OK
Roles matching the request
Not more than 100 elements.
Internal Server Error. Reach out to support.
RPC status code, as described here.
Values are OK, CANCELLED, UNKNOWN, INVALID_ARGUMENT, DEADLINE_EXCEEDED, NOT_FOUND, ALREADY_EXISTS, PERMISSION_DENIED, UNAUTHENTICATED, RESOURCE_EXHAUSTED, FAILED_PRECONDITION, ABORTED, OUT_OF_RANGE, UNIMPLEMENTED, INTERNAL, UNAVAILABLE, or DATA_LOSS.
A list of messages that carries the error details.
Details of the error.
Describes violations in a client request. This error type focuses on the syntactic aspects of the request.
Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
Value is type.googleapis.com/google.rpc.BadRequest.
Describes all violations in a client request.
A message type used to describe a single bad request field.
A description of why the request element is bad.
A path that leads to a field in the request body. The value will be a sequence of dot-separated identifiers that identify a protocol buffer field.
Consider the following:
message CreateContactRequest { message EmailAddress { enum Type { TYPE_UNSPECIFIED = 0; HOME = 1; WORK = 2; }
optional string email = 1; repeated EmailType type = 2; }
string full_name = 1; repeated EmailAddress email_addresses = 2; }
In this example, in proto field could take one of the following values:
full_name for a violation in the full_name valueemail_addresses[1].email for a violation in the email field of the
first email_addresses messageemail_addresses[3].type[2] for a violation in the second type
value in the third email_addresses message.In JSON, the same values are represented as:
fullName for a violation in the fullName valueemailAddresses[1].email for a violation in the email field of the
first emailAddresses messageemailAddresses[3].type[2] for a violation in the second type
value in the third emailAddresses message.Provides a localized error message that is safe to return to the user which can be attached to an RPC error.
The reason of the field-level error. This is a constant value that
identifies the proximate cause of the field-level error. It should
uniquely identify the type of the FieldViolation within the scope of the
google.rpc.ErrorInfo.domain. This should be at most 63
characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9],
which represents UPPER_SNAKE_CASE.
Describes the cause of the error with structured details.
Example of an error when contacting the "pubsub.googleapis.com" API when it is not enabled:
{ "reason": "API_DISABLED" "domain": "googleapis.com" "metadata": { "resource": "projects/123", "service": "pubsub.googleapis.com" } }
This response indicates that the pubsub.googleapis.com API is not enabled.
Example of an error that is returned when attempting to create a Spanner instance in a region that is out of stock:
{ "reason": "STOCKOUT" "domain": "spanner.googleapis.com", "metadata": { "availableRegions": "us-central1,us-east2" } }
Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
Value is type.googleapis.com/google.rpc.ErrorInfo.
The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com".
Additional structured details about this error.
Keys must match a regular expression of [a-z][a-zA-Z0-9-_]+ but should
ideally be lowerCamelCase. Also, they must be limited to 64 characters in
length. When identifying the current value of an exceeded limit, the units
should be contained in the key, not the value. For example, rather than
{"instanceLimit": "100/request"}, should be returned as,
{"instanceLimitPerRequest": "100"}, if the client exceeds the number of
instances that can be created in a single (batch) request.
The reason of the error. This is a constant value that identifies the
proximate cause of the error. Error reasons are unique within a particular
domain of errors. This should be at most 63 characters and match a
regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents
UPPER_SNAKE_CASE.
Describes how a quota check failed.
For example if a daily limit was exceeded for the calling project,
a service could respond with a QuotaFailure detail containing the project
id and the description of the quota limit that was exceeded. If the
calling project hasn't enabled the service in the developer console, then
a service could respond with the project id and set service_disabled
to true.
Also see RetryInfo and Help types for other details about handling a quota failure.
Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
Value is type.googleapis.com/google.rpc.QuotaFailure.
Describes all quota violations.
A message type used to describe a single quota violation. For example, a daily quota or a custom quota that was exceeded.
The API Service from which the QuotaFailure.Violation orginates. In
some cases, Quota issues originate from an API Service other than the one
that was called. In other words, a dependency of the called API Service
could be the cause of the QuotaFailure, and this field would have the
dependency API service name.
For example, if the called API is Kubernetes Engine API (container.googleapis.com), and a quota violation occurs in the Kubernetes Engine API itself, this field would be "container.googleapis.com". On the other hand, if the quota violation occurs when the Kubernetes Engine API creates VMs in the Compute Engine API (compute.googleapis.com), this field would be "compute.googleapis.com".
A description of how the quota check failed. Clients can use this description to find more about the quota configuration in the service's public documentation, or find the relevant quota limit to adjust through developer console.
For example: "Service disabled" or "Daily Limit for read operations exceeded".
