Setting up authorization for the Cloud Asset API

This page explains how to set up your environment to use OAuth 2.0 and authorize your Cloud Asset API requests.

Authorization protocols

Your application must use OAuth 2.0. to authorize requests. No other authorization protocols are supported.

The Cloud Asset API requires the https://www.googleapis.com/auth/cloud-platform OAuth 2.0 scope.

Setting up your environment

To set up authentication and authorization, set an access token or credential by following the steps for your application type below.

Compute Engine instance

To set up authentication and authorization for your Compute Engine instance:

  1. Set up a token using the following command.

    TOKEN=$(gcloud auth print-access-token)
    

  2. Add the following header to your curl command when calling the Cloud Asset API.

    curl -H "Authorization: Bearer $TOKEN"
    

For more information about using a Compute Engine instance to export asset metadata, see the Cloud Asset Inventory Quickstart.

Local machine

To set up authentication and authorization for your local machine, you'll first need to download the credentials file.

  1. Go to the Credentials page.

  2. In the Create credentials dropdown list, select OAuth client ID.

  3. If you are creating a client ID for a new project, you will be prompted to configure your OAuth consent screen.

    1. Click Configure consent screen and enter your application information into the required fields.

    2. Click Save.

  4. On the Create client ID page, under Application type, select Other.

  5. Enter a name for the credential, then click Create. Close the confirmation dialog that appears.

  6. Save your new Client ID JSON file by clicking Download JSON next to it.

  7. Rename and move the downloaded JSON file so that the path is ~/credentials.json.

To make authorized calls to the Cloud Asset API using the credentials.json file:

  1. Enable Google Oauth 2.0 by installing oauth2l on your local machine.

  2. Add the following headers to your curl command when calling the Cloud Asset API.

    curl -H "$(oauth2l header --json ~/credentials.json \
        cloud-platform)" -H "Content-Type: application/json"
    

For more information, see Calling the Cloud Asset API via a local machine.

Оцените, насколько информация на этой странице была вам полезна:

Оставить отзыв о...

Текущей странице
Resource Manager Documentation