Using the Cloud SQL API

Cloud SQL provides a REST API for administering your instances programmatically. The REST API is defined by BackupRuns, Databases, Instances, Flags, Operations, SslCerts, Tiers, and Users resources. Each resource supports methods for accessing and working with it. For example, the Instances resource supports methods such as get, insert, and list. For details of all the resources and their methods, see the Cloud SQL Admin API Reference.

When you send requests directly to the Cloud SQL REST API, you must create the correct form of the request, authorize the request as an authenticated user, and process any responses returned. Many of the tasks in this documentation provide API examples using cURL.

For more examples of using the APIs, see the page for the request in the Cloud SQL Admin API Reference. Each page has examples calling the API in several programming languages, as well as a request-specific Explorer to help you see what goes into a well-formed request and what to expect in the response.

You are also using the Cloud SQL Admin API, indirectly, when you use any of the following ways of administering instances:

The advantage of using these methods, especially the Google Cloud Platform Console, is that they can greatly simplify administering your instances (depending on your use case). If you are just starting out with Cloud SQL, we recommend that you start with one of these tools first before working with the REST API directly.

Enabling the API

To use the Cloud SQL Admin API, you need to enable it in the Google Cloud Platform Console:

Enable the Cloud SQL Admin API.

Enable the API

Authorizing requests

Every request your application sends to the Cloud SQL Admin API must include an authorization token. The token also identifies your application to Google.

About authorization protocols

Your application must use OAuth 2.0 to authorize requests. No other authorization protocols are supported. If your application uses Google Sign-In, some aspects of authorization are handled for you.

Authorizing requests with OAuth 2.0

All requests to the Cloud SQL Admin API must be authorized by an authenticated user.

The details of the authorization process, or "flow," for OAuth 2.0 vary somewhat depending on what kind of application you're writing. The following general process applies to all application types:

  1. When you create your application, you register it using the Google Cloud Platform Console. Google then provides information you'll need later, such as a client ID and a client secret.
  2. Activate the Cloud SQL Admin API in the Google Cloud Platform Console. (If the API isn't listed in the GCP Console, then skip this step.)
  3. When your application needs access to user data, it asks Google for a particular scope of access.
  4. Google displays a consent screen to the user, asking them to authorize your application to request some of their data.
  5. If the user approves, then Google gives your application a short-lived access token.
  6. Your application requests user data, attaching the access token to the request.
  7. If Google determines that your request and the token are valid, it returns the requested data.

Some flows include additional steps, such as using refresh tokens to acquire new access tokens. For detailed information about flows for various types of applications, see Google's OAuth 2.0 documentation.

Here's the OAuth 2.0 scope information for the Cloud SQL Admin API:

Scope Meaning
https://www.googleapis.com/auth/sqlservice.admin Read/write access to Cloud SQL for PostgreSQL.
https://www.googleapis.com/auth/cloud-platform Instances.import and Instances.export need this additional scope.

To request access using OAuth 2.0, your application needs the scope information, as well as information that Google supplies when you register your application (such as the client ID and the client secret).

Permissions

In addition to authorization, the project member must have the required permissions for the API request. For more information, see Project Access Control.

API examples

You can see examples of using the API with cURL in the How-to Guides for this documentation set.

Providing JSON data from a file

When you use the API with cURL, you provide property values using the command line. If you are working with sensitive values such as passwords or security keys, providing them on the command line poses a security risk. For increased security, you can create a file containing the JSON data for the API call, and provide the path to the file on the command line.

To provide JSON data to your cURL API call from a file:

  1. Create a file containing everything enclosed in the single quotes for the --data field.

    Include the curly brackets, but do not include the single quotes.

  2. At the command line, provide the path to the file, preceded by the @ character, as the --data parameter:

    --data @<path-to-file>/<filename>
    

For example, to create a database user, you could create a file named data.json with the following content:

{"host": "%", "name": "user1", "password": "abc123"}

Then you would use the following cURL command at the command line:

curl --header "Authorization: Bearer ${ACCESS_TOKEN}" \
     --header 'Content-Type: application/json' \
     --data @./data.json \
     -X POST \
     https://www.googleapis.com/sql/v1beta4/projects/myProject/instances/myInstance/users

Working with long-running API calls

Some API calls, such as object creation, can take some time to complete. Because the API is asynchronous, the call returns immediately, even if the operation is still in progress. If a subsequent API call uses the newly created object, you must wait for the first operation to complete before proceeding.

You can wait programmatically by using the operation resource, which is returned for all insert calls. Provide the value of the name property to the operation get method and inspect the status of the operation, When the status property changes from PENDING to DONE, you can access the newly created object.

Cloud SQL and Google APIs Discovery Service

Google APIs Discovery Service is a service that you can use to discover Google APIs. For example, when you use the Google APIs Explorer tool, you are using the Discovery Service. In the Discovery Service, Cloud SQL is represented as "sqladmin" (for example: https://www.googleapis.com/discovery/v1/apis/sqladmin/{{api_ver sion}}/sql.operation). This is different than the base path "sql" that you use in requests to the REST API (for example: https://www.googleapis.com/sql/v1beta4/projects/example -id/instances).

Some client libraries also use the Discovery Service. In the client creation code, be sure to use "sqladmin" to access the correct discovery document. For more information, see Client Libraries.

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud SQL for PostgreSQL