This document describes how you authenticate to Google APIs for apps or workloads that are either running in a production environment on Compute Engine, or being tested locally for future deployment to the production environment.
| Task | Method |
|---|---|
| Authenticate apps or workloads that are in production | Use the service account that is attached to the VM. This is the most common method for authenticating apps and workloads that are running on virtual machine (VM) instances on Google Cloud. For detailed instructions, see Authenticate workloads using service accounts. |
| Authenticate apps or workloads that are in development | Use Google Cloud SDK and Application Default Credentials. For more information, see Local development environment. |
| Authorizing apps and workloads that need access to end-user resources | If you are building development or administration tools where users
grant you access to their Google Cloud resources, get your application
access to user resources by using OAuth 2.0. For detailed instructions,
see
Using OAuth 2.0 for Web Server Applications. In your request, specify an access scope that limits your access to only the methods and user information that your application requires. For a full list of services and required scopes across Google Cloud, see OAuth 2.0 Scopes for Google APIs. |
What's next
- Learn more about the following concepts: