向 Video Intelligence API 进行身份验证

本页介绍了什么是服务账号,如何创建账号以对 Video Intelligence API 的请求进行身份验证,以及如何使用服务账号设置应用默认凭据

要允许您的应用代码使用 Video Intelligence API,您必须为应用设置适当的凭据,以便向服务验证其身份并获得执行任务的授权。(这些凭据相关机制称为身份验证方案。)

Google Cloud API 身份验证和授权(通常分组为“身份验证”)通常使用服务账号来完成。通过服务账号,您的代码可以将应用凭据直接发送到 Video Intelligence API。与用户账号类似,服务账号由电子邮件地址表示。与用户账号不同,服务账号仅与应用相关联。

启用 API

您必须先启用 Video Intelligence API,然后才能进行身份验证。

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Cloud Video Intelligence API.

    Enable the API

  5. Create a service account:

    1. In the Google Cloud console, go to the Create service account page.

      Go to Create service account
    2. Select your project.
    3. In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

      In the Service account description field, enter a description. For example, Service account for quickstart.

    4. Click Create and continue.
    5. Click Done to finish creating the service account.

      Do not close your browser window. You will use it in the next step.

  6. Create a service account key:

    1. In the Google Cloud console, click the email address for the service account that you created.
    2. Click Keys.
    3. Click Add key, and then click Create new key.
    4. Click Create. A JSON key file is downloaded to your computer.
    5. Click Close.
  7. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again.

  8. Install the Google Cloud CLI.
  9. To initialize the gcloud CLI, run the following command:

    gcloud init
  10. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  11. Make sure that billing is enabled for your Google Cloud project.

  12. Enable the Cloud Video Intelligence API.

    Enable the API

  13. Create a service account:

    1. In the Google Cloud console, go to the Create service account page.

      Go to Create service account
    2. Select your project.
    3. In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

      In the Service account description field, enter a description. For example, Service account for quickstart.

    4. Click Create and continue.
    5. Click Done to finish creating the service account.

      Do not close your browser window. You will use it in the next step.

  14. Create a service account key:

    1. In the Google Cloud console, click the email address for the service account that you created.
    2. Click Keys.
    3. Click Add key, and then click Create new key.
    4. Click Create. A JSON key file is downloaded to your computer.
    5. Click Close.
  15. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again.

  16. Install the Google Cloud CLI.
  17. To initialize the gcloud CLI, run the following command:

    gcloud init

在 Google Cloud 控制台中创建服务账号

如需使用 Google Cloud 控制台创建服务账号,请执行以下操作:

  1. 在 Google Cloud 控制台的凭据页面中,依次选择创建凭据 > 服务账号密钥

  2. 接下来,在服务账号下选择新建服务账号

  3. 服务账号名称框中,输入服务账号的名称。此名称用作服务账号 ID 的默认名称(在生成的服务账号 ID 地址中位于“@”左侧),但您可以更改此服务账号 ID 名称。这些名称可任意设置;只要您能记住就行。

  4. 密钥类型下,为大多数新项目选择 JSON

  5. 点击创建

然后,Google Cloud 控制台会生成一个 JSON 密钥(作为 .json 文本文件),提示您将文件下载到计算机,并显示服务账号已创建对话框。

生成的 JSON 密钥将类似于以下示例 JSON 密钥:

{
  "type": "service_account",
  "project_id": "PROJECT_ID",
  "private_key_id": "SOME_NUMBER",
  "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
  "client_email": "SERVICE_ACCOUNT_EMAIL",
  "client_id": "...",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"
}

安全存储该 JSON 文件,因为其中包含您的私钥(而且该文件是该密钥的唯一副本)。向 Video Intelligence API 发送注释请求时,您必须在代码中引用此服务账号密钥文件。

使用应用默认凭据进行身份验证

要使应用对 Video Intelligence API 进行身份验证,最简单的方法是使用应用默认凭据(ADC)。使用 ADC 的服务首先在 GOOGLE_APPLICATION_CREDENTIALS 环境变量中搜索凭据。除非您明确要求 ADC 使用其他凭据(如用户凭据),否则您应该将此环境变量设置为指向您的服务账号密钥文件(创建服务账号密钥时下载的 .json 文件。

$ export GOOGLE_APPLICATION_CREDENTIALS=PATH_TO_SERVICE_ACCOUNT_FILE