultRequestsPerMinutePerOrganization" } }

• RESOURCE_QUOTA_EXCEEDED = 6

  The request is denied because there is not enough resource quota for the consumer. Example of an ErrorInfo when the consumer "projects/123" fails to contact "compute.googleapis.com" service because consumer's resource quota usage has reached the maximum value set for the quota limit "VMsPerProject" on the quota metric "compute.googleapis.com/vms": { "reason": "RESOURCE_QUOTA_EXCEEDED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "compute.googleapis.com", "quota_metric": "compute.googleapis.com/vms", "quota_limit": "VMsPerProject" } } Example of an ErrorInfo when the consumer "projects/123" checks resource quota on the service "dataflow.googleapis.com" and hits the organization quota limit "jobs-per-organization" on the metric "dataflow.googleapis.com/job_count". { "reason": "RESOURCE_QUOTA_EXCEEDED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "dataflow.googleapis.com", "quota_metric": "dataflow.googleapis.com/job_count", "quota_limit": "jobs-per-organization" } }

• LOCATION_TAX_POLICY_VIOLATED = 10

  The request whose associated billing account address is in a tax restricted location, violates the local tax restrictions when creating resources in the restricted region. Example of an ErrorInfo when creating the Cloud Storage Bucket in the container "projects/123" under a tax restricted region "locations/asia-northeast3": { "reason": "LOCATION_TAX_POLICY_VIOLATED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com", "location": "locations/asia-northeast3" } } This response indicates creating the Cloud Storage Bucket in "locations/asia-northeast3" violates the location tax restriction.

• USER_PROJECT_DENIED = 11

  The request is denied because the caller does not have required permission on the user project "projects/123" or the user project is invalid. For more information, check the [userProject System Parameters](https://cloud.google.com/apis/docs/system-parameters). Example of an ErrorInfo when the caller is calling Cloud Storage service with insufficient permissions on the user project: { "reason": "USER_PROJECT_DENIED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com" } }

• CONSUMER_SUSPENDED = 12

  The request is denied because the consumer "projects/123" is suspended due to Terms of Service(Tos) violations. Check [Project suspension guidelines](https://cloud.google.com/resource-manager/docs/project-suspension-guidelines) for more information. Example of an ErrorInfo when calling Cloud Storage service with the suspended consumer "projects/123": { "reason": "CONSUMER_SUSPENDED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com" } }

• CONSUMER_INVALID = 14

  The request is denied because the associated consumer is invalid. It may be in a bad format, cannot be found, or have been deleted. Example of an ErrorInfo when calling Cloud Storage service with the invalid consumer "projects/123": { "reason": "CONSUMER_INVALID", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com" } }

• SECURITY_POLICY_VIOLATED = 15

  The request is denied because it violates [VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/overview). The 'uid' field is a random generated identifier that customer can use it to search the audit log for a request rejected by VPC Service Controls. For more information, please refer [VPC Service Controls Troubleshooting](https://cloud.google.com/vpc-service-controls/docs/troubleshooting#unique-id) Example of an ErrorInfo when the consumer "projects/123" fails to call Cloud Storage service because the request is prohibited by the VPC Service Controls. { "reason": "SECURITY_POLICY_VIOLATED", "domain": "googleapis.com", "metadata": { "uid": "123456789abcde", "consumer": "projects/123", "service": "storage.googleapis.com" } }

• ACCESS_TOKEN_EXPIRED = 16

  The request is denied because the provided access token has expired. Example of an ErrorInfo when the request is calling Cloud Storage service with an expired access token: { "reason": "ACCESS_TOKEN_EXPIRED", "domain": "googleapis.com", "metadata": { "service": "storage.googleapis.com", "method": "google.storage.v1.Storage.GetObject" } }

• ACCESS_TOKEN_SCOPE_INSUFFICIENT = 17

  The request is denied because the provided access token doesn't have at least one of the acceptable scopes required for the API. Please check [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes) for the list of the OAuth 2.0 scopes that you might need to request to access the API. Example of an ErrorInfo when the request is calling Cloud Storage service with an access token that is missing required scopes: { "reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT", "domain": "googleapis.com", "metadata": { "service": "storage.googleapis.com", "method": "google.storage.v1.Storage.GetObject" } }

• ACCOUNT_STATE_INVALID = 18

  The request is denied because the account associated with the provided access token is in an invalid state, such as disabled or deleted. For more information, see https://cloud.google.com/docs/authentication. Warning: For privacy reasons, the server may not be able to disclose the email address for some accounts. The client MUST NOT depend on the availability of the `email` attribute. Example of an ErrorInfo when the request is to the Cloud Storage API with an access token that is associated with a disabled or deleted [service account](http://cloud/iam/docs/service-accounts): { "reason": "ACCOUNT_STATE_INVALID", "domain": "googleapis.com", "metadata": { "service": "storage.googleapis.com", "method": "google.storage.v1.Storage.GetObject", "email": "user@123.iam.gserviceaccount.com" } }

• ACCESS_TOKEN_TYPE_UNSUPPORTED = 19

  The request is denied because the type of the provided access token is not supported by the API being called. Example of an ErrorInfo when the request is to the Cloud Storage API with an unsupported token type. { "reason": "ACCESS_TOKEN_TYPE_UNSUPPORTED", "domain": "googleapis.com", "metadata": { "service": "storage.googleapis.com", "method": "google.storage.v1.Storage.GetObject" } }

• CREDENTIALS_MISSING = 20

  The request is denied because the request doesn't have any authentication credentials. For more information regarding the supported authentication strategies for Google Cloud APIs, see https://cloud.google.com/docs/authentication. Example of an ErrorInfo when the request is to the Cloud Storage API without any authentication credentials. { "reason": "CREDENTIALS_MISSING", "domain": "googleapis.com", "metadata": { "service": "storage.googleapis.com", "method": "google.storage.v1.Storage.GetObject" } }

• RESOURCE_PROJECT_INVALID = 21

  The request is denied because the provided project owning the resource which acts as the [API consumer](https://cloud.google.com/apis/design/glossary#api_consumer) is invalid. It may be in a bad format or empty. Example of an ErrorInfo when the request is to the Cloud Functions API, but the offered resource project in the request in a bad format which can't perform the ListFunctions method. { "reason": "RESOURCE_PROJECT_INVALID", "domain": "googleapis.com", "metadata": { "service": "cloudfunctions.googleapis.com", "method": "google.cloud.functions.v1.CloudFunctionsService.ListFunctions" } }

• SESSION_COOKIE_INVALID = 23

  The request is denied because the provided session cookie is missing, invalid or failed to decode. Example of an ErrorInfo when the request is calling Cloud Storage service with a SID cookie which can't be decoded. { "reason": "SESSION_COOKIE_INVALID", "domain": "googleapis.com", "metadata": { "service": "storage.googleapis.com", "method": "google.storage.v1.Storage.GetObject", "cookie": "SID" } }

• USER_BLOCKED_BY_ADMIN = 24

  The request is denied because the user is from a Google Workspace customer that blocks their users from accessing a particular service. Example scenario: https://support.google.com/a/answer/9197205?hl=en Example of an ErrorInfo when access to Google Cloud Storage service is blocked by the Google Workspace administrator: { "reason": "USER_BLOCKED_BY_ADMIN", "domain": "googleapis.com", "metadata": { "service": "storage.googleapis.com", "method": "google.storage.v1.Storage.GetObject", } }

• RESOURCE_USAGE_RESTRICTION_VIOLATED = 25

  The request is denied because the resource service usage is restricted by administrators according to the organization policy constraint. For more information see https://cloud.google.com/resource-manager/docs/organization-policy/restricting-services. Example of an ErrorInfo when access to Google Cloud Storage service is restricted by Resource Usage Restriction policy: { "reason": "RESOURCE_USAGE_RESTRICTION_VIOLATED", "domain": "googleapis.com", "metadata": { "consumer": "projects/project-123", "service": "storage.googleapis.com" } }

• SYSTEM_PARAMETER_UNSUPPORTED = 26

  Unimplemented. Do not use. The request is denied because it contains unsupported system parameters in URL query parameters or HTTP headers. For more information, see https://cloud.google.com/apis/docs/system-parameters Example of an ErrorInfo when access "pubsub.googleapis.com" service with a request header of "x-goog-user-ip": { "reason": "SYSTEM_PARAMETER_UNSUPPORTED", "domain": "googleapis.com", "metadata": { "service": "pubsub.googleapis.com" "parameter": "x-goog-user-ip" } }

• ORG_RESTRICTION_VIOLATION = 27

  The request is denied because it violates Org Restriction: the requested resource does not belong to allowed organizations specified in "X-Goog-Allowed-Resources" header. Example of an ErrorInfo when accessing a GCP resource that is restricted by Org Restriction for "pubsub.googleapis.com" service. { reason: "ORG_RESTRICTION_VIOLATION" domain: "googleapis.com" metadata { "consumer":"projects/123456" "service": "pubsub.googleapis.com" } }

• ORG_RESTRICTION_HEADER_INVALID = 28

  The request is denied because "X-Goog-Allowed-Resources" header is in a bad format. Example of an ErrorInfo when accessing "pubsub.googleapis.com" service with an invalid "X-Goog-Allowed-Resources" request header. { reason: "ORG_RESTRICTION_HEADER_INVALID" domain: "googleapis.com" metadata { "consumer":"projects/123456" "service": "pubsub.googleapis.com" } }

• SERVICE_NOT_VISIBLE = 29

  Unimplemented. Do not use. The request is calling a service that is not visible to the consumer. Example of an ErrorInfo when the consumer "projects/123" contacting "pubsub.googleapis.com" service which is not visible to the consumer. { "reason": "SERVICE_NOT_VISIBLE", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "pubsub.googleapis.com" } } This response indicates the "pubsub.googleapis.com" is not visible to "projects/123" (or it may not exist).

• GCP_SUSPENDED = 30

  The request is related to a project for which GCP access is suspended. Example of an ErrorInfo when the consumer "projects/123" fails to contact "pubsub.googleapis.com" service because GCP access is suspended: { "reason": "GCP_SUSPENDED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "pubsub.googleapis.com" } } This response indicates the associated GCP account has been suspended.

