Authorizing API Requests

The Google BigQuery API uses OAuth 2.0 access tokens to authorize requests. If you use the BigQuery client libraries, this is done for you automatically.

Access tokens

An OAuth 2.0 access token is a string that grants temporary access to an API. Google's OAuth 2.0 server grants access tokens for all Google APIs.


Access tokens are associated with a scope, which limits the token's access. Check the complete list of Google API scopes for scopes associated with the BigQuery API.

Getting access tokens

The Google Cloud SDK provides a command-line utility to get a temporary access token associated with your Google account and the scope.

ACCESS_TOKEN="$(gcloud auth print-access-token)"

The command-line tool is useful for trying out the APIs, but see the authentication guide to learn how to get an access token in a production environment.

Because access tokens provide only temporary authorization, you must periodically refresh them.

Authorizing requests

To authorize requests to the BigQuery API with an access token, use any of the OAuth 2.0 token usage methods.

Request header

Set the token in the Authorization request header with the value Bearer ACCESS_TOKEN.

curl -H "Authorization: Bearer $ACCESS_TOKEN" \

Query parameter

Set the token in the access_token URI parameter.$PROJECT_ID/datasets?access_token=${ACCESS_TOKEN}

What's next

Send feedback about...

BigQuery Documentation