アプリケーションによって Resource Manager API に送信されるすべてのリクエストは、API によりアプリケーションを Google に対して識別する必要があります。アプリケーションを識別する方法には、OAuth 2.0 トークンを使用する(リクエストの承認も行う)方法と、アプリケーションの API キーを使用する方法があります(この 2 つは併用できます)。これらのオプションのどちらを使用するかを決定する方法は次のとおりです。
リクエストに承認が必要である場合(個人の限定公開データについてのリクエストなど)、アプリケーションはリクエストとともに OAuth 2.0 トークンを提供する必要があります。アプリケーションが API キーも提供することがありますが、これは必須ではありません。
リクエストに承認が必要でない場合(一般公開データについてのリクエストなど)、アプリケーションは API キーまたは OAuth 2.0 トークンのいずれか、または両方を提供する必要があります。
API キー:
OAuth 2.0 トークンが提供されないリクエストでは、API キーを送信する必要があります。
キーによりプロジェクトが識別され、API アクセス、割り当て、レポートが提供されます。
API は、いくつかのタイプの API キーをサポートします。必要とする API キーのタイプが存在しない場合は、[認証情報作成] > [API キー] をクリックして、コンソールで API キーを作成します。本番環境でそれを使用する前にキーを制限するには、[キーを制限] をクリックして、いずれかの制限を選択します。
[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["わかりにくい","hardToUnderstand","thumb-down"],["情報またはサンプルコードが不正確","incorrectInformationOrSampleCode","thumb-down"],["必要な情報 / サンプルがない","missingTheInformationSamplesINeed","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["その他","otherDown","thumb-down"]],["最終更新日 2025-09-04 UTC。"],[],[],null,["# Authorize requests\n\nWhen your application requests private data, the request must be authorized by an authenticated user who has access to that data.\n\nWhen your application requests public data, the request doesn't need to be authorized, but does need to be accompanied by an identifier, such as an API key.\n\nEvery request your application sends to the Resource Manager API needs to identify your application to Google. There are two ways to identify your application: using an [OAuth 2.0 token](#AboutAuthorization) (which also authorizes the request) and/or using the application's [API key](#APIKey). Here's how to determine which of those options to use:\n\n- If the request requires authorization (such as a request for an individual's private data), then the application must provide an OAuth 2.0 token with the request. The application may also provide the API key, but it doesn't have to.\n- If the request doesn't require authorization (such as a request for public data), then the application must provide either the API key or an OAuth 2.0 token, or both---whatever option is most convenient for you.\n\nAbout authorization protocols\n-----------------------------\n\nYour application must use [OAuth 2.0](https://developers.google.com/identity/protocols/OAuth2) to authorize requests. No other authorization protocols are supported. If your application uses [Sign In With Google](https://developers.google.com/identity/gsi/web), some aspects of authorization are handled for you.\n\nAuthorizing requests with OAuth 2.0\n-----------------------------------\n\nRequests to the Resource Manager API for non-public user data must be authorized by an authenticated user.\n\nThe details of the authorization process, or \"flow,\" for OAuth 2.0 vary somewhat depending on what kind of application you're writing. The following general process applies to all application types:\n\n1. When you create your application, you register it using the [Google Cloud console](https://console.cloud.google.com/). Google then provides information you'll need later, such as a client ID and a client secret.\n2. Activate the Resource Manager API in the Google Cloud console. (If the API isn't listed in the Google Cloud console, then skip this step.)\n3. When your application needs access to user data, it asks Google for a particular **scope** of access.\n4. Google displays a **consent screen** to the user, asking them to authorize your application to request some of their data.\n5. If the user approves, then Google gives your application a short-lived **access token**.\n6. Your application requests user data, attaching the access token to the request.\n7. If Google determines that your request and the token are valid, it returns the requested data.\n\nSome flows include additional steps, such as using **refresh tokens** to acquire new access tokens. For detailed information about flows for various types of applications, see Google's [OAuth 2.0 documentation](https://developers.google.com/identity/protocols/OAuth2).\n\nHere's the OAuth 2.0 scope information for the Resource Manager API:\n\nTo request access using OAuth 2.0, your application needs the scope information, as well as\ninformation that Google supplies when you register your application (such as the client ID and the\nclient secret).\n\n**Tip:** The Google APIs client libraries can handle some of the authorization process for you. They are available for a variety of programming languages; check the [page with libraries and samples](/resource-manager/docs/libraries) for more details.\n\nAcquiring and using an API key\n------------------------------\n\nRequests to the Resource Manager API for public data must be accompanied by an identifier, which can\nbe an [API key](https://developers.google.com/console/help/generating-dev-keys) or an\n[access token](https://developers.google.com/accounts/docs/OAuth2).\n\nTo acquire an API key:\n\n1. Open the [Credentials page](https://console.cloud.google.com/apis/credentials) in the Google Cloud console.\n2. This API supports two types of credentials. Create whichever credentials are appropriate for your project:\n - **OAuth 2.0:** Whenever your application requests private user\n data, it must send an OAuth 2.0 token along with the request. Your\n application first sends a client ID and, possibly, a client secret to\n obtain a token. You can generate OAuth 2.0 credentials for web\n applications, service accounts, or installed applications.\n\n For more information, see the [OAuth 2.0 documentation](https://developers.google.com/identity/protocols/OAuth2).\n - **API keys:**\n\n A request that does not provide an OAuth 2.0 token must send an API\n key.\n\n The key identifies your project and provides API access, quota, and\n reports.\n\n The API supports several types of restrictions on API keys. If the API key that you\n need doesn't already exist, then create an API key in the Console by\n clicking **[Create credentials](https://console.cloud.google.com/apis/credentials) \\\u003e API key** . You can restrict the key before using it\n in production by clicking **Restrict key** and selecting one of the\n **Restrictions**.\n\nTo keep your API keys secure, follow the [best practices for\nsecurely using API keys](//cloud.google.com/docs/authentication/api-keys).\n\nAfter you have an API key, your application can append the query parameter\n`key=`\u003cvar translate=\"no\"\u003eyourAPIKey\u003c/var\u003e to all request URLs.\n\nThe API key is safe for embedding in URLs; it doesn't need any encoding."]]