You use Identity and Access Management (IAM) APIs to create Service Accounts, and to manage access policies for users and service accounts. You can also use these APIs to examine the available roles and permissions that you can grant to users and service accounts.
Service accounts are used to obtain access tokens, and to identify permissions for API calls.
SASE uses roles to identify what access a service or user account has to the various SASE products and services.
These APIs use the common SASE authentication for service access and authorization.