Authenticate to Access Approval

This document describes how to authenticate to Access Approval programmatically. How you authenticate to Access Approval depends on the interface you use to access the API and the environment where your code is running.

For more information about Google Cloud authentication, see the authentication overview.

API access

Access Approval supports programmatic access. You can access the API in the following ways:

Google Cloud CLI

When you use the gcloud CLI to access Access Approval, you log in to the gcloud CLI with a Google Account, which provides the credentials used by the gcloud CLI commands.

If your organization's security policies prevent user accounts from having the required permissions, you can use service account impersonation.

For more information, see Authenticate for using the gcloud CLI. For more information about using the gcloud CLI with Access Approval, see the gcloud CLI reference pages.

REST

You can authenticate to the Access ApprovalAPI by using your gcloud CLI credentials or by using Application Default Credentials. For more information about authentication for REST requests, see Authenticate for using REST. For information about the types of credentials, see gcloud CLI credentials and ADC credentials.

Access control for Access Approval

After you authenticate to Access Approval, you must be authorized to access Google Cloud resources. Access Approval uses Identity and Access Management (IAM) for authorization.

For more information about the roles for Access Approval, see Access control with IAM. For more information about IAM and authorization, see IAM overview.

What's next