Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What's the difference between api key, client id and service account?

Tags:

I needed to access a Google's service, i.e. Google Analytics, from my Symfony 2 application, so I had to use the Google api client (version 2). Before accessing Google Analytics' info, I had to create either a api key, a client id or a service account in the Google API Console.

At the end, I created a service account, and a file was downloaded. This file is used by the Google api client to grant access to my Google Analytics account and its respective collected info.

My question are:

  1. What are the differences between api key, client id and service account?

  2. When to create/use one over the other, and why?

I've not seen any exhaustive article which explains what I'm asking in this question.

like image 976
nbro Avatar asked Aug 27 '16 13:08

nbro


People also ask

What is API key ID?

The API key is a unique identifier that authenticates requests associated with your project for usage and billing purposes.

What is service accounts in Google API?

A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs. Typically, service accounts are used in scenarios such as: Running workloads on virtual machines (VMs).

How do I find my API client ID?

Click your profile image at the top right, then select Account settings. Click API keys to view the page that holds your API key and client ID.


2 Answers

This thread is old, but still adding the information. Might help others in future.

Google needs unique identifier to tie it to your project (with your android package) for authentication and to manage traffic or quotas.

Oauth and API key are such unique identifiers.

OAuth 2.0 client IDs: If your application is using OAuth 2.0 protocol, then use OAuth client ID. OAuth is used to create the Access token, which in turn is a unique identifier. However, the user needs to agree a consent. https://developers.google.com/identity/protocols/OAuth2

API keys: An API key is a unique identifier that you generate using the console. The advantage is the user does not require an user action or consent. But you cannot use the API key for authorization unlike OAuth. Use an API key when the data you want is public and does not need a user authentication, such as Google maps.

Service Account : Google APIs such as the Prediction API and Google Cloud Storage can act on behalf of your application without accessing user information. In these situations your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources. For these types of server-to-server interactions you need a service account. https://developers.google.com/identity/protocols/OAuth2#serviceaccount

like image 154
Android4Fun Avatar answered Oct 05 '22 10:10

Android4Fun


The API keys authenticate for APIs that do not access personal data.

The client id authenticates with your Google Account.

The service account authenticates your application when you do not want to use the login data of your own account (or any real persons account).

You still need to add the service account to any Google service you want to access with that service account.

like image 43
Eike Pierstorff Avatar answered Oct 05 '22 09:10

Eike Pierstorff