The new quota value being rolled out at the time of the violation. At the completion of the rollout, this value will be enforced in place of quota_value. If no rollout is in progress at the time of the violation, this field is not set.
For example, if at the time of the violation a rollout is in progress changing the number of CPUs quota from 10 to 20, 20 would be the value of this field.
The dimensions of the violated quota. Every non-global quota is enforced on a set of dimensions. While quota metric defines what to count, the dimensions specify for what aspects the counter should be increased.
For example, the quota "CPUs per region per VM family" enforces a limit on the metric "compute.googleapis.com/cpus_per_vm_family" on dimensions "region" and "vm_family". And if the violation occurred in region "us-central1" and for VM family "n1", the quota_dimensions would be,
{ "region": "us-central1", "vm_family": "n1", }
When a quota is enforced globally, the quota_dimensions would always be empty.
The id of the violated quota. Also know as "limit name", this is the unique identifier of a quota in the context of an API service.
For example, "CPUS-PER-VM-FAMILY-per-project-region".
The metric of the violated quota. A quota metric is a named counter to measure usage, such as API requests or CPUs. When an activity occurs in a service, such as Virtual Machine allocation, one or more quota metrics may be affected.
For example, "compute.googleapis.com/cpus_per_vm_family", "storage.googleapis.com/internet_egress_bandwidth".
The enforced quota value at the time of the QuotaFailure.
For example, if the enforced quota value at the time of the
QuotaFailure on the number of CPUs is "10", then the value of this
field would reflect this quantity.
The subject on which the quota check failed. For example, "clientip:" or "project:".
Provides links to documentation or for performing an out of band action.
For example, if a quota check failed with an error indicating the calling project hasn't enabled the accessed service, this can contain a URL pointing directly to the right place in the developer console to flip the bit.
Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
Value is type.googleapis.com/google.rpc.Help.
URL(s) pointing to additional information on handling the current error.
Detailed error message. No compatibility guarantees are given for the text contained in this message.
An unexpected error response.
RPC status code, as described here.
Values are OK, CANCELLED, UNKNOWN, INVALID_ARGUMENT, DEADLINE_EXCEEDED, NOT_FOUND, ALREADY_EXISTS, PERMISSION_DENIED, UNAUTHENTICATED, RESOURCE_EXHAUSTED, FAILED_PRECONDITION, ABORTED, OUT_OF_RANGE, UNIMPLEMENTED, INTERNAL, UNAVAILABLE, or DATA_LOSS.
A list of messages that carries the error details.
Details of the error.
Describes violations in a client request. This error type focuses on the syntactic aspects of the request.
Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
Value is type.googleapis.com/google.rpc.BadRequest.
Describes all violations in a client request.
A message type used to describe a single bad request field.
A description of why the request element is bad.
A path that leads to a field in the request body. The value will be a sequence of dot-separated identifiers that identify a protocol buffer field.
Consider the following:
message CreateContactRequest { message EmailAddress { enum Type { TYPE_UNSPECIFIED = 0; HOME = 1; WORK = 2; }
optional string email = 1; repeated EmailType type = 2; }
string full_name = 1; repeated EmailAddress email_addresses = 2; }
In this example, in proto field could take one of the following values:
full_name for a violation in the full_name valueemail_addresses[1].email for a violation in the email field of the
first email_addresses messageemail_addresses[3].type[2] for a violation in the second type
value in the third email_addresses message.In JSON, the same values are represented as:
fullName for a violation in the fullName valueemailAddresses[1].email for a violation in the email field of the
first emailAddresses messageemailAddresses[3].type[2] for a violation in the second type
value in the third emailAddresses message.Provides a localized error message that is safe to return to the user which can be attached to an RPC error.
The reason of the field-level error. This is a constant value that
identifies the proximate cause of the field-level error. It should
uniquely identify the type of the FieldViolation within the scope of the
google.rpc.ErrorInfo.domain. This should be at most 63
characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9],
which represents UPPER_SNAKE_CASE.
Describes the cause of the error with structured details.
Example of an error when contacting the "pubsub.googleapis.com" API when it is not enabled:
{ "reason": "API_DISABLED" "domain": "googleapis.com" "metadata": { "resource": "projects/123", "service": "pubsub.googleapis.com" } }
This response indicates that the pubsub.googleapis.com API is not enabled.
Example of an error that is returned when attempting to create a Spanner instance in a region that is out of stock:
{ "reason": "STOCKOUT" "domain": "spanner.googleapis.com", "metadata": { "availableRegions": "us-central1,us-east2" } }
Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
Value is type.googleapis.com/google.rpc.ErrorInfo.
The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com".
Additional structured details about this error.
