Authenticating requests to the Google BigQuery API

The BigQuery API requires all requests to be authenticated as a user or a service account. This guide describes how to perform authentication in various application scenarios.

Application Default Credentials

Application Default Credentials should be used in most cases. It allows your application to use its own default service account credentials to access BigQuery tables as its own identity. Unless your application accesses BigQuery tables only available to its end user, or requires queries be billed to the end user's Cloud Platform project rather than the application's project, you should use Application Default Credentials

Client libraries can use Application Default Credentials to easily authenticate with Google APIs and send requests to those APIs. With Application Default Credentials, you can test your application locally and deploy it without changing the underlying code. For more information, including code samples, see Google Cloud Platform Auth Guide.

The following code sample demonstrates authenticating BigQuery Client Libraries using Application Default Credentials:

C#

For more on installing and creating a BigQuery client, refer to BigQuery Client Libraries.

using System;
// Imports the Google Cloud client library
using Google.Bigquery.V2;

public class QuickstartSample
{
    public static void Main()
    {
        // Your Google Cloud Platform project ID
        string projectId = "YOUR_PROJECT_ID";

        // Instantiates a client
        BigqueryClient client = BigqueryClient.Create(projectId);

        // The id for the new dataset
        string datasetId = "my_new_dataset";

        // Creates the dataset
        BigqueryDataset dataset = client.CreateDataset(datasetId);

        Console.WriteLine($"Dataset {dataset.FullyQualifiedId} created.");
    }
}

Go

For more on installing and creating a BigQuery client, refer to BigQuery Client Libraries.

// Sample bigquery_quickstart creates a Google BigQuery dataset.
package main

import (
	"fmt"
	"golang.org/x/net/context"
	"log"

	// Imports the Google Cloud Datastore client package
	"cloud.google.com/go/bigquery"
)

func main() {
	ctx := context.Background()

	// Your Google Cloud Platform project ID
	projectID := "YOUR_PROJECT_ID"

	// Creates a client
	client, err := bigquery.NewClient(ctx, projectID)
	if err != nil {
		log.Fatalf("Failed to create client: %v", err)
	}

	// The name for the new dataset
	datasetName := "my_new_dataset"

	// Prepares the new dataset
	dataset := client.Dataset(datasetName)

	// Creates the dataset
	if err := dataset.Create(ctx); err != nil {
		log.Fatalf("Failed to create dataset: %v", err)
	}

	fmt.Printf("Dataset %v created", dataset)
}

Java

For more on installing and creating a BigQuery client, refer to BigQuery Client Libraries.

// Imports the Google Cloud client library
import com.google.cloud.bigquery.BigQuery;
import com.google.cloud.bigquery.BigQueryOptions;
import com.google.cloud.bigquery.Dataset;
import com.google.cloud.bigquery.DatasetInfo;

public class QuickstartSample {
  public static void main(String... args) throws Exception {
    // Instantiates a client
    BigQuery bigquery = BigQueryOptions.defaultInstance().service();

    // The name for the new dataset
    String datasetName = "my_new_dataset";

    // Prepares a new dataset
    Dataset dataset = null;
    DatasetInfo datasetInfo = DatasetInfo.builder(datasetName).build();

    // Creates the dataset
    dataset = bigquery.create(datasetInfo);

    System.out.printf("Dataset %s created.%n", dataset.datasetId().dataset());
  }
}

Node.js

For more on installing and creating a BigQuery client, refer to BigQuery Client Libraries.

// Imports the Google Cloud client library
const BigQuery = require('@google-cloud/bigquery');

// Your Google Cloud Platform project ID
const projectId = 'YOUR_PROJECT_ID';

// Instantiates a client
const bigquery = BigQuery({
  projectId: projectId
});

// The name for the new dataset
const datasetName = 'my_new_dataset';

// Creates the new dataset
bigquery.createDataset(datasetName)
  .then((results) => {
    const dataset = results[0];

    console.log(`Dataset ${dataset.id} created.`);
  });

PHP

For more on installing and creating a BigQuery client, refer to BigQuery Client Libraries.

# Includes the autoloader for libraries installed with composer
require __DIR__ . '/vendor/autoload.php';

# Imports the Google Cloud client library
use Google\Cloud\BigQuery\BigQueryClient;

# Your Google Cloud Platform project ID
$projectId = 'YOUR_PROJECT_ID';

# Instantiates a client
$bigquery = new BigQueryClient([
    'projectId' => $projectId
]);

# The name for the new dataset
$datasetName = 'my_new_dataset';

# Creates the new dataset
$dataset = $bigquery->createDataset($datasetName);

echo 'Dataset ' . $dataset->id() . ' created.';

Python

For more on installing and creating a BigQuery client, refer to BigQuery Client Libraries.

# Imports the Google Cloud client library
from google.cloud import bigquery

# Instantiates a client
bigquery_client = bigquery.Client()

# The name for the new dataset
dataset_name = 'my_new_dataset'

# Prepares the new dataset
dataset = bigquery_client.dataset(dataset_name)

# Creates the new dataset
dataset.create()

print('Dataset {} created.'.format(dataset.name))

Ruby

For more on installing and creating a BigQuery client, refer to BigQuery Client Libraries.

# Imports the Google Cloud client library
require "google/cloud/bigquery"

# Your Google Cloud Platform project ID
project_id = "YOUR_PROJECT_ID"

# Instantiates a client
bigquery = Google::Cloud::Bigquery.new project: project_id

# The name for the new dataset
dataset_name = "my_new_dataset"

# Creates the new dataset
dataset = bigquery.create_dataset dataset_name

puts "Dataset #{dataset.dataset_id} created."

Authenticating as an end user

If your application needs to access BigQuery using the end user's identity (e.g. if the table they'd like to access has an access control list specified that restricts access to your end user), you can use the OAuth 2.0 flow to obtain user credentials in various scenarios.

The credential object you obtain at the end of the flow can then be used as above in place of the application's default credentials object. See the documentation for your client library for details on how to obtain such a credentials object.

Send feedback about...

BigQuery Documentation