Using a service account
Using a service account to authenticate is the preferred method. To use a service account to authenticate to the Vision API:
- Follow the instructions to create a service account. Select JSON as your key type.
Once complete, your service account key is downloaded to your browser's default location.
Next, decide whether you'll provide your service account authentication as a bearer token or using application default credentials.
If you're calling the Vision API directly, such as by making an HTTP request
with cURL, you'll pass your authentication as a bearer token in an
Authorization header. To obtain a bearer token using your service account:
- Install the
Authenticate to your service account, replacing
KEY_FILEbelow with the path to your service account key file:
gcloud auth activate-service-account --key-file KEY_FILE
Obtain an authorization token using your service account:
gcloud auth print-access-token
The command returns an access token value.
When calling the API, obtain an authorization token using your service account in an
curl -s -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ "https://vision.googleapis.com/v1/images:annotate" -d @request.json
Application default credentials
If you're using a client library to call the Vision API, use
Application Default Credentials (ADC).
Services using ADC look for credentials within a
environment variable. Unless you specifically wish to have ADC use other
credentials (for example, user credentials), we recommend you set this
environment variable to point to your service account key file.
PATH_TO_KEY_FILE with the path to your JSON service account file.
GOOGLE_APPLICATION_CREDENTIALS should be written out as-is (it's not a
placeholder in the example above).
Using an API key
You can use a Google Cloud Console API key to authenticate to the Vision API.
To do so:
Follow the instructions to create an API key for your Google Cloud Console project.
When making any Vision API request, pass your key as the value of a
keyparameter. For example:
Make sure to read Best practices for securely using API keys to prevent unauthorized use of your API key.