Stay organized with collections
Save and categorize content based on your preferences.
If you want to require authentication to access your API backend, you must obtain
the required client IDs and supply them to the backend by using the proper API
annotation attribute.
Android
To create the OAuth 2.0 Android client ID, you need to have a
certificate key fingerprint. If you use Android Studio, a debug keystore
and a debug key are created automatically. You can use the debug key for
testing purposes, but you must use a release key for production.
Note that the default debug keystore password is android, and
the key alias is androiddebugkey. The default location for Linux
and macOS is ~/.android/debug.keystore.
If you don't already have one, generate a debug or release key for your
Android application. If you use Android Studio, it automatically generates a
debug key in the debug keystore the first time you build an Android project.
In a Linux or macOS terminal window, you can get the fingerprint of the
key by using the keytool included with the Java SDK as follows:
The output displays a fingerprint similar to the following:
DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09
Copy and save the key fingerprint that is displayed after your run the preceding
keytool command. You need to supply the fingerprint to
generate the Android client ID in the Google Cloud console.
In the Google Cloud console, go to the Credentials page.
https://YOUR_PROJECT_ID.appspot.com,
replacing YOUR_PROJECT_ID
with your App Engine project ID if you are deploying your
backend API to your production App Engine.
Click Create.
You use the generated client ID in your API backend and in your client
application.
What's next
For information about how to support authentication in your Android or
JavaScript application, see the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-03 UTC."],[[["\u003cp\u003eAuthentication for API access requires obtaining and supplying client IDs via API annotation attributes.\u003c/p\u003e\n"],["\u003cp\u003eAndroid client ID creation necessitates a certificate key fingerprint, obtainable using the \u003ccode\u003ekeytool\u003c/code\u003e command with either a debug or release keystore.\u003c/p\u003e\n"],["\u003cp\u003eThe Google Cloud console's Credentials page is where you manage the creation of both Android and web OAuth 2.0 client IDs.\u003c/p\u003e\n"],["\u003cp\u003eFor web clients, ensure that the "Authorized JavaScript origins" in the web client settings use the correct protocol, either \u003ccode\u003ehttp\u003c/code\u003e for local testing or \u003ccode\u003ehttps\u003c/code\u003e for deployed applications.\u003c/p\u003e\n"],["\u003cp\u003eGenerated client IDs are used in both the API backend and the corresponding client application.\u003c/p\u003e\n"]]],[],null,["# Creating client IDs\n\nIf you want to require authentication to access your API backend, you must obtain\nthe required client IDs and supply them to the backend by using the proper API\nannotation attribute.\n\n\n### Android\n\n\nTo create the OAuth 2.0 Android client ID, you need to have a\ncertificate key fingerprint. If you use Android Studio, a debug keystore\nand a debug key are created automatically. You can use the debug key for\ntesting purposes, but you must use a release key for production.\n\n\nNote that the default debug keystore password is `android`, and\nthe key alias is `androiddebugkey`. The default location for Linux\nand macOS is `~/.android/debug.keystore`.\n| **Warning:** When you create a release key, don't use `android` as your release key or keystore password.\n\n1. If you don't already have one, generate a debug or release key for your Android application. If you use Android Studio, it automatically generates a debug key in the debug keystore the first time you build an Android project.\n2. In a Linux or macOS terminal window, you can get the fingerprint of the key by using the `keytool` included with the Java SDK as follows: \n\n ```java\n keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v\n ```\n The output displays a fingerprint similar to the following: `DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09`\n3. Copy and save the key fingerprint that is displayed after your run the preceding `keytool` command. You need to supply the fingerprint to generate the Android client ID in the Google Cloud console.\n4. In the Google Cloud console, go to the **Credentials** page.\n\n [Go to the Credentials page](https://console.cloud.google.com/apis/credentials)\n5. From the projects list, select the project containing your API.\n6. If this is your first time creating a client ID in this project, use the sub-steps to go to the **OAuth consent** page; otherwise, skip to the next step.\n 1. Click **OAuth consent screen**.\n 2. Enter a name in the **Application name** field.\n 3. Fill out the rest of the fields as needed.\n 4. Click **Save**.\n7. In the **Create credentials** drop-down list, select **OAuth client ID**.\n8. Select **Android** as the application type.\n9. In **Name**, enter a name for your client ID.\n10. In **Signing-certificate fingerprint**, enter the fingerprint you obtained previously.\n11. In **Package name** , enter the Android application package name, as specified in your `AndroidManifest.xml` file.\n12. Click **Create** .\n\n\n You use the generated client ID in your API backend and in your client\n application.\n\n### Web client\n\n1. In the Google Cloud console, go to the **Credentials** page.\n\n [Go to the Credentials page](https://console.cloud.google.com/apis/credentials)\n2. From the projects list, select the project containing your API.\n3. If this is your first time creating a client ID in this project, use the sub-steps to go to the **OAuth consent** page; otherwise, skip to the next step.\n 1. Click **OAuth consent screen**.\n 2. Enter a name in the **Application name** field.\n 3. Fill out the rest of the fields as needed.\n 4. Click **Save**.\n4. In the **Create credentials** drop-down list, select **OAuth client ID**.\n5. Select **Web application** as the application type.\n6. In **Name**, enter a name for your client ID.\n7. In **Authorized JavaScript origins** , enter one of the following:\n - `http://localhost:8080` if you are [testing the backend locally](/endpoints/docs/frameworks/java/test-deploy#running_and_testing_api_backends_locally).\n -\n `https://`\u003cvar translate=\"no\"\u003eYOUR_PROJECT_ID\u003c/var\u003e`.appspot.com`,\n replacing \u003cvar translate=\"no\"\u003eYOUR_PROJECT_ID\u003c/var\u003e\n with your App Engine project ID if you are deploying your\n backend API to your production App Engine.\n\n | **Important:** You must specify the site or host name under **Authorized JavaScript origins** using `https` for this to work with Cloud Endpoints, unless you are testing with `localhost`, in which case you must use `http`.\n8. Click **Create** .\n\n\n You use the generated client ID in your API backend and in your client\n application.\n\nWhat's next\n-----------\n\nFor information about how to support authentication in your Android or\nJavaScript application, see the following:\n\n- [Authenticating users](/endpoints/docs/frameworks/java/authenticating-users)\n- [Making authenticated calls from an Android client](/endpoints/docs/frameworks/java/calling-from-android#making_authenticated_calls)"]]
