We recommend that you use a service account for authentication when you integrate with the Google Spectrum Access System (SAS) Portal API.
Set up a service account
To use a service account for authentication, complete the following steps:
- Create a service account.
Create your service account key and select JSON as your key type.
After you complete this step, your service account key is downloaded to your browser's default location.
Grant the Project Owner role to the service account.
Obtain a bearer token
You need to provide your service account authentication as a bearer token. If
you call the SAS Portal API directly, such as by making an HTTP
request with curl, you pass your authentication as a bearer token in the
Authorization header.
To obtain a bearer token with your service account, follow these steps:
In the gcloud CLI, authenticate to your service account:
gcloud auth activate-service-account --key-file ${KEY_FILE}Replace
${KEY_FILE}with the path to your service account key file.Use your service account to obtain an authorization token:
gcloud auth print-access-token
The command returns an access token value.
When you use the API, pass the token value as a bearer token in an
Authorizationheader. The following code sample shows how to pass the token value as a bearer token:curl -X GET -H "X-Goog-User-Project: ${CLIENT_PROJECT}" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${TOKEN}" \ "https://sasportal.googleapis.com/v1alpha1/customers"Replace the following:
${CLIENT_PROJECT}: the ID of the Google Cloud project from which you make the requests${TOKEN}: the authorization token
What's next
- To get an overview of the SAS Portal API, see Google SAS Portal API overview.
- For information about each API, see the Customers and Device Manager API pages.
- For examples of how to use the API, see API code samples.
- For reference documentation, see APIs and reference.