Stay organized with collections
Save and categorize content based on your preferences.
If you want to require authentication to access your API backend, you must obtain
the required client IDs and supply them to the backend by using the proper API
decorator argument.
Android
To create the OAuth 2.0 Android client ID, you need to have a
certificate key fingerprint. If you use Android Studio, a debug keystore
and a debug key are created automatically. You can use the debug key for
testing purposes, but you must use a release key for production.
Note that the default debug keystore password is android, and
the key alias is androiddebugkey. The default location for Linux
and macOS is ~/.android/debug.keystore.
If you don't already have one, generate a debug or release key for your
Android application. If you use Android Studio, it automatically generates a
debug key in the debug keystore the first time you build an Android project.
In a Linux or macOS terminal window, you can get the fingerprint of the
key by using the keytool included with the Java SDK as follows:
The output displays a fingerprint similar to the following:
DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09
Copy and save the key fingerprint that is displayed after your run the preceding
keytool command. You need to supply the fingerprint to
generate the Android client ID in the Google Cloud console.
In the Google Cloud console, go to the Credentials page.
https://YOUR_PROJECT_ID.appspot.com,
replacing YOUR_PROJECT_ID
with your App Engine project ID if you are deploying your
backend API to your production App Engine.
Click Create.
You use the generated client ID in your API backend and in your client
application.
What's next
For information about how to support authentication in your Android or
JavaScript application, see the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eTo secure your API backend, you must obtain and provide client IDs using the appropriate API decorator argument.\u003c/p\u003e\n"],["\u003cp\u003eFor Android applications, a signing-certificate fingerprint is required to create an OAuth 2.0 client ID, obtainable via the \u003ccode\u003ekeytool\u003c/code\u003e command.\u003c/p\u003e\n"],["\u003cp\u003eCreating an Android client ID involves selecting "Android" as the application type and providing the signing-certificate fingerprint and application package name in the Google Cloud console.\u003c/p\u003e\n"],["\u003cp\u003eCreating a web client ID requires selecting "Web application" as the application type, and specifying the authorized JavaScript origins, either for local testing or production deployment, in the Google Cloud console.\u003c/p\u003e\n"],["\u003cp\u003eThe generated client ID, whether for web or Android, is needed in both the API backend and the client application to permit access.\u003c/p\u003e\n"]]],[],null,["# Creating client IDs\n\nIf you want to require authentication to access your API backend, you must obtain\nthe required client IDs and supply them to the backend by using the proper API\n\ndecorator argument.\n\n### Android\n\n\nTo create the OAuth 2.0 Android client ID, you need to have a\ncertificate key fingerprint. If you use Android Studio, a debug keystore\nand a debug key are created automatically. You can use the debug key for\ntesting purposes, but you must use a release key for production.\n\n\nNote that the default debug keystore password is `android`, and\nthe key alias is `androiddebugkey`. The default location for Linux\nand macOS is `~/.android/debug.keystore`.\n| **Warning:** When you create a release key, don't use `android` as your release key or keystore password.\n\n1. If you don't already have one, generate a debug or release key for your Android application. If you use Android Studio, it automatically generates a debug key in the debug keystore the first time you build an Android project.\n2. In a Linux or macOS terminal window, you can get the fingerprint of the key by using the `keytool` included with the Java SDK as follows: \n\n ```python\n keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v\n ```\n The output displays a fingerprint similar to the following: `DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09`\n3. Copy and save the key fingerprint that is displayed after your run the preceding `keytool` command. You need to supply the fingerprint to generate the Android client ID in the Google Cloud console.\n4. In the Google Cloud console, go to the **Credentials** page.\n\n [Go to the Credentials page](https://console.cloud.google.com/apis/credentials)\n5. From the projects list, select the project containing your API.\n6. If this is your first time creating a client ID in this project, use the sub-steps to go to the **OAuth consent** page; otherwise, skip to the next step.\n 1. Click **OAuth consent screen**.\n 2. Enter a name in the **Application name** field.\n 3. Fill out the rest of the fields as needed.\n 4. Click **Save**.\n7. In the **Create credentials** drop-down list, select **OAuth client ID**.\n8. Select **Android** as the application type.\n9. In **Name**, enter a name for your client ID.\n10. In **Signing-certificate fingerprint**, enter the fingerprint you obtained previously.\n11. In **Package name** , enter the Android application package name, as specified in your `AndroidManifest.xml` file.\n12. Click **Create** .\n\n\n You use the generated client ID in your API backend and in your client\n application.\n\n### Web client\n\n1. In the Google Cloud console, go to the **Credentials** page.\n\n [Go to the Credentials page](https://console.cloud.google.com/apis/credentials)\n2. From the projects list, select the project containing your API.\n3. If this is your first time creating a client ID in this project, use the sub-steps to go to the **OAuth consent** page; otherwise, skip to the next step.\n 1. Click **OAuth consent screen**.\n 2. Enter a name in the **Application name** field.\n 3. Fill out the rest of the fields as needed.\n 4. Click **Save**.\n4. In the **Create credentials** drop-down list, select **OAuth client ID**.\n5. Select **Web application** as the application type.\n6. In **Name**, enter a name for your client ID.\n7. In **Authorized JavaScript origins** , enter one of the following:\n - `http://localhost:8080` if you are [testing the backend locally](/endpoints/docs/frameworks/java/test-deploy#running_and_testing_api_backends_locally).\n -\n `https://`\u003cvar translate=\"no\"\u003eYOUR_PROJECT_ID\u003c/var\u003e`.appspot.com`,\n replacing \u003cvar translate=\"no\"\u003eYOUR_PROJECT_ID\u003c/var\u003e\n with your App Engine project ID if you are deploying your\n backend API to your production App Engine.\n\n | **Important:** You must specify the site or host name under **Authorized JavaScript origins** using `https` for this to work with Cloud Endpoints, unless you are testing with `localhost`, in which case you must use `http`.\n8. Click **Create** .\n\n\n You use the generated client ID in your API backend and in your client\n application.\n\nWhat's next\n-----------\n\nFor information about how to support authentication in your Android or\nJavaScript application, see the following:\n\n- [Authenticating users](/endpoints/docs/frameworks/python/authenticating-users)\n- [Making authenticated calls from an Android client](/endpoints/docs/frameworks/python/consume_android#making_authenticated_calls)"]]