Authenticating to the Cloud Video Intelligence API

This page describes what a service account is, how to create one to authenticate requests to Cloud Video Intelligence, and how to use your service account to set Application Default Credentials.

To allow your application code to use the Cloud Video Intelligence API, you must set up the proper credentials for your application to authenticate its identity to the service and to obtain authorization to perform tasks. (These credential-related mechanisms are known as auth schemes.)

Google Cloud Platform API authentication and authorization (commonly grouped together as "auth") is typically done using a service account. A service account allows your code to send application credentials directly to the Cloud Video Intelligence API. A service account, like a user account, is represented by an email address. Unlike a user account, a service account belongs only to an application.

Enabling the API

Before you can authenticate, you must first enable the Cloud Video Intelligence API.

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. Select or create a GCP project.

    Go to the project selector page

  3. Make sure that billing is enabled for your Google Cloud Platform project.

    Learn how to enable billing

  4. Enable the Cloud Video Intelligence API.

    Enable the API

  5. Set up authentication:
    1. In the GCP Console, go to the Create service account key page.

      Go to the Create Service Account Key page
    2. From the Service account list, select New service account.
    3. In the Service account name field, enter a name.
    4. Don't select a value from the Role list. No role is required to access this service.
    5. Click Create. A note appears, warning that this service account has no role.
    6. Click Create without role. A JSON file that contains your key downloads to your computer.
  6. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the file path of the JSON file that contains your service account key. This variable only applies to your current shell session, so if you open a new session, set the variable again.

  7. Install and initialize the Cloud SDK.

Creating a service account in the GCP Console

To create a service account using the Google Cloud Platform Console, do the following:

  1. From the GCP Console Credentials page, select Create credentials > Service account key.

  2. Next, under Service account select New service account.

  3. In the Service account name box, enter a name for your service account. This name is used as the default name for your Service account ID (to the left of the "@" in the generated service account ID address), but you can change this service account ID name. These names can be arbitrary; it is only important that you remember them.

  4. Under Key type select JSON for most new projects.

  5. Click Create.

The GCP Console then generates a JSON key (as a .json text file), prompts you to download the file to your computer, and displays a Service account created dialog box.

The generated JSON key will be similar to the following sample JSON key:

{
  "type": "service_account",
  "project_id": "project-id",
  "private_key_id": "some_number",
  "private_key": "-----BEGIN PRIVATE KEY-----\n....
  =\n-----END PRIVATE KEY-----\n",
  "client_email": "<api-name>api@project-id.iam.gserviceaccount.com",
  "client_id": "...",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/...<api-name>api%40project-id.iam.gserviceaccount.com"
}

Store this JSON file securely, as it contains your private key (and this file is the only copy of that key). You must refer to this service account key file within your code when you send annotation requests to Cloud Video Intelligence API.

Authenticating with Application Default Credentials

The simplest way for applications to authenticate to Cloud Video Intelligence API is by using Application Default Credentials (ADC). Services using ADC first search for credentials within a GOOGLE_APPLICATION_CREDENTIALS environment variable. Unless you specifically require ADC to use other credentials (for example, user credentials), you should set this environment variable to point to your service account key file (the .json file downloaded when you created a service account key.

$ export GOOGLE_APPLICATION_CREDENTIALS=path_to_service_account_file
هل كانت هذه الصفحة مفيدة؟ يرجى تقييم أدائنا:

إرسال تعليقات حول...

Cloud Video Intelligence API Documentation