• LOCATION_POLICY_VIOLATED = 31

  The request violates the location policies when creating resources in the restricted region. Example of an ErrorInfo when creating the Cloud Storage Bucket by "projects/123" for service storage.googleapis.com: { "reason": "LOCATION_POLICY_VIOLATED", "domain": "googleapis.com", "metadata": { "consumer": "projects/123", "service": "storage.googleapis.com", } } This response indicates creating the Cloud Storage Bucket in "locations/asia-northeast3" violates at least one location policy. The troubleshooting guidance is provided in the Help links.

• MISSING_ORIGIN = 33

  The request is denied because origin request header is missing. Example of an ErrorInfo when accessing "pubsub.googleapis.com" service with an empty "Origin" request header. { reason: "MISSING_ORIGIN" domain: "googleapis.com" metadata { "consumer":"projects/123456" "service": "pubsub.googleapis.com" } }

• OVERLOADED_CREDENTIALS = 34

  The request is denied because the request contains more than one credential type that are individually acceptable, but not together. The customer should retry their request with only one set of credentials. Example of an ErrorInfo when accessing "pubsub.googleapis.com" service with overloaded credentials. { reason: "OVERLOADED_CREDENTIALS" domain: "googleapis.com" metadata { "consumer":"projects/123456" "service": "pubsub.googleapis.com" } }

An indicator of the behavior of a given field (for example, that a field is required in requests, or given as output but ignored as input). This **does not** change the behavior in protocol buffers itself; it only denotes the behavior and may affect how API tooling handles the field. Note: This enum **may** receive new values in the future.

• FIELD_BEHAVIOR_UNSPECIFIED = 0

  Conventional default for enums. Do not use this.

• OPTIONAL = 1

  Specifically denotes a field as optional. While all fields in protocol buffers are optional, this may be specified for emphasis if appropriate.

• REQUIRED = 2

  Denotes a field as required. This indicates that the field **must** be provided as part of the request, and failure to do so will cause an error (usually `INVALID_ARGUMENT`).

• OUTPUT_ONLY = 3

  Denotes a field as output only. This indicates that the field is provided in responses, but including the field in a request does nothing (the server *must* ignore it and *must not* throw an error as a result of the field's presence).

• INPUT_ONLY = 4

  Denotes a field as input only. This indicates that the field is provided in requests, and the corresponding field is not included in output.

• IMMUTABLE = 5

  Denotes a field as immutable. This indicates that the field may be set once in a request to create a resource, but may not be changed thereafter.

• UNORDERED_LIST = 6

  Denotes that a (repeated) field is an unordered list. This indicates that the service may provide the elements of the list in any arbitrary order, rather than the order the user originally provided. Additionally, the list's order may or may not be stable.

• NON_EMPTY_DEFAULT = 7

  Denotes that this field returns a non-empty default value if not set. This indicates that if the user provides the empty value in a request, a non-empty value will be returned. The user will not be aware of what non-empty value to expect.

• IDENTIFIER = 8

  Denotes that the field in a resource (a message annotated with google.api.resource) is used in the resource name to uniquely identify the resource. For AIP-compliant APIs, this should only be applied to the `name` field on the resource. This behavior should not be applied to references to other resources within the message. The identifier field of resources often have different field behavior depending on the request it is embedded in (e.g. for Create methods name is optional and unused, while for Update methods it is required). Instead of method-specific annotations, only `IDENTIFIER` is required.

Rich semantic information of an API field beyond basic typing.

• FieldInfo.Format format = 1

  The standard format of a field value. This does not explicitly configure any API consumer, just documents the API's format for the field it is applied to.

• repeated TypeReference referenced_types = 2

  The type(s) that the annotated, generic field may represent. Currently, this must only be used on fields of type `google.protobuf.Any`. Supporting other generic types may be considered in the future.

The standard format of a field value. The supported formats are all backed by either an RFC defined by the IETF or a Google-defined AIP.

Used in: FieldInfo

• FORMAT_UNSPECIFIED = 0

  Default, unspecified value.

• UUID4 = 1

  Universally Unique Identifier, version 4, value as defined by https://datatracker.ietf.org/doc/html/rfc4122. The value may be normalized to entirely lowercase letters. For example, the value `F47AC10B-58CC-0372-8567-0E02B2C3D479` would be normalized to `f47ac10b-58cc-0372-8567-0e02b2c3d479`.

• IPV4 = 2

  Internet Protocol v4 value as defined by [RFC 791](https://datatracker.ietf.org/doc/html/rfc791). The value may be condensed, with leading zeros in each octet stripped. For example, `001.022.233.040` would be condensed to `1.22.233.40`.

• IPV6 = 3

  Internet Protocol v6 value as defined by [RFC 2460](https://datatracker.ietf.org/doc/html/rfc2460). The value may be normalized to entirely lowercase letters with zeros compressed, following [RFC 5952](https://datatracker.ietf.org/doc/html/rfc5952). For example, the value `2001:0DB8:0::0` would be normalized to `2001:db8::`.

• IPV4_OR_IPV6 = 4

  An IP address in either v4 or v6 format as described by the individual values defined herein. See the comments on the IPV4 and IPV6 types for allowed normalizations of each.

Google API Policy Annotation This message defines a simple API policy annotation that can be used to annotate API request and response message fields with applicable policies. One field may have multiple applicable policies that must all be satisfied before a request can be processed. This policy annotation is used to generate the overall policy that will be used for automatic runtime policy enforcement and documentation generation.

Used in: MethodPolicy

• string selector = 1

  Selects one or more request or response message fields to apply this `FieldPolicy`. When a `FieldPolicy` is used in proto annotation, the selector must be left as empty. The service config generator will automatically fill the correct value. When a `FieldPolicy` is used in service config, the selector must be a comma-separated string with valid request or response field paths, such as "foo.bar" or "foo.bar,foo.baz".

• string resource_permission = 2

  Specifies the required permission(s) for the resource referred to by the field. It requires the field contains a valid resource reference, and the request must pass the permission checks to proceed. For example, "resourcemanager.projects.get".

• string resource_type = 3

  Specifies the resource type for the resource referred to by the field.

Settings for Go client libraries.

Used in: ClientLibrarySettings

• optional CommonLanguageSettings common = 1

  Some settings.

• map<string, string> renamed_services = 2

  Map of service names to renamed services. Keys are the package relative service names and values are the name to be used for the service client and call options. publishing: go_settings: renamed_services: Publisher: TopicAdmin

Defines the HTTP configuration for an API service. It contains a list of [HttpRule][google.api.HttpRule], each specifying the mapping of an RPC method to one or more HTTP REST API methods.

Used in: Service

• repeated HttpRule rules = 1

  A list of HTTP configuration rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order.

• bool fully_decode_reserved_expansion = 2

  When set to true, URL path parameters will be fully URI-decoded except in cases of single segment matches in reserved expansion, where "%2F" will be left encoded. The default behavior is to not decode RFC 6570 reserved characters in multi segment matches.

Message that represents an arbitrary HTTP body. It should only be used for payload formats that can't be represented as JSON, such as raw binary or an HTML page. This message can be used both in streaming and non-streaming API methods in the request as well as the response. It can be used as a top-level request field, which is convenient if one wants to extract parameters from either the URL or HTTP template into the request fields and also want access to the raw HTTP body. Example: message GetResourceRequest { // A unique request id. string request_id = 1; // The raw HTTP body is bound to this field. google.api.HttpBody http_body = 2; } service ResourceService { rpc GetResource(GetResourceRequest) returns (google.api.HttpBody); rpc UpdateResource(google.api.HttpBody) returns (google.protobuf.Empty); } Example with streaming methods: service CaldavService { rpc GetCalendar(stream google.api.HttpBody) returns (stream google.api.HttpBody); rpc UpdateCalendar(stream google.api.HttpBody) returns (stream google.api.HttpBody); } Use of this type only changes how the request and response bodies are handled, all other features will continue to work unchanged.

• string content_type = 1

  The HTTP Content-Type header value specifying the content type of the body.

• bytes data = 2

  The HTTP request/response body as raw binary.

• repeated protobuf.Any extensions = 3

  Application specific response metadata. Must be set in the first response for streaming APIs.

