> ## Documentation Index
> Fetch the complete documentation index at: https://docs.chronosphere.io/llms.txt
> Use this file to discover all available pages before exploring further.

# CreateServiceAccount



## OpenAPI

````yaml openapi/api_v1_config_openapi3_DOCUMENTATION_ONLY.json POST /api/v1/config/service-accounts
openapi: 3.0.3
info:
  description: >

    The Config API provides standard HTTP/JSON REST endpoints for creating,
    reading,

    updating, deleting, and listing configurable Chronosphere resources.


    Use this link to download the raw Swagger specification:

    <a href="/api/v1/config/swagger.json">/api/v1/config/swagger.json</a>
  title: Config V1 API
  version: v1
servers:
  - url: https://{tenant}.chronosphere.io
    variables:
      tenant:
        default: tenant
        description: tenant ID assigned by the service provider
security:
  - ApiKeyAuth: []
tags:
  - name: ConfigV1
paths:
  /api/v1/config/service-accounts:
    post:
      tags:
        - ServiceAccount
      operationId: CreateServiceAccount
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/configv1CreateServiceAccountRequest'
        required: true
        x-originalParamName: body
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/configv1CreateServiceAccountResponse'
          description: A successful response containing the created ServiceAccount.
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiError'
          description: Cannot create the ServiceAccount because the request is invalid.
        '409':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiError'
          description: >-
            Cannot create the ServiceAccount because there is a conflict with an
            existing ServiceAccount.
        '500':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/apiError'
          description: An unexpected error response.
        default:
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/genericError'
          description: An undefined error response.
components:
  schemas:
    configv1CreateServiceAccountRequest:
      properties:
        dry_run:
          description: >-
            If `true`, validates the specified configuration without creating
            the ServiceAccount. If the specified configuration is valid, the
            endpoint returns a partial response without the ServiceAccount. If
            the specified configuration is invalid, the endpoint returns an
            error.
          type: boolean
        service_account:
          allOf:
            - $ref: '#/components/schemas/configv1ServiceAccount'
          description: The ServiceAccount to create.
      type: object
    configv1CreateServiceAccountResponse:
      properties:
        service_account:
          $ref: '#/components/schemas/configv1ServiceAccount'
      type: object
    apiError:
      properties:
        message:
          description: An error message describing what went wrong.
          type: string
      type: object
    genericError:
      additionalProperties: true
      type: object
    configv1ServiceAccount:
      properties:
        created_at:
          description: >-
            Timestamp of when the ServiceAccount was created. Cannot be set by
            clients.
          format: date-time
          readOnly: true
          type: string
        email:
          description: >-
            The unique email user for this service account. Cannot be set by
            clients.
          readOnly: true
          type: string
        metrics_restriction:
          allOf:
            - $ref: '#/components/schemas/ServiceAccountMetricsRestriction'
          description: |-
            If set, restricts access of the service account to only metric data.

            Only one of `unrestricted` or `metrics_restriction` must be set.
        name:
          description: >-
            The name of the ServiceAccount. You can modify this value after the
            ServiceAccount is created.
          type: string
        slug:
          description: >-
            The unique identifier of the ServiceAccount. If a `slug` isn't
            provided, one is generated based on the `name` field. You can't
            modify this field after the ServiceAccount is created.
          type: string
        token:
          description: >-
            Generated API token of the service account. Cannot be set by
            clients.


            The token is set only once by the server in the
            `CreateServiceAccount` response.

            The `ReadServiceAccount` response always returns an empty token.
            Therefore, when

            creating a service account, ensure you securely store the response
            token.

            If you lose the token, you must delete and recreate the service
            account to

            generate a new token.
          readOnly: true
          type: string
        unrestricted:
          description: >-
            If set, grants the service account access to all Chronosphere APIs,
            including

            resource configuration and metric data within the access controls
            defined by the

            service account's team membership.


            Only one of `unrestricted` or `metrics_restriction` must be set.
          type: boolean
        updated_at:
          description: >-
            Timestamp of when the ServiceAccount was last updated. Cannot be set
            by clients.
          format: date-time
          readOnly: true
          type: string
      required:
        - name
      type: object
    ServiceAccountMetricsRestriction:
      properties:
        labels:
          additionalProperties:
            type: string
          description: >-
            Optional. Specifies labels that further restrict the service account
            to only

            read or write metrics with the given label names and values.
          type: object
        permission:
          allOf:
            - $ref: '#/components/schemas/MetricsRestrictionPermission'
          description: >-
            Permission that defines the access level of the service account to
            only metric data:

            - `READ` grants read-only access.

            - `WRITE` grants write-only access.

            - `READ_WRITE` grants read and write access.
      required:
        - permission
      type: object
    MetricsRestrictionPermission:
      enum:
        - READ
        - WRITE
        - READ_WRITE
      type: string
  securitySchemes:
    ApiKeyAuth:
      description: Chronosphere API token
      in: header
      name: API-Token
      type: apiKey

````