Authenticating to the Cloud Video Intelligence API

This page describes what a service account is, how to create one to authenticate requests to Cloud Video Intelligence, and how to use your service account to set Application Default Credentials.

To allow your application code to use the Cloud Video Intelligence API, you must set up the proper credentials for your application to authenticate its identity to the service and to obtain authorization to perform tasks. (These credential-related mechanisms are known as auth schemes.)

Google Cloud Platform API authentication and authorization (commonly grouped together as "auth") is typically done using a service account. A service account allows your code to send application credentials directly to the Cloud Video Intelligence API. A service account, like a user account, is represented by an email address. Unlike a user account, a service account belongs only to an application.

Enabling the API

Before you can authenticate, you must first enable the Cloud Video Intelligence API.

  1. Accede a tu Cuenta de Google.

    Si todavía no tienes una cuenta, regístrate para obtener una nueva.

  2. Selecciona o crea un proyecto de GCP.

    Ir a la página Administrar recursos

  3. Comprueba que la facturación esté habilitada en tu proyecto.

    Descubre cómo puedes habilitar la facturación

  4. Habilita las Cloud Video Intelligence API necesarias.

    Habilita las API

  5. Configura la autenticación:
    1. En GCP Console, ve a la página Crear clave de la cuenta de servicio.

      Ir a la página Crear clave de la cuenta de servicio
    2. Desde la lista desplegable de la Cuenta de servicio, selecciona Nueva cuenta de servicio.
    3. En el campo Nombre de cuenta de servicio, ingresa un nombre.
    4. No selecciones un valor en la lista desplegable Función. No se necesita una función para acceder a este servicio.
    5. Haz clic en Crear. Aparece una nota que advierte que esta cuenta de servicio no tiene función.
    6. Haz clic en Crear sin función. Se descargará un archivo JSON a tu computadora que contiene tus descargas de claves.
  6. Configura la variable de entorno GOOGLE_APPLICATION_CREDENTIALS con la ruta de acceso al archivo JSON que contiene la clave de tu cuenta de servicio. Esta variable solo se aplica a tu sesión actual de shell. Por lo tanto, si abres una sesión nueva, deberás volver a configurar la variable.

  7. Realiza la instalación y la inicialización del SDK de Cloud.

Creating a service account in the GCP Console

To create a service account using the Google Cloud Platform Console, do the following:

  1. From the GCP Console Credentials page, select Create credentials > Service account key.

  2. Next, under Service account select New service account.

  3. In the Service account name box, enter a name for your service account. This name is used as the default name for your Service account ID (to the left of the "@" in the generated service account ID address), but you can change this service account ID name. These names can be arbitrary; it is only important that you remember them.

  4. Under Key type select JSON for most new projects.

  5. Click Create.

The GCP Console then generates a JSON key (as a .json text file), prompts you to download the file to your computer, and displays a Service account created dialog box.

The generated JSON key will be similar to the following sample JSON key:

{
  "type": "service_account",
  "project_id": "project-id",
  "private_key_id": "some_number",
  "private_key": "-----BEGIN PRIVATE KEY-----\n....
  =\n-----END PRIVATE KEY-----\n",
  "client_email": "<api-name>api@project-id.iam.gserviceaccount.com",
  "client_id": "...",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/...<api-name>api%40project-id.iam.gserviceaccount.com"
}

Store this JSON file securely, as it contains your private key (and this file is the only copy of that key). You must refer to this service account key file within your code when you send annotation requests to Cloud Video Intelligence API.

Authenticating with Application Default Credentials

The simplest way for applications to authenticate to Cloud Video Intelligence API is by using Application Default Credentials (ADC). Services using ADC first search for credentials within a GOOGLE_APPLICATION_CREDENTIALS environment variable. Unless you specifically require ADC to use other credentials (for example, user credentials), you should set this environment variable to point to your service account key file (the .json file downloaded when you created a service account key.

$ export GOOGLE_APPLICATION_CREDENTIALS=path_to_service_account_file
¿Te ha resultado útil esta página? Enviar comentarios:

Enviar comentarios sobre...

Cloud Video Intelligence API Documentation