gRPC Transcoding gRPC Transcoding is a feature for mapping between a gRPC method and one or more HTTP REST endpoints. It allows developers to build a single API service that supports both gRPC APIs and REST APIs. Many systems, including [Google APIs](https://github.com/googleapis/googleapis), [Cloud Endpoints](https://cloud.google.com/endpoints), [gRPC Gateway](https://github.com/grpc-ecosystem/grpc-gateway), and [Envoy](https://github.com/envoyproxy/envoy) proxy support this feature and use it for large scale production services. `HttpRule` defines the schema of the gRPC/REST mapping. The mapping specifies how different portions of the gRPC request message are mapped to the URL path, URL query parameters, and HTTP request body. It also controls how the gRPC response message is mapped to the HTTP response body. `HttpRule` is typically specified as an `google.api.http` annotation on the gRPC method. Each mapping specifies a URL path template and an HTTP method. The path template may refer to one or more fields in the gRPC request message, as long as each field is a non-repeated field with a primitive (non-message) type. The path template controls how fields of the request message are mapped to the URL path. Example: service Messaging { rpc GetMessage(GetMessageRequest) returns (Message) { option (google.api.http) = { get: "/v1/{name=messages/*}" }; } } message GetMessageRequest { string name = 1; // Mapped to URL path. } message Message { string text = 1; // The resource content. } This enables an HTTP REST to gRPC mapping as below: - HTTP: `GET /v1/messages/123456` - gRPC: `GetMessage(name: "messages/123456")` Any fields in the request message which are not bound by the path template automatically become HTTP query parameters if there is no HTTP request body. For example: service Messaging { rpc GetMessage(GetMessageRequest) returns (Message) { option (google.api.http) = { get:"/v1/messages/{message_id}" }; } } message GetMessageRequest { message SubMessage { string subfield = 1; } string message_id = 1; // Mapped to URL path. int64 revision = 2; // Mapped to URL query parameter `revision`. SubMessage sub = 3; // Mapped to URL query parameter `sub.subfield`. } This enables a HTTP JSON to RPC mapping as below: - HTTP: `GET /v1/messages/123456?revision=2&sub.subfield=foo` - gRPC: `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield: "foo"))` Note that fields which are mapped to URL query parameters must have a primitive type or a repeated primitive type or a non-repeated message type. In the case of a repeated type, the parameter can be repeated in the URL as `...?param=A&param=B`. In the case of a message type, each field of the message is mapped to a separate parameter, such as `...?foo.a=A&foo.b=B&foo.c=C`. For HTTP methods that allow a request body, the `body` field specifies the mapping. Consider a REST update method on the message resource collection: service Messaging { rpc UpdateMessage(UpdateMessageRequest) returns (Message) { option (google.api.http) = { patch: "/v1/messages/{message_id}" body: "message" }; } } message UpdateMessageRequest { string message_id = 1; // mapped to the URL Message message = 2; // mapped to the body } The following HTTP JSON to RPC mapping is enabled, where the representation of the JSON in the request body is determined by protos JSON encoding: - HTTP: `PATCH /v1/messages/123456 { "text": "Hi!" }` - gRPC: `UpdateMessage(message_id: "123456" message { text: "Hi!" })` The special name `*` can be used in the body mapping to define that every field not bound by the path template should be mapped to the request body. This enables the following alternative definition of the update method: service Messaging { rpc UpdateMessage(Message) returns (Message) { option (google.api.http) = { patch: "/v1/messages/{message_id}" body: "*" }; } } message Message { string message_id = 1; string text = 2; } The following HTTP JSON to RPC mapping is enabled: - HTTP: `PATCH /v1/messages/123456 { "text": "Hi!" }` - gRPC: `UpdateMessage(message_id: "123456" text: "Hi!")` Note that when using `*` in the body mapping, it is not possible to have HTTP parameters, as all fields not bound by the path end in the body. This makes this option more rarely used in practice when defining REST APIs. The common usage of `*` is in custom methods which don't use the URL at all for transferring data. It is possible to define multiple HTTP methods for one RPC by using the `additional_bindings` option. Example: service Messaging { rpc GetMessage(GetMessageRequest) returns (Message) { option (google.api.http) = { get: "/v1/messages/{message_id}" additional_bindings { get: "/v1/users/{user_id}/messages/{message_id}" } }; } } message GetMessageRequest { string message_id = 1; string user_id = 2; } This enables the following two alternative HTTP JSON to RPC mappings: - HTTP: `GET /v1/messages/123456` - gRPC: `GetMessage(message_id: "123456")` - HTTP: `GET /v1/users/me/messages/123456` - gRPC: `GetMessage(user_id: "me" message_id: "123456")` Rules for HTTP mapping 1. Leaf request fields (recursive expansion nested messages in the request message) are classified into three categories: - Fields referred by the path template. They are passed via the URL path. - Fields referred by the [HttpRule.body][google.api.HttpRule.body]. They are passed via the HTTP request body. - All other fields are passed via the URL query parameters, and the parameter name is the field path in the request message. A repeated field can be represented as multiple query parameters under the same name. 2. If [HttpRule.body][google.api.HttpRule.body] is "*", there is no URL query parameter, all fields are passed via URL path and HTTP request body. 3. If [HttpRule.body][google.api.HttpRule.body] is omitted, there is no HTTP request body, all fields are passed via URL path and URL query parameters. Path template syntax Template = "/" Segments [ Verb ] ; Segments = Segment { "/" Segment } ; Segment = "*" | "**" | LITERAL | Variable ; Variable = "{" FieldPath [ "=" Segments ] "}" ; FieldPath = IDENT { "." IDENT } ; Verb = ":" LITERAL ; The syntax `*` matches a single URL path segment. The syntax `**` matches zero or more URL path segments, which must be the last part of the URL path except the `Verb`. The syntax `Variable` matches part of the URL path as specified by its template. A variable template must not contain other variables. If a variable matches a single path segment, its template may be omitted, e.g. `{var}` is equivalent to `{var=*}`. The syntax `LITERAL` matches literal text in the URL path. If the `LITERAL` contains any reserved character, such characters should be percent-encoded before the matching. If a variable contains exactly one path segment, such as `"{var}"` or `"{var=*}"`, when such a variable is expanded into a URL path on the client side, all characters except `[-_.~0-9a-zA-Z]` are percent-encoded. The server side does the reverse decoding. Such variables show up in the [Discovery Document](https://developers.google.com/discovery/v1/reference/apis) as `{var}`. If a variable contains multiple path segments, such as `"{var=foo/*}"` or `"{var=**}"`, when such a variable is expanded into a URL path on the client side, all characters except `[-_.~/0-9a-zA-Z]` are percent-encoded. The server side does the reverse decoding, except "%2F" and "%2f" are left unchanged. Such variables show up in the [Discovery Document](https://developers.google.com/discovery/v1/reference/apis) as `{+var}`. Using gRPC API Service Configuration gRPC API Service Configuration (service config) is a configuration language for configuring a gRPC service to become a user-facing product. The service config is simply the YAML representation of the `google.api.Service` proto message. As an alternative to annotating your proto file, you can configure gRPC transcoding in your service config YAML files. You do this by specifying a `HttpRule` that maps the gRPC method to a REST endpoint, achieving the same effect as the proto annotation. This can be particularly useful if you have a proto that is reused in multiple services. Note that any transcoding specified in the service config will override any matching transcoding configuration in the proto. The following example selects a gRPC method and applies an `HttpRule` to it: http: rules: - selector: example.v1.Messaging.GetMessage get: /v1/messages/{message_id}/{sub.subfield} Special notes When gRPC Transcoding is used to map a gRPC to JSON REST endpoints, the proto to JSON conversion must follow the [proto3 specification](https://developers.google.com/protocol-buffers/docs/proto3#json). While the single segment variable follows the semantics of [RFC 6570](https://tools.ietf.org/html/rfc6570) Section 3.2.2 Simple String Expansion, the multi segment variable **does not** follow RFC 6570 Section 3.2.3 Reserved Expansion. The reason is that the Reserved Expansion does not expand special characters like `?` and `#`, which would lead to invalid URLs. As the result, gRPC Transcoding uses a custom encoding for multi segment variables. The path variables **must not** refer to any repeated or mapped field, because client libraries are not capable of handling such variable expansion. The path variables **must not** capture the leading "/" character. The reason is that the most common use case "{var}" does not capture the leading "/" character. For consistency, all path variables must share the same behavior. Repeated message fields must not be mapped to URL query parameters, because no client library can support such complicated mapping. If an API needs to use a JSON array for request or response body, it can map the request or response body to a repeated field. However, some gRPC Transcoding implementations may not support this feature.

Used in: Http

• string selector = 1

  Selects a method to which this rule applies. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.

• oneof pattern

  Determines the URL pattern is matched by this rules. This pattern can be used with any of the {get|put|post|delete|patch} methods. A custom method can be defined using the 'custom' field.

  • string get = 2

    Maps to HTTP GET. Used for listing and getting information about resources.

  • string put = 3

    Maps to HTTP PUT. Used for replacing a resource.

  • string post = 4

    Maps to HTTP POST. Used for creating a resource or performing an action.

  • string delete = 5

    Maps to HTTP DELETE. Used for deleting a resource.

  • string patch = 6

    Maps to HTTP PATCH. Used for updating a resource.

  • CustomHttpPattern custom = 8

    The custom pattern is used for specifying an HTTP method that is not included in the `pattern` field, such as HEAD, or "*" to leave the HTTP method unspecified for this rule. The wild-card rule is useful for services that provide content to Web (HTML) clients.

• string body = 7

  The name of the request field whose value is mapped to the HTTP request body, or `*` for mapping all request fields not captured by the path pattern to the HTTP body, or omitted for not having any HTTP request body. NOTE: the referred field must be present at the top-level of the request message type.

• string response_body = 12

  Optional. The name of the response field whose value is mapped to the HTTP response body. When omitted, the entire response message will be used as the HTTP response body. NOTE: The referred field must be present at the top-level of the response message type.

• repeated HttpRule additional_bindings = 11

  Additional HTTP bindings for the selector. Nested bindings must not contain an `additional_bindings` field themselves (that is, the nesting may only be one level deep).

Settings for Java client libraries.

Used in: ClientLibrarySettings

• string library_package = 1

  The package name to use in Java. Clobbers the java_package option set in the protobuf. This should be used **only** by APIs who have already set the language_settings.java.package_name" field in gapic.yaml. API teams should use the protobuf java_package option where possible. Example of a YAML configuration:: publishing: java_settings: library_package: com.google.cloud.pubsub.v1

• map<string, string> service_class_names = 2

  Configure the Java class name to use instead of the service's for its corresponding generated GAPIC client. Keys are fully-qualified service names as they appear in the protobuf (including the full the language_settings.java.interface_names" field in gapic.yaml. API teams should otherwise use the service name as it appears in the protobuf. Example of a YAML configuration:: publishing: java_settings: service_class_names: - google.pubsub.v1.Publisher: TopicAdmin - google.pubsub.v1.Subscriber: SubscriptionAdmin

• optional CommonLanguageSettings common = 3

  Some settings.

Specifies a location to extract JWT from an API request.

Used in: AuthProvider

• oneof in

  • string header = 1

    Specifies HTTP header name to extract JWT token.

  • string query = 2

    Specifies URL query parameter name to extract JWT token.

  • string cookie = 4

    Specifies cookie name to extract JWT token.

• string value_prefix = 3

  The value prefix. The value format is "value_prefix{token}" Only applies to "in" header type. Must be empty for "in" query type. If not empty, the header value has to match (case sensitive) this prefix. If not matched, JWT will not be extracted. If matched, JWT will be extracted after the prefix is removed. For example, for "Authorization: Bearer {JWT}", value_prefix="Bearer " with a space at the end.

A description of a label.

Used in: LogDescriptor, MetricDescriptor, MonitoredResourceDescriptor

• string key = 1

  The label key.

• LabelDescriptor.ValueType value_type = 2

  The type of data that can be assigned to the label.

• string description = 3

  A human-readable description for the label.

Value types that can be used as label values.

Used in: LabelDescriptor

• STRING = 0

  A variable-length string. This is the default.

• BOOL = 1

  Boolean; true or false.

• INT64 = 2

  A 64-bit signed integer.

The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/terms/launch-stages).

Used in: ClientLibrarySettings, MetricDescriptor, MetricDescriptor.MetricDescriptorMetadata, MonitoredResourceDescriptor

• LAUNCH_STAGE_UNSPECIFIED = 0

  Do not use this default value.