Keys must match a regular expression of [a-z][a-zA-Z0-9-_]+ but should
ideally be lowerCamelCase. Also, they must be limited to 64 characters in
length. When identifying the current value of an exceeded limit, the units
should be contained in the key, not the value. For example, rather than
{"instanceLimit": "100/request"}, should be returned as,
{"instanceLimitPerRequest": "100"}, if the client exceeds the number of
instances that can be created in a single (batch) request.
The reason of the error. This is a constant value that identifies the
proximate cause of the error. Error reasons are unique within a particular
domain of errors. This should be at most 63 characters and match a
regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents
UPPER_SNAKE_CASE.
Describes how a quota check failed.
For example if a daily limit was exceeded for the calling project,
a service could respond with a QuotaFailure detail containing the project
id and the description of the quota limit that was exceeded. If the
calling project hasn't enabled the service in the developer console, then
a service could respond with the project id and set service_disabled
to true.
Also see RetryInfo and Help types for other details about handling a quota failure.
Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
Value is type.googleapis.com/google.rpc.QuotaFailure.
Describes all quota violations.
A message type used to describe a single quota violation. For example, a daily quota or a custom quota that was exceeded.
The API Service from which the QuotaFailure.Violation orginates. In
some cases, Quota issues originate from an API Service other than the one
that was called. In other words, a dependency of the called API Service
could be the cause of the QuotaFailure, and this field would have the
dependency API service name.
For example, if the called API is Kubernetes Engine API (container.googleapis.com), and a quota violation occurs in the Kubernetes Engine API itself, this field would be "container.googleapis.com". On the other hand, if the quota violation occurs when the Kubernetes Engine API creates VMs in the Compute Engine API (compute.googleapis.com), this field would be "compute.googleapis.com".
A description of how the quota check failed. Clients can use this description to find more about the quota configuration in the service's public documentation, or find the relevant quota limit to adjust through developer console.
For example: "Service disabled" or "Daily Limit for read operations exceeded".
The new quota value being rolled out at the time of the violation. At the completion of the rollout, this value will be enforced in place of quota_value. If no rollout is in progress at the time of the violation, this field is not set.
For example, if at the time of the violation a rollout is in progress changing the number of CPUs quota from 10 to 20, 20 would be the value of this field.
The dimensions of the violated quota. Every non-global quota is enforced on a set of dimensions. While quota metric defines what to count, the dimensions specify for what aspects the counter should be increased.
For example, the quota "CPUs per region per VM family" enforces a limit on the metric "compute.googleapis.com/cpus_per_vm_family" on dimensions "region" and "vm_family". And if the violation occurred in region "us-central1" and for VM family "n1", the quota_dimensions would be,
{ "region": "us-central1", "vm_family": "n1", }
When a quota is enforced globally, the quota_dimensions would always be empty.
The id of the violated quota. Also know as "limit name", this is the unique identifier of a quota in the context of an API service.
For example, "CPUS-PER-VM-FAMILY-per-project-region".
The metric of the violated quota. A quota metric is a named counter to measure usage, such as API requests or CPUs. When an activity occurs in a service, such as Virtual Machine allocation, one or more quota metrics may be affected.
For example, "compute.googleapis.com/cpus_per_vm_family", "storage.googleapis.com/internet_egress_bandwidth".
The enforced quota value at the time of the QuotaFailure.
For example, if the enforced quota value at the time of the
QuotaFailure on the number of CPUs is "10", then the value of this
field would reflect this quantity.
The subject on which the quota check failed. For example, "clientip:" or "project:".
Provides links to documentation or for performing an out of band action.
For example, if a quota check failed with an error indicating the calling project hasn't enabled the accessed service, this can contain a URL pointing directly to the right place in the developer console to flip the bit.
Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
Value is type.googleapis.com/google.rpc.Help.
URL(s) pointing to additional information on handling the current error.
Detailed error message. No compatibility guarantees are given for the text contained in this message.
curl \
--request GET 'https://api.redpanda.com/v1/roles' \
--header "Authorization: Bearer $ACCESS_TOKEN"{
"next_page_token": "string",
"roles": [
{
"created_at": "2026-05-04T09:42:00Z",
"description": "Billing Admins have access to billing information.",
"id": "string",
"is_builtin": true,
"name": "billing_admin",
"permissions": [
"string"
],
"updated_at": "2026-05-04T09:42:00Z"
}
]
}{
"code": "OK",
"details": [
{
"@type": "type.googleapis.com/google.rpc.BadRequest",
"field_violations": [
{
"description": "string",
"field": "string",
"localized_message": {
"locale": "string",
"message": "string"
},
"reason": "string"
}
]
}
],
"message": "string"
}{
"code": "OK",
"details": [
{
"@type": "type.googleapis.com/google.rpc.BadRequest",
"field_violations": [
{
"description": "string",
"field": "string",
"localized_message": {
"locale": "string",
"message": "string"
},
"reason": "string"
}
]
}
],
"message": "string"
}