Tại sao file google service thiếu api key
These instructions apply for non Google Cloud Platform (GCP) APIs. If you're building a GCP application, see using API keys for GCP.
Show
If your client application does not use OAuth 2.0, then it must include an API key when it calls an API that's enabled within a Google Cloud Platform project. The application passes this key into all API requests as a To create your application's API key:
Note: In addition to reading the instructions on this page, be sure to read Best practices for securely using API keys. This page provides background information on API keys and authentication: how each of these are used, the differences between them, and the scenarios where you should consider using API keys. API keys are for projects, authentication is for usersCloud Endpoints handles both API keys and authentication schemes, such as Firebase or Auth0. The main distinction between these two is:
API keys provide project authorizationTo decide which scheme is most appropriate, it's important to understand what API keys and authentication can provide. API keys provide
API keys aren't as secure as authentication tokens (see Security of API keys), but they identify the application or project that's calling an API. They are generated on the project making the call, and you can restrict their use to an environment such as an IP address range, or an Android or iOS app. By identifying the calling project, you can use API keys to associate usage information with that project. API keys allow the Extensible Service Proxy (ESP) to reject calls from projects that haven't been granted access or enabled in the API.Authentication of usersBy contrast, authentication schemes typically serve two purposes:
Authentication schemes provide a secure way of identifying the calling user. Endpoints also checks the authentication token to verify that it has permission to call an API. Based on that authentication, the API server decides on authorizing a request. If you need the ability to identify the user making the call, see Authenticating users. While API keys identify the calling project, they don't identify the calling user. For instance, if you have created an application that is calling an API, an API key can identify the application that is making the call, but not the identity of the person who is using the application. If you need a more secure way to limit which projects or services can call your API, see Authentication between services. Security of API keysAPI keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the project owner revokes or regenerates the key. While the restrictions you can set on an API key mitigate this, there are better approaches for authorization. For examples, see Authenticating users. When to use API keysAn API may restrict some or all of its methods to require API keys. It makes sense to do this if:
RESTFor more information about adding IP address restrictions to a key using the REST API, see Adding server restrictions in the API Key API documentation. Android appsYou can restrict usage of an API key to specific Android apps. You must provide the package name and the 20-byte SHA-1 certificate fingerprint for each app. To restrict your API key to one or more Android apps, use one of the following options: For more information about adding Android app restrictions to a key using the REST API, see Adding Android restrictions in the API Key API documentation. iOS appsYou can restrict usage of an API key to specific iOS apps by providing the bundle ID of each app. To restrict your API key to one or more iOS apps, use one of the following options:
curl -X POST \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json; charset=utf-8" \
-d {'"displayName" : "DISPLAY_NAME"'} \
"https://apikeys.googleapis.com/v2/projects/PROJECT/locations/global/keys"
3 For more information about adding iOS app restrictions to a key using the REST API, see Adding iOS restrictions in the API Key API documentation. Add API restrictionsAPI restrictions specify which APIs can be called using the API key. Note: Before you can specify an API for an API restriction, the API must be enabled for your project. To enable an API, go to the API dashboard.To add API restrictions, use one of the following options: For more information about adding API restrictions to a key using the REST API, see Adding API restrictions in the API Key API documentation. Get project information from a key stringYou can determine which Google Cloud project an API key is associated with from its string. Replace curl -X POST \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d {'"displayName" : "DISPLAY_NAME"'} \ "https://apikeys.googleapis.com/v2/projects/PROJECT/locations/global/keys" 02 with the key string you need project information for. You use the gcloud alpha services api-keys lookup command to get the project ID from a key string. curl -X POST \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json; charset=utf-8" \
-d {'"displayName" : "DISPLAY_NAME"'} \
"https://apikeys.googleapis.com/v2/projects/PROJECT/locations/global/keys"
9 You use the lookupKey method to get the project ID from a key string. POST https://language.googleapis.com/v1/documents:analyzeEntities?key=API_KEY0 Poll long-running operationsAPI Key API methods use long-running operations. If you use the REST API to create and manage API keys, an operation object is returned from the initial method request. You use the operation name to poll the long-running operation. When the long-running request completes, polling the operation returns the data from the long-running request. To poll a long-running API Key API operation, you use the curl -X POST \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d {'"displayName" : "DISPLAY_NAME"'} \ "https://apikeys.googleapis.com/v2/projects/PROJECT/locations/global/keys" 03 method. Replace curl -X POST \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d {'"displayName" : "DISPLAY_NAME"'} \ "https://apikeys.googleapis.com/v2/projects/PROJECT/locations/global/keys" 04 with the operation name returned by the long-running operation. For example, curl -X POST \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json; charset=utf-8" \ -d {'"displayName" : "DISPLAY_NAME"'} \ "https://apikeys.googleapis.com/v2/projects/PROJECT/locations/global/keys" 05. POST https://language.googleapis.com/v1/documents:analyzeEntities?key=API_KEY1 Limits on API keysYou can create up to 300 API keys per project. This limit is a system limit, and cannot be changed using a quota increase request. |