• UNIMPLEMENTED = 6

  The feature is not yet implemented. Users can not use it.

• PRELAUNCH = 7

  Prelaunch features are hidden from users and are only visible internally.

• EARLY_ACCESS = 1

  Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.

• ALPHA = 2

  Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.

• BETA = 3

  Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.

• GA = 4

  GA features are open to all developers and are considered stable and fully qualified for production use.

• DEPRECATED = 5

  Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our [Terms of Service](https://cloud.google.com/terms/) and the [Google Cloud Platform Subject to the Deprecation Policy](https://cloud.google.com/terms/deprecation) documentation.

A description of a log type. Example in YAML format: - name: library.googleapis.com/activity_history description: The history of borrowing and returning library items. display_name: Activity labels: - key: /customer_id description: Identifier of a library customer

Used in: Service

• string name = 1

  The name of the log. It must be less than 512 characters long and can include the following characters: upper- and lower-case alphanumeric characters [A-Za-z0-9], and punctuation characters including slash, underscore, hyphen, period [/_-.].

• repeated LabelDescriptor labels = 2

  The set of labels that are available to describe a specific log entry. Runtime requests that contain labels not specified here are considered invalid.

• string description = 3

  A human-readable description of this log. This information appears in the documentation and can contain details.

• string display_name = 4

  The human-readable name for this log. This information appears on the user interface and should be concise.

Logging configuration of the service. The following example shows how to configure logs to be sent to the producer and consumer projects. In the example, the `activity_history` log is sent to both the producer and consumer projects, whereas the `purchase_history` log is only sent to the producer project. monitored_resources: - type: library.googleapis.com/branch labels: - key: /city description: The city where the library branch is located in. - key: /name description: The name of the branch. logs: - name: activity_history labels: - key: /customer_id - name: purchase_history logging: producer_destinations: - monitored_resource: library.googleapis.com/branch logs: - activity_history - purchase_history consumer_destinations: - monitored_resource: library.googleapis.com/branch logs: - activity_history

Used in: Service

• repeated Logging.LoggingDestination producer_destinations = 1

  Logging configurations for sending logs to the producer project. There can be multiple producer destinations, each one must have a different monitored resource type. A log can be used in at most one producer destination.

• repeated Logging.LoggingDestination consumer_destinations = 2

  Logging configurations for sending logs to the consumer project. There can be multiple consumer destinations, each one must have a different monitored resource type. A log can be used in at most one consumer destination.

Configuration of a specific logging destination (the producer project or the consumer project).

Used in: Logging

• string monitored_resource = 3

  The monitored resource type. The type must be defined in the [Service.monitored_resources][google.api.Service.monitored_resources] section.

• repeated string logs = 1

  Names of the logs to be sent to this destination. Each name must be defined in the [Service.logs][google.api.Service.logs] section. If the log name is not a domain scoped name, it will be automatically prefixed with the service name followed by "/".

Defines policies applying to an RPC method.

Used in: Control

• string selector = 9

  Selects a method to which these policies should be enforced, for example, "google.pubsub.v1.Subscriber.CreateSubscription". Refer to [selector][google.api.DocumentationRule.selector] for syntax details. NOTE: This field must not be set in the proto annotation. It will be automatically filled by the service config compiler .

• repeated FieldPolicy request_policies = 2

  Policies that are applicable to the request message.

Describes the generator configuration for a method.

Used in: Publishing

• string selector = 1

  The fully qualified name of the method, for which the options below apply. This is used to find the method to apply the options. Example: publishing: method_settings: - selector: google.storage.control.v2.StorageControl.CreateFolder # method settings for CreateFolder...

• optional MethodSettings.LongRunning long_running = 2

  Describes settings to use for long-running operations when generating API methods for RPCs. Complements RPCs that use the annotations in google/longrunning/operations.proto. Example of a YAML configuration:: publishing: method_settings: - selector: google.cloud.speech.v2.Speech.BatchRecognize long_running: initial_poll_delay: 60s # 1 minute poll_delay_multiplier: 1.5 max_poll_delay: 360s # 6 minutes total_poll_timeout: 54000s # 90 minutes

• repeated string auto_populated_fields = 3

  List of top-level fields of the request message, that should be automatically populated by the client libraries based on their (google.api.field_info).format. Currently supported format: UUID4. Example of a YAML configuration: publishing: method_settings: - selector: google.example.v1.ExampleService.CreateExample auto_populated_fields: - request_id

Describes settings to use when generating API methods that use the long-running operation pattern. All default values below are from those used in the client library generators (e.g. [Java](https://github.com/googleapis/gapic-generator-java/blob/04c2faa191a9b5a10b92392fe8482279c4404803/src/main/java/com/google/api/generator/gapic/composer/common/RetrySettingsComposer.java)).

Used in: MethodSettings

• optional protobuf.Duration initial_poll_delay = 1

  Initial delay after which the first poll request will be made. Default value: 5 seconds.

• float poll_delay_multiplier = 2

  Multiplier to gradually increase delay between subsequent polls until it reaches max_poll_delay. Default value: 1.5.

• optional protobuf.Duration max_poll_delay = 3

  Maximum time between two subsequent poll requests. Default value: 45 seconds.

• optional protobuf.Duration total_poll_timeout = 4

  Total polling timeout. Default value: 5 minutes.

A specific metric, identified by specifying values for all of the labels of a [`MetricDescriptor`][google.api.MetricDescriptor].

• string type = 3

  An existing metric type, see [google.api.MetricDescriptor][google.api.MetricDescriptor]. For example, `custom.googleapis.com/invoice/paid/amount`.

• map<string, string> labels = 2

  The set of label values that uniquely identify this metric. All labels listed in the `MetricDescriptor` must be assigned values.

Defines a metric type and its schema. Once a metric descriptor is created, deleting or altering it stops data collection and makes the metric type's existing data unusable.

Used in: Service

• string name = 1

  The resource name of the metric descriptor.

• string type = 8

  The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. Metric types should use a natural hierarchical grouping. For example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" "appengine.googleapis.com/http/server/response_latencies"

• repeated LabelDescriptor labels = 2

  The set of labels that can be used to describe a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` metric type has a label for the HTTP response code, `response_code`, so you can look at latencies for successful responses or just for responses that failed.

• MetricDescriptor.MetricKind metric_kind = 3

  Whether the metric records instantaneous values, changes to a value, etc. Some combinations of `metric_kind` and `value_type` might not be supported.

• MetricDescriptor.ValueType value_type = 4

  Whether the measurement is an integer, a floating-point number, etc. Some combinations of `metric_kind` and `value_type` might not be supported.

• string unit = 5

  The units in which the metric value is reported. It is only applicable if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit` defines the representation of the stored metric values. Different systems might scale the values to be more easily displayed (so a value of `0.02kBy` _might_ be displayed as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). However, if the `unit` is `kBy`, then the value of the metric is always in thousands of bytes, no matter how it might be displayed. If you want a custom metric to record the exact number of CPU-seconds used by a job, you can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 CPU-seconds, then the value is written as `12005`. Alternatively, if you want a custom metric to record data in a more granular way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). The supported units are a subset of [The Unified Code for Units of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar also includes these connectors: * `/` division or ratio (as an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` (although you should almost never have `/s` in a metric `unit`; rates should always be computed at query time from the underlying cumulative or delta value). * `.` multiplication or composition (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The grammar for a unit is as follows: Expression = Component { "." Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. If the annotation is used alone, then the unit is equivalent to `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank printable ASCII characters not containing `{` or `}`. * `1` represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such as in `1/s`. It is typically used when none of the basic units are appropriate. For example, "new users per day" can be represented as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new users). Alternatively, "thousands of page views per day" would be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric value of `5.3` would mean "5300 page views per day"). * `%` represents dimensionless value of 1/100, and annotates values giving a percentage (so the metric values are typically in the range of 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates a metric contains a ratio, typically in the range 0..1, that will be multiplied by 100 and displayed as a percentage (so a metric value `0.03` means "3 percent").

• string description = 6

  A detailed description of the metric, which can be used in documentation.

• string display_name = 7

  A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota.

• optional MetricDescriptor.MetricDescriptorMetadata metadata = 10

  Optional. Metadata which can be used to guide usage of the metric.

• LaunchStage launch_stage = 12

  Optional. The launch stage of the metric definition.

• repeated string monitored_resource_types = 13

  Read-only. If present, then a [time series][google.monitoring.v3.TimeSeries], which is identified partially by a metric type and a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor], that is associated with this metric type can only be associated with one of the monitored resource types listed here.

Additional annotations that can be used to guide the usage of a metric.

Used in: MetricDescriptor

• LaunchStage launch_stage = 1

  Deprecated. Must use the [MetricDescriptor.launch_stage][google.api.MetricDescriptor.launch_stage] instead.

• optional protobuf.Duration sample_period = 2

  The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period.

• optional protobuf.Duration ingest_delay = 3

  The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors.

• repeated MetricDescriptorMetadata.TimeSeriesResourceHierarchyLevel time_series_resource_hierarchy_level = 4

  The scope of the timeseries data of the metric.

The resource hierarchy level of the timeseries data of a metric.

Used in: MetricDescriptorMetadata

• TIME_SERIES_RESOURCE_HIERARCHY_LEVEL_UNSPECIFIED = 0

  Do not use this default value.

• PROJECT = 1

  Scopes a metric to a project.

• ORGANIZATION = 2

  Scopes a metric to an organization.

• FOLDER = 3

  Scopes a metric to a folder.

The kind of measurement. It describes how the data is reported. For information on setting the start time and end time based on the MetricKind, see [TimeInterval][google.monitoring.v3.TimeInterval].

Used in: MetricDescriptor

• METRIC_KIND_UNSPECIFIED = 0

  Do not use this default value.

• GAUGE = 1

  An instantaneous measurement of a value.

• DELTA = 2

  The change in a value during a time interval.

• CUMULATIVE = 3

  A value accumulated over a time interval. Cumulative measurements in a time series should have the same start time and increasing end times, until an event resets the cumulative value to zero and sets a new start time for the following points.

The value type of a metric.

Used in: MetricDescriptor

• VALUE_TYPE_UNSPECIFIED = 0

  Do not use this default value.

• BOOL = 1

  The value is a boolean. This value type can be used only if the metric kind is `GAUGE`.

• INT64 = 2

  The value is a signed 64-bit integer.

• DOUBLE = 3

  The value is a double precision floating point number.

• STRING = 4

  The value is a text string. This value type can be used only if the metric kind is `GAUGE`.

• DISTRIBUTION = 5

  The value is a [`Distribution`][google.api.Distribution].

• MONEY = 6

  The value is money.

Bind API methods to metrics. Binding a method to a metric causes that metric's configured quota behaviors to apply to the method call.

Used in: Quota

• string selector = 1

  Selects the methods to which this rule applies. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.

• map<string, int64> metric_costs = 2

  Metrics to update when the selected methods are called, and the associated cost applied to each metric. The key of the map is the metric name, and the values are the amount increased for the metric against which the quota limits are defined. The value must not be negative.

An object representing a resource that can be used for monitoring, logging, billing, or other purposes. Examples include virtual machine instances, databases, and storage devices such as disks. The `type` field identifies a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] object that describes the resource's schema. Information in the `labels` field identifies the actual resource and its attributes according to the schema. For example, a particular Compute Engine VM instance could be represented by the following object, because the [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] for `"gce_instance"` has labels `"project_id"`, `"instance_id"` and `"zone"`: { "type": "gce_instance", "labels": { "project_id": "my-project", "instance_id": "12345678901234", "zone": "us-central1-a" }}

• string type = 1

  Required. The monitored resource type. This field must match the `type` field of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] object. For example, the type of a Compute Engine VM instance is `gce_instance`. Some descriptors include the service name in the type; for example, the type of a Datastream stream is `datastream.googleapis.com/Stream`.

• map<string, string> labels = 2

  Required. Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels `"project_id"`, `"instance_id"`, and `"zone"`.

An object that describes the schema of a [MonitoredResource][google.api.MonitoredResource] object using a type name and a set of labels. For example, the monitored resource descriptor for Google Compute Engine VM instances has a type of `"gce_instance"` and specifies the use of the labels `"instance_id"` and `"zone"` to identify particular VM instances. Different APIs can support different monitored resource types. APIs generally provide a `list` method that returns the monitored resource descriptors used by the API.

Used in: Service

• string name = 5

  Optional. The resource name of the monitored resource descriptor: `"projects/{project_id}/monitoredResourceDescriptors/{type}"` where {type} is the value of the `type` field in this object and {project_id} is a project ID that provides API-specific context for accessing the type. APIs that do not use project information can use the resource name format `"monitoredResourceDescriptors/{type}"`.

• string type = 1

  Required. The monitored resource type. For example, the type `"cloudsql_database"` represents databases in Google Cloud SQL. For a list of types, see [Monitored resource types](https://cloud.google.com/monitoring/api/resources) and [Logging resource types](https://cloud.google.com/logging/docs/api/v2/resource-list).

• string display_name = 2

  Optional. A concise name for the monitored resource type that might be displayed in user interfaces. It should be a Title Cased Noun Phrase, without any article or other determiners. For example, `"Google Cloud SQL Database"`.

• string description = 3

  Optional. A detailed description of the monitored resource type that might be used in documentation.

• repeated LabelDescriptor labels = 4

  Required. A set of labels used to describe instances of this monitored resource type. For example, an individual Google Cloud SQL database is identified by values for the labels `"database_id"` and `"zone"`.

• LaunchStage launch_stage = 7

  Optional. The launch stage of the monitored resource definition.

Auxiliary metadata for a [MonitoredResource][google.api.MonitoredResource] object. [MonitoredResource][google.api.MonitoredResource] objects contain the minimum set of information to uniquely identify a monitored resource instance. There is some other useful auxiliary metadata. Monitoring and Logging use an ingestion pipeline to extract metadata for cloud resources of all types, and store the metadata in this message.

• optional protobuf.Struct system_labels = 1

  Output only. Values for predefined system metadata labels. System labels are a kind of metadata extracted by Google, including "machine_image", "vpc", "subnet_id", "security_group", "name", etc. System label values can be only strings, Boolean values, or a list of strings. For example: { "name": "my-test-instance", "security_group": ["a", "b", "c"], "spot_instance": false }

• map<string, string> user_labels = 2

  Output only. A map of user-defined metadata labels.

Monitoring configuration of the service. The example below shows how to configure monitored resources and metrics for monitoring. In the example, a monitored resource and two metrics are defined. The `library.googleapis.com/book/returned_count` metric is sent to both producer and consumer projects, whereas the `library.googleapis.com/book/num_overdue` metric is only sent to the consumer project. monitored_resources: - type: library.googleapis.com/Branch display_name: "Library Branch" description: "A branch of a library." launch_stage: GA labels: - key: resource_container description: "The Cloud container (ie. project id) for the Branch." - key: location description: "The location of the library branch." - key: branch_id description: "The id of the branch." metrics: - name: library.googleapis.com/book/returned_count display_name: "Books Returned" description: "The count of books that have been returned." launch_stage: GA metric_kind: DELTA value_type: INT64 unit: "1" labels: - key: customer_id description: "The id of the customer." - name: library.googleapis.com/book/num_overdue display_name: "Books Overdue" description: "The current number of overdue books." launch_stage: GA metric_kind: GAUGE value_type: INT64 unit: "1" labels: - key: customer_id description: "The id of the customer." monitoring: producer_destinations: - monitored_resource: library.googleapis.com/Branch metrics: - library.googleapis.com/book/returned_count consumer_destinations: - monitored_resource: library.googleapis.com/Branch metrics: - library.googleapis.com/book/returned_count - library.googleapis.com/book/num_overdue

Used in: Service

• repeated Monitoring.MonitoringDestination producer_destinations = 1

  Monitoring configurations for sending metrics to the producer project. There can be multiple producer destinations. A monitored resource type may appear in multiple monitoring destinations if different aggregations are needed for different sets of metrics associated with that monitored resource type. A monitored resource and metric pair may only be used once in the Monitoring configuration.

• repeated Monitoring.MonitoringDestination consumer_destinations = 2

  Monitoring configurations for sending metrics to the consumer project. There can be multiple consumer destinations. A monitored resource type may appear in multiple monitoring destinations if different aggregations are needed for different sets of metrics associated with that monitored resource type. A monitored resource and metric pair may only be used once in the Monitoring configuration.

Configuration of a specific monitoring destination (the producer project or the consumer project).

Used in: Monitoring

• string monitored_resource = 1

  The monitored resource type. The type must be defined in [Service.monitored_resources][google.api.Service.monitored_resources] section.

• repeated string metrics = 2

  Types of the metrics to report to this monitoring destination. Each type must be defined in [Service.metrics][google.api.Service.metrics] section.

Settings for Node client libraries.

Used in: ClientLibrarySettings

• optional CommonLanguageSettings common = 1

  Some settings.

OAuth scopes are a way to define data and permissions on data. For example, there are scopes defined for "Read-only access to Google Calendar" and "Access to Cloud Platform". Users can consent to a scope for an application, giving it permission to access that data on their behalf. OAuth scope specifications should be fairly coarse grained; a user will need to see and understand the text description of what your scope means. In most cases: use one or at most two OAuth scopes for an entire family of products. If your product has multiple APIs, you should probably be sharing the OAuth scope across all of those APIs. When you need finer grained OAuth consent screens: talk with your product management about how developers will use them in practice. Please note that even though each of the canonical scopes is enough for a request to be accepted and passed to the backend, a request can still fail due to the backend requiring additional scopes or permissions.

Used in: AuthenticationRule

• string canonical_scopes = 1

  The list of publicly documented OAuth scopes that are allowed access. An OAuth token containing any of these scopes will be accepted. Example: canonical_scopes: https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.read

Represents a documentation page. A page can contain subpages to represent nested documentation set structure.

Used in: Documentation

• string name = 1

  The name of the page. It will be used as an identity of the page to generate URI of the page, text of the link to this page in navigation, etc. The full page name (start from the root page name to this page concatenated with `.`) can be used as reference to the page in your documentation. For example: <pre><code>pages: - name: Tutorial content: &#40;== include tutorial.md ==&#41; subpages: - name: Java content: &#40;== include tutorial_java.md ==&#41; </code></pre> You can reference `Java` page using Markdown reference link syntax: `[Java][Tutorial.Java]`.

• string content = 2

  The Markdown content of the page. You can use ```(== include {path} ==)``` to include content from a Markdown file. The content can be used to produce the documentation page such as HTML format page.

• repeated Page subpages = 3

  Subpages of this page. The order of subpages specified here will be honored in the generated docset.

Settings for Php client libraries.

Used in: ClientLibrarySettings

• optional CommonLanguageSettings common = 1

  Some settings.

A descriptor for defining project properties for a service. One service may have many consumer projects, and the service may want to behave differently depending on some properties on the project. For example, a project may be associated with a school, or a business, or a government agency, a business type property on the project may affect how a service responds to the client. This descriptor defines which properties are allowed to be set on a project. Example: project_properties: properties: - name: NO_WATERMARK type: BOOL description: Allows usage of the API without watermarks. - name: EXTENDED_TILE_CACHE_PERIOD type: INT64

• repeated Property properties = 1

  List of per consumer project-specific properties.

Defines project properties. API services can define properties that can be assigned to consumer projects so that backends can perform response customization without having to make additional calls or maintain additional storage. For example, Maps API defines properties that controls map tile cache period, or whether to embed a watermark in a result. These values can be set via API producer console. Only API providers can define and set these properties.

Used in: ProjectProperties

• string name = 1

  The name of the property (a.k.a key).

• Property.PropertyType type = 2

  The type of this property.

• string description = 3

  The description of the property

Supported data type of the property values

Used in: Property

• UNSPECIFIED = 0

  The type is unspecified, and will result in an error.

• INT64 = 1

  The type is `int64`.

• BOOL = 2

  The type is `bool`.

• STRING = 3

  The type is `string`.

• DOUBLE = 4

  The type is 'double'.

This message configures the settings for publishing [Google Cloud Client libraries](https://cloud.google.com/apis/docs/cloud-client-libraries) generated from the service config.

Used in: Service

• repeated MethodSettings method_settings = 2

  A list of API method settings, e.g. the behavior for methods that use the long-running operation pattern.

