Creating client IDs

If you want to require authentication to access your API backend, you must obtain the required client IDs and supply them to the backend by using the proper API annotation attribute.

Android

To create the OAuth 2.0 Android client ID, you need to have a certificate key fingerprint. If you use Android Studio, a debug keystore and a debug key are created automatically. You can use the debug key for testing purposes, but you must use a release key for production.

Note that the default debug keystore password is android, and the key alias is androiddebugkey. The default location for Linux and macOS is ~/.android/debug.keystore.

If you don't already have one, generate a debug or release key for your Android application. If you use Android Studio, it automatically generates a debug key in the debug keystore the first time you build an Android project.
In a Linux or macOS terminal window, you can get the fingerprint of the key by using the keytool included with the Java SDK as follows:
```
keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v
```
The output displays a fingerprint similar to the following: DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09
Copy and save the key fingerprint that is displayed after your run the preceding keytool command. You need to supply the fingerprint to generate the Android client ID in the Google Cloud console.
In the Google Cloud console, go to the Credentials page.
Go to the Credentials page
From the projects list, select the project containing your API.
If this is your first time creating a client ID in this project, use the sub-steps to go to the OAuth consent page; otherwise, skip to the next step.

Click OAuth consent screen.
Enter a name in the Application name field.
Fill out the rest of the fields as needed.
Click Save.

In the Create credentials drop-down list, select OAuth client ID.
Select Android as the application type.
In Name, enter a name for your client ID.
In Signing-certificate fingerprint, enter the fingerprint you obtained previously.
In Package name, enter the Android application package name, as specified in your AndroidManifest.xml file.
Click Create.
You use the generated client ID in your API backend and in your client application.

Web client

In the Google Cloud console, go to the Credentials page.
Go to the Credentials page
From the projects list, select the project containing your API.
If this is your first time creating a client ID in this project, use the sub-steps to go to the OAuth consent page; otherwise, skip to the next step.

Click OAuth consent screen.
Enter a name in the Application name field.
Fill out the rest of the fields as needed.
Click Save.

In the Create credentials drop-down list, select OAuth client ID.
Select Web application as the application type.
In Name, enter a name for your client ID.
In Authorized JavaScript origins, enter one of the following:
- http://localhost:8080 if you are testing the backend locally.
- https://YOUR_PROJECT_ID.appspot.com, replacing YOUR_PROJECT_ID with your App Engine project ID if you are deploying your backend API to your production App Engine.
  
  Important: You must specify the site or host name under Authorized JavaScript origins using https for this to work with Cloud Endpoints, unless you are testing with localhost, in which case you must use http.
Click Create.
You use the generated client ID in your API backend and in your client application.

What's next

For information about how to support authentication in your Android or JavaScript application, see the following: