Authorizing API requests

This guide will show you how to supply an access token to the BigQuery API. If you use the BigQuery client libraries, you do not need to follow this guide, as this is done for you automatically.

Before you begin

Access tokens

The BigQuery API uses OAuth 2.0 access tokens to authorize requests. An OAuth 2.0 access token is a string that grants temporary access to an API. Google's OAuth 2.0 server grants access tokens for all Google APIs.


Access tokens are associated with a scope, which limits the token's access. Check the complete list of Google API scopes for scopes associated with the BigQuery API.

Getting access tokens

Get a temporary access token using Application default credentials.


Use the Google Cloud SDK to print an access token.

ACCESS_TOKEN="$(gcloud auth application-default print-access-token)"

See the authentication guide to learn how to get an access token in other environments.

Because access tokens provide only temporary authorization, you must periodically refresh them.

Authorizing requests

To authorize requests to the BigQuery API with an access token, use any of the OAuth 2.0 token usage methods.

Request header

Set the token in the Authorization request header with the value Bearer ACCESS_TOKEN.


curl -H "Authorization: Bearer $ACCESS_TOKEN" \

What's next