Authenticating to the Video Intelligence API

This page describes what a service account is, how to create one to authenticate requests to the Video Intelligence API, and how to use your service account to set Application Default Credentials.

To allow your application code to use the Video Intelligence API, you must set up the proper credentials for your application to authenticate its identity to the service and to obtain authorization to perform tasks. (These credential-related mechanisms are known as auth schemes.)

Google Cloud API authentication and authorization (commonly grouped together as "auth") is typically done using a service account. A service account allows your code to send application credentials directly to the Video Intelligence API. A service account, like a user account, is represented by an email address. Unlike a user account, a service account is associated only with an application.

Enabling the API

Before you can authenticate, you must first enable the Video Intelligence API.

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Cloud Video Intelligence API.

    Enable the API

  5. Create a service account:

    1. In the Google Cloud console, go to the Create service account page.

      Go to Create service account
    2. Select your project.
    3. In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

      In the Service account description field, enter a description. For example, Service account for quickstart.

    4. Click Create and continue.
    5. Click Done to finish creating the service account.

      Do not close your browser window. You will use it in the next step.

  6. Create a service account key:

    1. In the Google Cloud console, click the email address for the service account that you created.
    2. Click Keys.
    3. Click Add key, and then click Create new key.
    4. Click Create. A JSON key file is downloaded to your computer.
    5. Click Close.
  7. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again.

  8. Install the Google Cloud CLI.
  9. To initialize the gcloud CLI, run the following command:

    gcloud init
  10. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  11. Make sure that billing is enabled for your Google Cloud project.

  12. Enable the Cloud Video Intelligence API.

    Enable the API

  13. Create a service account:

    1. In the Google Cloud console, go to the Create service account page.

      Go to Create service account
    2. Select your project.
    3. In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

      In the Service account description field, enter a description. For example, Service account for quickstart.

    4. Click Create and continue.
    5. Click Done to finish creating the service account.

      Do not close your browser window. You will use it in the next step.

  14. Create a service account key:

    1. In the Google Cloud console, click the email address for the service account that you created.
    2. Click Keys.
    3. Click Add key, and then click Create new key.
    4. Click Create. A JSON key file is downloaded to your computer.
    5. Click Close.
  15. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again.

  16. Install the Google Cloud CLI.
  17. To initialize the gcloud CLI, run the following command:

    gcloud init

Creating a service account in the Google Cloud console

To create a service account using the Google Cloud console, do the following:

  1. From the Google Cloud console Credentials page, select Create credentials > Service account key.

  2. Next, under Service account select New service account.

  3. In the Service account name box, enter a name for your service account. This name is used as the default name for your Service account ID (to the left of the "@" in the generated service account ID address), but you can change this service account ID name. These names are arbitrary; it is only important that you remember them.

  4. Under Key type select JSON for most new projects.

  5. Click Create.

The Google Cloud console then generates a JSON key (as a .json text file), prompts you to download the file to your computer, and displays a Service account created dialog box.

The generated JSON key will be similar to the following sample JSON key:

{
  "type": "service_account",
  "project_id": "PROJECT_ID",
  "private_key_id": "SOME_NUMBER",
  "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
  "client_email": "SERVICE_ACCOUNT_EMAIL",
  "client_id": "...",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"
}

Store this JSON file securely, as it contains your private key (and this file is the only copy of that key). You must refer to this service account key file within your code when you send annotation requests to Video Intelligence API.

Authenticating with Application Default Credentials

The simplest way for applications to authenticate to Video Intelligence API is by using Application Default Credentials (ADC). Services using ADC first search for credentials within a GOOGLE_APPLICATION_CREDENTIALS environment variable. Unless you specifically require ADC to use other credentials (for example, user credentials), you should set this environment variable to point to your service account key file (the .json file downloaded when you created a service account key.

$ export GOOGLE_APPLICATION_CREDENTIALS=PATH_TO_SERVICE_ACCOUNT_FILE