Getting credentials for API access

Open the Google Cloud Console in your browser by navigating to https://console.cloud.google.com, and choose the project for which you want to enable the API from the top menu bar. Click on the APIs & services option in the menu as shown in the following screenshot to see the API dashboard for the project. Click on the Library option in the left-hand-side navigation on the API Dashboard:

The first step in using the APIs is to enable the required APIs for the project. A Google Cloud project may be using various services such as Google Cloud Storage to upload files, Google BigQuery to insert data, and other services. It is important to enable API for these services first. The API dashboard will show the list of APIs that are enabled by default for the project and any additional APIs that were enabled by the admin account.

Verify that BigQuery API is enabled for that project and, in addition, enable the Google Cloud Storage API as well so that the demo application shown in this chapter can upload files to Google Cloud Storage. If BigQuery API is not enabled, then search for the API by clicking on the Libraries in the left-hand-side navigation menu and enable it.

In case of any security breach or exploitation of resources on your Google Cloud account, disable the APIs and then find the cause and fix it. It is recommended that you regenerate the credentials, provide them to the applications, and enable the API again.

The following are three types of credentials available for using Google Cloud APIs. Choose the appropriate type of credentials based on your application type:

  • API Key: This is an encrypted string that can be passed via a URL in API calls. The API Keys cannot be used to access the Google BigQuery service but can be used to access a few other services such as Google Vision API, Google Translate API, and so on. Not all services on Google Cloud can be accessed via API key. This option is not recommended for actual application development.
  • OAuth client ID: If your application wants to track the actual user who is calling the APIs, then use OAuth client ID. The users then have to provide their Google account credentials and authorize the application to use their credentials for calling the APIs used in the application. To use the OAuth client ID, the admin must set up a consent screen, entering details about the contact email, product URL, and so on. This type of authentication is recommended for web applications, desktop, and mobile applications. The actual user accounts can be added to the project and assigned to appropriate roles.
  • Service Account Key: Service account is a special account on Google Cloud used in Google Cloud projects. These accounts can be assigned to roles in the project to access the required services in the required mode. Service account is the preferred means of authentication because the end user need not enter their credentials to access the API services. Service account credentials can be downloaded as a JSON file or P12 file and the application that uses this file will send these credentials to get an access token. 
The code examples in this chapter use a service account key to access APIs and perform operations. This chapter has code samples in C# in Microsoft .NET and Python for accessing the BigQuery APIs.

To choose the right type of credentials for your application, click on the Help me choose option (as shown in the following screenshot) in the credentials section of APIs & services. The credential type changes based on the application type and the services it needs to access:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.15.38.176