const url = 'http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token'; const headers = 'Metadata-Flavor': 'Google' ;
Each entry is a directory containing metadata about that service account. Typically, every GCE instance has at least the .
Response (JSON):
Developers typically use these fetches when they need to authenticate with other Google APIs (like Cloud Storage or BigQuery) without hardcoding secret keys. Using curl (Linux/VM): const url = 'http://metadata
To obtain an OAuth2 access token for the service account:
So, why would you want to fetch this URL? Here are some use cases:
When someone searches for fetch-url-http-3A-2F-2Fmetadata.google.internal-2FcomputeMetadata-2Fv1-2Finstance-2Fservice accounts-2F , they are essentially looking for a guide on . Using curl (Linux/VM): To obtain an OAuth2 access
The metadata server supports HTTP, not HTTPS. This is safe because it is a non-routable, link-local address.
When security researchers or malicious actors find a web application that fetches URLs provided by the user, they test this specific endpoint to check for Server-Side Request Forgery (SSRF). If the application lacks proper input validation, an attacker can force the server to read internal cloud resources that should never be publicly accessible. The Anatomy of the Endpoint
curl -H "Metadata-Flavor: Google" \ "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/" This is safe because it is a non-routable,
http://google.internal[AUDIENCE_URL] 3. Practical Usage Examples
Crucially, all requests to the metadata server include the header:
The Metadata Server is an internal, non-routable service accessible only from within a running Google Cloud resource (like a VM or Cloud Run instance). It acts as a secure repository for: Name, ID, zone, and custom tags. Project info: Project ID and numeric project number.
The log entry read: ERROR: Request failed for fetch-url-http-3A-2F-2Fmetadata.google.internal-2FcomputeMetadata-2Fv1-2Finstance-2Fservice-accounts-2F