• string new_issue_uri = 101

  Link to a *public* URI where users can report issues. Example: https://issuetracker.google.com/issues/new?component=190865&template=1161103

• string documentation_uri = 102

  Link to product home page. Example: https://cloud.google.com/asset-inventory/docs/overview

• string api_short_name = 103

  Used as a tracking tag when collecting data about the APIs developer relations artifacts like docs, packages delivered to package managers, etc. Example: "speech".

• string github_label = 104

  GitHub label to apply to issues and pull requests opened for this API.

• repeated string codeowner_github_teams = 105

  GitHub teams to be added to CODEOWNERS in the directory in GitHub containing source code for the client libraries for this API.

• string doc_tag_prefix = 106

  A prefix used in sample code when demarking regions to be included in documentation.

• ClientLibraryOrganization organization = 107

  For whom the client library is being published.

• repeated ClientLibrarySettings library_settings = 109

  Client library settings. If the same version string appears multiple times in this list, then the last one wins. Settings from earlier settings with the same version string are discarded.

• string proto_reference_documentation_uri = 110

  Optional link to proto reference documentation. Example: https://cloud.google.com/pubsub/lite/docs/reference/rpc

• string rest_reference_documentation_uri = 111

  Optional link to REST reference documentation. Example: https://cloud.google.com/pubsub/lite/docs/reference/rest

Settings for Python client libraries.

Used in: ClientLibrarySettings

• optional CommonLanguageSettings common = 1

  Some settings.

• optional PythonSettings.ExperimentalFeatures experimental_features = 2

  Experimental features to be included during client library generation.

Experimental features to be included during client library generation. These fields will be deprecated once the feature graduates and is enabled by default.

Used in: PythonSettings

• bool rest_async_io_enabled = 1

  Enables generation of asynchronous REST clients if `rest` transport is enabled. By default, asynchronous REST clients will not be generated. This feature will be enabled by default 1 month after launching the feature in preview packages.

• bool protobuf_pythonic_types_enabled = 2

  Enables generation of protobuf code using new types that are more Pythonic which are included in `protobuf>=5.29.x`. This feature will be enabled by default 1 month after launching the feature in preview packages.

• bool unversioned_package_disabled = 3

  Disables generation of an unversioned Python package for this client library. This means that the module names will need to be versioned in import statements. For example `import google.cloud.library_v2` instead of `import google.cloud.library`.

Quota configuration helps to achieve fairness and budgeting in service usage. The metric based quota configuration works this way: - The service configuration defines a set of metrics. - For API calls, the quota.metric_rules maps methods to metrics with corresponding costs. - The quota.limits defines limits on the metrics, which will be used for quota checks at runtime. An example quota configuration in yaml format: quota: limits: - name: apiWriteQpsPerProject metric: library.googleapis.com/write_calls unit: "1/min/{project}" # rate limit for consumer projects values: STANDARD: 10000 (The metric rules bind all methods to the read_calls metric, except for the UpdateBook and DeleteBook methods. These two methods are mapped to the write_calls metric, with the UpdateBook method consuming at twice rate as the DeleteBook method.) metric_rules: - selector: "*" metric_costs: library.googleapis.com/read_calls: 1 - selector: google.example.library.v1.LibraryService.UpdateBook metric_costs: library.googleapis.com/write_calls: 2 - selector: google.example.library.v1.LibraryService.DeleteBook metric_costs: library.googleapis.com/write_calls: 1 Corresponding Metric definition: metrics: - name: library.googleapis.com/read_calls display_name: Read requests metric_kind: DELTA value_type: INT64 - name: library.googleapis.com/write_calls display_name: Write requests metric_kind: DELTA value_type: INT64

Used in: Service

• repeated QuotaLimit limits = 3

  List of QuotaLimit definitions for the service.

• repeated MetricRule metric_rules = 4

  List of MetricRule definitions, each one mapping a selected method to one or more metrics.

`QuotaLimit` defines a specific limit that applies over a specified duration for a limit type. There can be at most one limit for a duration and limit type combination defined within a `QuotaGroup`.

Used in: Quota

• string name = 6

  Name of the quota limit. The name must be provided, and it must be unique within the service. The name can only include alphanumeric characters as well as '-'. The maximum length of the limit name is 64 characters.

• string description = 2

  Optional. User-visible, extended description for this quota limit. Should be used only when more context is needed to understand this limit than provided by the limit's display name (see: `display_name`).

• int64 default_limit = 3

  Default number of tokens that can be consumed during the specified duration. This is the number of tokens assigned when a client application developer activates the service for his/her project. Specifying a value of 0 will block all requests. This can be used if you are provisioning quota to selected consumers and blocking others. Similarly, a value of -1 will indicate an unlimited quota. No other negative values are allowed. Used by group-based quotas only.

• int64 max_limit = 4

  Maximum number of tokens that can be consumed during the specified duration. Client application developers can override the default limit up to this maximum. If specified, this value cannot be set to a value less than the default limit. If not specified, it is set to the default limit. To allow clients to apply overrides with no upper bound, set this to -1, indicating unlimited maximum quota. Used by group-based quotas only.

• int64 free_tier = 7

  Free tier value displayed in the Developers Console for this limit. The free tier is the number of tokens that will be subtracted from the billed amount when billing is enabled. This field can only be set on a limit with duration "1d", in a billable group; it is invalid on any other limit. If this field is not set, it defaults to 0, indicating that there is no free tier for this service. Used by group-based quotas only.

• string duration = 5

  Duration of this limit in textual notation. Must be "100s" or "1d". Used by group-based quotas only.

• string metric = 8

  The name of the metric this quota limit applies to. The quota limits with the same metric will be checked together during runtime. The metric must be defined within the service config.

• string unit = 9

  Specify the unit of the quota limit. It uses the same syntax as [MetricDescriptor.unit][google.api.MetricDescriptor.unit]. The supported unit kinds are determined by the quota backend system. Here are some examples: * "1/min/{project}" for quota per minute per project. Note: the order of unit components is insignificant. The "1" at the beginning is required to follow the metric unit syntax.

• map<string, int64> values = 10

  Tiered limit values. You must specify this as a key:value pair, with an integer value that is the maximum number of requests allowed for the specified unit. Currently only STANDARD is supported.

• string display_name = 12

  User-visible display name for this limit. Optional. If not set, the UI will provide a default display name based on the quota configuration. This field can be used to override the default display name generated from the configuration.

A simple descriptor of a resource type. ResourceDescriptor annotates a resource message (either by means of a protobuf annotation or use in the service config), and associates the resource's schema, the resource type, and the pattern of the resource name. Example: message Topic { // Indicates this message defines a resource schema. // Declares the resource type in the format of {service}/{kind}. // For Kubernetes resources, the format is {api group}/{kind}. option (google.api.resource) = { type: "pubsub.googleapis.com/Topic" pattern: "projects/{project}/topics/{topic}" }; } The ResourceDescriptor Yaml config will look like: resources: - type: "pubsub.googleapis.com/Topic" pattern: "projects/{project}/topics/{topic}" Sometimes, resources have multiple patterns, typically because they can live under multiple parents. Example: message LogEntry { option (google.api.resource) = { type: "logging.googleapis.com/LogEntry" pattern: "projects/{project}/logs/{log}" pattern: "folders/{folder}/logs/{log}" pattern: "organizations/{organization}/logs/{log}" pattern: "billingAccounts/{billing_account}/logs/{log}" }; } The ResourceDescriptor Yaml config will look like: resources: - type: 'logging.googleapis.com/LogEntry' pattern: "projects/{project}/logs/{log}" pattern: "folders/{folder}/logs/{log}" pattern: "organizations/{organization}/logs/{log}" pattern: "billingAccounts/{billing_account}/logs/{log}"

• string type = 1

  The resource type. It must be in the format of {service_name}/{resource_type_kind}. The `resource_type_kind` must be singular and must not include version numbers. Example: `storage.googleapis.com/Bucket` The value of the resource_type_kind must follow the regular expression /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and should use PascalCase (UpperCamelCase). The maximum number of characters allowed for the `resource_type_kind` is 100.

• repeated string pattern = 2

  Optional. The relative resource name pattern associated with this resource type. The DNS prefix of the full resource name shouldn't be specified here. The path pattern must follow the syntax, which aligns with HTTP binding syntax: Template = Segment { "/" Segment } ; Segment = LITERAL | Variable ; Variable = "{" LITERAL "}" ; Examples: - "projects/{project}/topics/{topic}" - "projects/{project}/knowledgeBases/{knowledge_base}" The components in braces correspond to the IDs for each resource in the hierarchy. It is expected that, if multiple patterns are provided, the same component name (e.g. "project") refers to IDs of the same type of resource.

• string name_field = 3

  Optional. The field on the resource that designates the resource name field. If omitted, this is assumed to be "name".

• ResourceDescriptor.History history = 4

  Optional. The historical or future-looking state of the resource pattern. Example: // The InspectTemplate message originally only supported resource // names with organization, and project was added later. message InspectTemplate { option (google.api.resource) = { type: "dlp.googleapis.com/InspectTemplate" pattern: "organizations/{organization}/inspectTemplates/{inspect_template}" pattern: "projects/{project}/inspectTemplates/{inspect_template}" history: ORIGINALLY_SINGLE_PATTERN }; }

• string plural = 5

  The plural name used in the resource name and permission names, such as 'projects' for the resource name of 'projects/{project}' and the permission name of 'cloudresourcemanager.googleapis.com/projects.get'. One exception to this is for Nested Collections that have stuttering names, as defined in [AIP-122](https://google.aip.dev/122#nested-collections), where the collection ID in the resource name pattern does not necessarily directly match the `plural` value. It is the same concept of the `plural` field in k8s CRD spec https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/ Note: The plural form is required even for singleton resources. See https://aip.dev/156

• string singular = 6

  The same concept of the `singular` field in k8s CRD spec https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/ Such as "project" for the `resourcemanager.googleapis.com/Project` type.

• repeated ResourceDescriptor.Style style = 10

  Style flag(s) for this resource. These indicate that a resource is expected to conform to a given style. See the specific style flags for additional information.

A description of the historical or future-looking state of the resource pattern.

Used in: ResourceDescriptor

• HISTORY_UNSPECIFIED = 0

  The "unset" value.

• ORIGINALLY_SINGLE_PATTERN = 1

  The resource originally had one pattern and launched as such, and additional patterns were added later.

• FUTURE_MULTI_PATTERN = 2

  The resource has one pattern, but the API owner expects to add more later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents that from being necessary once there are multiple patterns.)

A flag representing a specific style that a resource claims to conform to.

Used in: ResourceDescriptor

• STYLE_UNSPECIFIED = 0

  The unspecified value. Do not use.

• DECLARATIVE_FRIENDLY = 1

  This resource is intended to be "declarative-friendly". Declarative-friendly resources must be more strictly consistent, and setting this to true communicates to tools that this resource should adhere to declarative-friendly expectations. Note: This is used by the API linter (linter.aip.dev) to enable additional checks.

Defines a proto annotation that describes a string field that refers to an API resource.

• string type = 1

  The resource type that the annotated field references. Example: message Subscription { string topic = 2 [(google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" }]; } Occasionally, a field may reference an arbitrary resource. In this case, APIs use the special value * in their resource reference. Example: message GetIamPolicyRequest { string resource = 2 [(google.api.resource_reference) = { type: "*" }]; }

• string child_type = 2

  The resource type of a child collection that the annotated field references. This is useful for annotating the `parent` field that doesn't have a fixed resource type. Example: message ListLogEntriesRequest { string parent = 1 [(google.api.resource_reference) = { child_type: "logging.googleapis.com/LogEntry" }; }

A projection from an input message to the GRPC or REST header.

Used in: RoutingRule

• string field = 1

  A request field to extract the header key-value pair from.

• string path_template = 2

  A pattern matching the key-value field. Optional. If not specified, the whole field specified in the `field` field will be taken as value, and its name used as key. If specified, it MUST contain exactly one named segment (along with any number of unnamed segments) The pattern will be matched over the field specified in the `field` field, then if the match is successful: - the name of the single named segment will be used as a header name, - the match value of the segment will be used as a header value; if the match is NOT successful, nothing will be sent. Example: -- This is a field in the request message | that the header value will be extracted from. | | -- This is the key name in the | | routing header. V | field: "table_name" v path_template: "projects/*/{table_location=instances/*}/tables/*" ^ ^ | | In the {} brackets is the pattern that -- | specifies what to extract from the | field as a value to be sent. | | The string in the field must match the whole pattern -- before brackets, inside brackets, after brackets. When looking at this specific example, we can see that: - A key-value pair with the key `table_location` and the value matching `instances/*` should be added to the x-goog-request-params routing header. - The value is extracted from the request message's `table_name` field if it matches the full pattern specified: `projects/*/instances/*/tables/*`. **NB:** If the `path_template` field is not provided, the key name is equal to the field name, and the whole field should be sent as a value. This makes the pattern for the field and the value functionally equivalent to `**`, and the configuration { field: "table_name" } is a functionally equivalent shorthand to: { field: "table_name" path_template: "{table_name=**}" } See Example 1 for more details.

Specifies the routing information that should be sent along with the request in the form of routing header. **NOTE:** All service configuration rules follow the "last one wins" order. The examples below will apply to an RPC which has the following request type: Message Definition: message Request { // The name of the Table // Values can be of the following formats: // - `projects/<project>/tables/<table>` // - `projects/<project>/instances/<instance>/tables/<table>` // - `region/<region>/zones/<zone>/tables/<table>` string table_name = 1; // This value specifies routing for replication. // It can be in the following formats: // - `profiles/<profile_id>` // - a legacy `profile_id` that can be any string string app_profile_id = 2; } Example message: { table_name: projects/proj_foo/instances/instance_bar/table/table_baz, app_profile_id: profiles/prof_qux } The routing header consists of one or multiple key-value pairs. Every key and value must be percent-encoded, and joined together in the format of `key1=value1&key2=value2`. The examples below skip the percent-encoding for readability. Example 1 Extracting a field from the request to put into the routing header unchanged, with the key equal to the field name. annotation: option (google.api.routing) = { // Take the `app_profile_id`. routing_parameters { field: "app_profile_id" } }; result: x-goog-request-params: app_profile_id=profiles/prof_qux Example 2 Extracting a field from the request to put into the routing header unchanged, with the key different from the field name. annotation: option (google.api.routing) = { // Take the `app_profile_id`, but name it `routing_id` in the header. routing_parameters { field: "app_profile_id" path_template: "{routing_id=**}" } }; result: x-goog-request-params: routing_id=profiles/prof_qux Example 3 Extracting a field from the request to put into the routing header, while matching a path template syntax on the field's value. NB: it is more useful to send nothing than to send garbage for the purpose of dynamic routing, since garbage pollutes cache. Thus the matching. Sub-example 3a The field matches the template. annotation: option (google.api.routing) = { // Take the `table_name`, if it's well-formed (with project-based // syntax). routing_parameters { field: "table_name" path_template: "{table_name=projects/*/instances/*/**}" } }; result: x-goog-request-params: table_name=projects/proj_foo/instances/instance_bar/table/table_baz Sub-example 3b The field does not match the template. annotation: option (google.api.routing) = { // Take the `table_name`, if it's well-formed (with region-based // syntax). routing_parameters { field: "table_name" path_template: "{table_name=regions/*/zones/*/**}" } }; result: <no routing header will be sent> Sub-example 3c Multiple alternative conflictingly named path templates are specified. The one that matches is used to construct the header. annotation: option (google.api.routing) = { // Take the `table_name`, if it's well-formed, whether // using the region- or projects-based syntax. routing_parameters { field: "table_name" path_template: "{table_name=regions/*/zones/*/**}" } routing_parameters { field: "table_name" path_template: "{table_name=projects/*/instances/*/**}" } }; result: x-goog-request-params: table_name=projects/proj_foo/instances/instance_bar/table/table_baz Example 4 Extracting a single routing header key-value pair by matching a template syntax on (a part of) a single request field. annotation: option (google.api.routing) = { // Take just the project id from the `table_name` field. routing_parameters { field: "table_name" path_template: "{routing_id=projects/*}/**" } }; result: x-goog-request-params: routing_id=projects/proj_foo Example 5 Extracting a single routing header key-value pair by matching several conflictingly named path templates on (parts of) a single request field. The last template to match "wins" the conflict. annotation: option (google.api.routing) = { // If the `table_name` does not have instances information, // take just the project id for routing. // Otherwise take project + instance. routing_parameters { field: "table_name" path_template: "{routing_id=projects/*}/**" } routing_parameters { field: "table_name" path_template: "{routing_id=projects/*/instances/*}/**" } }; result: x-goog-request-params: routing_id=projects/proj_foo/instances/instance_bar Example 6 Extracting multiple routing header key-value pairs by matching several non-conflicting path templates on (parts of) a single request field. Sub-example 6a Make the templates strict, so that if the `table_name` does not have an instance information, nothing is sent. annotation: option (google.api.routing) = { // The routing code needs two keys instead of one composite // but works only for the tables with the "project-instance" name // syntax. routing_parameters { field: "table_name" path_template: "{project_id=projects/*}/instances/*/**" } routing_parameters { field: "table_name" path_template: "projects/*/{instance_id=instances/*}/**" } }; result: x-goog-request-params: project_id=projects/proj_foo&instance_id=instances/instance_bar Sub-example 6b Make the templates loose, so that if the `table_name` does not have an instance information, just the project id part is sent. annotation: option (google.api.routing) = { // The routing code wants two keys instead of one composite // but will work with just the `project_id` for tables without // an instance in the `table_name`. routing_parameters { field: "table_name" path_template: "{project_id=projects/*}/**" } routing_parameters { field: "table_name" path_template: "projects/*/{instance_id=instances/*}/**" } }; result (is the same as 6a for our example message because it has the instance information): x-goog-request-params: project_id=projects/proj_foo&instance_id=instances/instance_bar Example 7 Extracting multiple routing header key-value pairs by matching several path templates on multiple request fields. NB: note that here there is no way to specify sending nothing if one of the fields does not match its template. E.g. if the `table_name` is in the wrong format, the `project_id` will not be sent, but the `routing_id` will be. The backend routing code has to be aware of that and be prepared to not receive a full complement of keys if it expects multiple. annotation: option (google.api.routing) = { // The routing needs both `project_id` and `routing_id` // (from the `app_profile_id` field) for routing. routing_parameters { field: "table_name" path_template: "{project_id=projects/*}/**" } routing_parameters { field: "app_profile_id" path_template: "{routing_id=**}" } }; result: x-goog-request-params: project_id=projects/proj_foo&routing_id=profiles/prof_qux Example 8 Extracting a single routing header key-value pair by matching several conflictingly named path templates on several request fields. The last template to match "wins" the conflict. annotation: option (google.api.routing) = { // The `routing_id` can be a project id or a region id depending on // the table name format, but only if the `app_profile_id` is not set. // If `app_profile_id` is set it should be used instead. routing_parameters { field: "table_name" path_template: "{routing_id=projects/*}/**" } routing_parameters { field: "table_name" path_template: "{routing_id=regions/*}/**" } routing_parameters { field: "app_profile_id" path_template: "{routing_id=**}" } }; result: x-goog-request-params: routing_id=profiles/prof_qux Example 9 Bringing it all together. annotation: option (google.api.routing) = { // For routing both `table_location` and a `routing_id` are needed. // // table_location can be either an instance id or a region+zone id. // // For `routing_id`, take the value of `app_profile_id` // - If it's in the format `profiles/<profile_id>`, send // just the `<profile_id>` part. // - If it's any other literal, send it as is. // If the `app_profile_id` is empty, and the `table_name` starts with // the project_id, send that instead. routing_parameters { field: "table_name" path_template: "projects/*/{table_location=instances/*}/tables/*" } routing_parameters { field: "table_name" path_template: "{table_location=regions/*/zones/*}/tables/*" } routing_parameters { field: "table_name" path_template: "{routing_id=projects/*}/**" } routing_parameters { field: "app_profile_id" path_template: "{routing_id=**}" } routing_parameters { field: "app_profile_id" path_template: "profiles/{routing_id=*}" } }; result: x-goog-request-params: table_location=instances/instance_bar&routing_id=prof_qux

• repeated RoutingParameter routing_parameters = 2

  A collection of Routing Parameter specifications. **NOTE:** If multiple Routing Parameters describe the same key (via the `path_template` field or via the `field` field when `path_template` is not provided), "last one wins" rule determines which Parameter gets used. See the examples for more details.

Settings for Ruby client libraries.

Used in: ClientLibrarySettings

• optional CommonLanguageSettings common = 1

  Some settings.

This message is used to configure the generation of a subset of the RPCs in a service for client libraries.

Used in: CommonLanguageSettings

• repeated string methods = 1

  An allowlist of the fully qualified names of RPCs that should be included on public client surfaces.

• bool generate_omitted_as_internal = 2

  Setting this to true indicates to the client generators that methods that would be excluded from the generation should instead be generated in a way that indicates these methods should not be consumed by end users. How this is expressed is up to individual language implementations to decide. Some examples may be: added annotations, obfuscated identifiers, or other language idiomatic patterns.

`Service` is the root object of Google API service configuration (service config). It describes the basic information about a logical service, such as the service name and the user-facing title, and delegates other aspects to sub-sections. Each sub-section is either a proto message or a repeated proto message that configures a specific aspect, such as auth. For more information, see each proto message definition. Example: type: google.api.Service name: calendar.googleapis.com title: Google Calendar API apis: - name: google.calendar.v3.Calendar visibility: rules: - selector: "google.calendar.v3.*" restriction: PREVIEW backend: rules: - selector: "google.calendar.v3.*" address: calendar.example.com authentication: providers: - id: google_calendar_auth jwks_uri: https://www.googleapis.com/oauth2/v1/certs issuer: https://securetoken.google.com rules: - selector: "*" requirements: provider_id: google_calendar_auth

• string name = 1

  The service name, which is a DNS-like logical identifier for the service, such as `calendar.googleapis.com`. The service name typically goes through DNS verification to make sure the owner of the service also owns the DNS name.

• string title = 2

  The product title for this service, it is the name displayed in Google Cloud Console.

• string producer_project_id = 22

  The Google project that owns this service.

• string id = 33

  A unique ID for a specific instance of this message, typically assigned by the client for tracking purpose. Must be no longer than 63 characters and only lower case letters, digits, '.', '_' and '-' are allowed. If empty, the server may choose to generate one instead.

• repeated protobuf.Api apis = 3

  A list of API interfaces exported by this service. Only the `name` field of the [google.protobuf.Api][google.protobuf.Api] needs to be provided by the configuration author, as the remaining fields will be derived from the IDL during the normalization process. It is an error to specify an API interface here which cannot be resolved against the associated IDL files.

• repeated protobuf.Type types = 4

  A list of all proto message types included in this API service. Types referenced directly or indirectly by the `apis` are automatically included. Messages which are not referenced but shall be included, such as types used by the `google.protobuf.Any` type, should be listed here by name by the configuration author. Example: types: - name: google.protobuf.Int32

• repeated protobuf.Enum enums = 5

  A list of all enum types included in this API service. Enums referenced directly or indirectly by the `apis` are automatically included. Enums which are not referenced but shall be included should be listed here by name by the configuration author. Example: enums: - name: google.someapi.v1.SomeEnum

• optional Documentation documentation = 6

  Additional API documentation.

• optional Backend backend = 8

  API backend configuration.

• optional Http http = 9

  HTTP configuration.

• optional Quota quota = 10

  Quota configuration.

• optional Authentication authentication = 11

  Auth configuration.

• optional Context context = 12

  Context configuration.

• optional Usage usage = 15

  Configuration controlling usage of this service.

• repeated Endpoint endpoints = 18

  Configuration for network endpoints. If this is empty, then an endpoint with the same name as the service is automatically generated to service all defined APIs.

• optional Control control = 21

  Configuration for the service control plane.

• repeated LogDescriptor logs = 23

  Defines the logs used by this service.

• repeated MetricDescriptor metrics = 24

  Defines the metrics used by this service.

• repeated MonitoredResourceDescriptor monitored_resources = 25

  Defines the monitored resources used by this service. This is required by the [Service.monitoring][google.api.Service.monitoring] and [Service.logging][google.api.Service.logging] configurations.

• optional Billing billing = 26

  Billing configuration.

• optional Logging logging = 27

  Logging configuration.

• optional Monitoring monitoring = 28

  Monitoring configuration.

• optional SystemParameters system_parameters = 29

  System parameter configuration.

• optional SourceInfo source_info = 37

  Output only. The source information for this configuration if available.

• optional Publishing publishing = 45

  Settings for [Google Cloud Client libraries](https://cloud.google.com/apis/docs/cloud-client-libraries) generated from APIs defined as protocol buffers.

• optional protobuf.UInt32Value config_version = 20

  Obsolete. Do not use. This field has no semantic meaning. The service config compiler always sets this field to `3`.

Source information used to create a Service Config

Used in: Service

• repeated protobuf.Any source_files = 1

  All files used during config generation.

Define a parameter's name and location. The parameter may be passed as either an HTTP header or a URL query parameter, and if both are passed the behavior is implementation-dependent.

Used in: SystemParameterRule

• string name = 1

  Define the name of the parameter, such as "api_key" . It is case sensitive.

• string http_header = 2

  Define the HTTP header name to use for the parameter. It is case insensitive.

• string url_query_parameter = 3

  Define the URL query parameter name to use for the parameter. It is case sensitive.

Define a system parameter rule mapping system parameter definitions to methods.

Used in: SystemParameters

• string selector = 1

  Selects the methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.

• repeated SystemParameter parameters = 2

  Define parameters. Multiple names may be defined for a parameter. For a given method call, only one of them should be used. If multiple names are used the behavior is implementation-dependent. If none of the specified names are present the behavior is parameter-dependent.

### System parameter configuration A system parameter is a special kind of parameter defined by the API system, not by an individual API. It is typically mapped to an HTTP header and/or a URL query parameter. This configuration specifies which methods change the names of the system parameters.

Used in: Service

• repeated SystemParameterRule rules = 1

  Define system parameters. The parameters defined here will override the default parameters implemented by the system. If this field is missing from the service config, default system parameters will be used. Default system parameters and names is implementation-dependent. Example: define api key for all methods system_parameters rules: - selector: "*" parameters: - name: api_key url_query_parameter: api_key Example: define 2 api key names for a specific method. system_parameters rules: - selector: "/ListShelves" parameters: - name: api_key http_header: Api-Key1 - name: api_key http_header: Api-Key2 **NOTE:** All service configuration rules follow "last one wins" order.

A reference to a message type, for use in [FieldInfo][google.api.FieldInfo].

Used in: FieldInfo

• string type_name = 1

  The name of the type that the annotated, generic field may represent. If the type is in the same protobuf package, the value can be the simple message name e.g., `"MyMessage"`. Otherwise, the value must be the fully-qualified message name e.g., `"google.library.v1.Book"`. If the type(s) are unknown to the service (e.g. the field accepts generic user input), use the wildcard `"*"` to denote this behavior. See [AIP-202](https://google.aip.dev/202#type-references) for more details.

Configuration controlling usage of a service.

Used in: Service

• repeated string requirements = 1

  Requirements that must be satisfied before a consumer project can use the service. Each requirement is of the form <service.name>/<requirement-id>; for example 'serviceusage.googleapis.com/billing-enabled'. For Google APIs, a Terms of Service requirement must be included here. Google Cloud APIs must include "serviceusage.googleapis.com/tos/cloud". Other Google APIs should include "serviceusage.googleapis.com/tos/universal". Additional ToS can be included based on the business needs.

• repeated UsageRule rules = 6

  A list of usage rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order.

• string producer_notification_channel = 7

  The full resource name of a channel used for sending notifications to the service producer. Google Service Management currently only supports [Google Cloud Pub/Sub](https://cloud.google.com/pubsub) as a notification channel. To use Google Cloud Pub/Sub as the channel, this must be the name of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format documented in https://cloud.google.com/pubsub/docs/overview.

Usage configuration rules for the service. NOTE: Under development. Use this rule to configure unregistered calls for the service. Unregistered calls are calls that do not contain consumer project identity. (Example: calls that do not contain an API key). By default, API methods do not allow unregistered calls, and each method call must be identified by a consumer project identity. Use this rule to allow/disallow unregistered calls. Example of an API that wants to allow unregistered calls for entire service. usage: rules: - selector: "*" allow_unregistered_calls: true Example of a method that wants to allow unregistered calls. usage: rules: - selector: "google.example.library.v1.LibraryService.CreateBook" allow_unregistered_calls: true

Used in: Usage

• string selector = 1

  Selects the methods to which this rule applies. Use '*' to indicate all methods in all APIs. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.

• bool allow_unregistered_calls = 2

  If true, the selected method allows unregistered calls, e.g. calls that don't identify any user or application.

• bool skip_service_control = 3

  If true, the selected method should skip service control and the control plane features, such as quota and billing, will not be available. This flag is used by Google Cloud Endpoints to bypass checks for internal methods, such as service health check methods.

`Visibility` restricts service consumer's access to service elements, such as whether an application can call a visibility-restricted method. The restriction is expressed by applying visibility labels on service elements. The visibility labels are elsewhere linked to service consumers. A service can define multiple visibility labels, but a service consumer should be granted at most one visibility label. Multiple visibility labels for a single service consumer are not supported. If an element and all its parents have no visibility label, its visibility is unconditionally granted. Example: visibility: rules: - selector: google.calendar.Calendar.EnhancedSearch restriction: PREVIEW - selector: google.calendar.Calendar.Delegate restriction: INTERNAL Here, all methods are publicly visible except for the restricted methods EnhancedSearch and Delegate.

• repeated VisibilityRule rules = 1

  A list of visibility rules that apply to individual API elements. **NOTE:** All service configuration rules follow "last one wins" order.

A visibility rule provides visibility configuration for an individual API element.

Used in: Visibility

• string selector = 1

  Selects methods, messages, fields, enums, etc. to which this rule applies. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.

• string restriction = 2

  A comma-separated list of visibility labels that apply to the `selector`. Any of the listed labels can be used to grant the visibility. If a rule has multiple labels, removing one of the labels but not all of them can break clients. Example: visibility: rules: - selector: google.calendar.Calendar.EnhancedSearch restriction: INTERNAL, PREVIEW Removing INTERNAL from this restriction will break clients that rely on this method and only had access to it through INTERNAL.