This question might be borderline for here.
I am trying to get the API key for Google Cloud Vision. However, when I go to create an API key, that is not shown (only OAuth and serviced accounts are available).
How can you go around it?
Click the link "Credentials in APIs & Services" to create API Keys.
You'll need to choose the correct project but the link should be:
https://console.cloud.google.com/apis/credentials
API Keys are Project not API specific; the name makes this confusing, admittedly.
However, once you create a Project-specific API key, you can edit and should add API restrictions and you can select the Vision API there.
I encourage you to add Application restrictions too.
CAUTION You want to make the restrictions as restrictive as you possibly can. API Keys are bearer tokens and, by their nature, are often distributed. Anyone that holds the API Key (token) can access the project resources that its use confers.
You can use a Google Cloud console API key to authenticate to the Vision API. Follow the instructionsVision API -> Using an API key and Creating an API key
You can create a Key following the next instructions:
First you need to create a Service account as:
Then you need to specify the Service account name and ID, and you can add a description such as:
You click create and continue then you need to add the roles to the service account that you need just to show you I added Editor role:
Then I clicked done, and it created me a Service account then you need to click on the email of the service account.
There is an option menu on the top you click on Key, and then you click on ADD KEY.
Finally you have to choose the Key type that can be JSON or P12.
Related
I have some previous experience with the youtube and youtube analytics api where there was an option to use https://developers.google.com/oauthplayground/ to essentially create an offline situation for your own user account api access. By creating the key in the developer console you could add that to a custom oAuth credentials. The user account you were logged into would then generate the access token and refresh token needed. I do not see Google Photos API listed as an option here. I would prefer not to create a website just to get a prompt once (myself).
Any help would be greatly appreciated.
If you are specifically after a token to make your own requests to the API, you can still use the OAuth 2.0 playground. You can enter your own scope in the tool under step 1, just below the list of scopes on the left side. (The text box is labelled "Input your own scopes".)
Here you can manually enter a scope that's listed on the "Authentication and authorization scopes" page in the Google Photos Library API developer documentation.
In step 2, you can access a refresh and access tokens and construct your own request in step 3. Note that you won't be able to List possible operations for this API.
Note that you can also specify your own OAuth client ID and client secret from your own Google developers project. You can find this under the "settings" icon on the right, under "Use your own OAuth credentials". Otherwise, tokens are automatically revoked by the playground after a certain amount of time.
However - If you just want to explore the API through the playground, you can use the version that's embedded in the reference documentation. You can find it on each page for a method, for example mediaItems.list. This version includes support for all API methods and makes it easy to construct correct API requests.
I'm trying to make a Django app automatically send invites to BlueJeans video conferences using its API (https://bluejeans.github.io/api-rest-meetings/site/index.html). However, I'm finding it not so straightforward to set this up, and their customer support staff seem to not all be completely familiar with these features either.
When you request to enable API access in BlueJeans, the customer support enables an "OAuth Access" tab with a form which allows you to create an app with a name, description, and 'app key':
My question is: what should I fill in for the "app key"? (I've browsed the OAuth 2.0 RFC but so far haven't been able to apply it to solve this).
From BlueJeans' API documentation (which is shared as a PDF to developers who enable the API for their enterprise account), you can simply 'make up' an 'App Key' on the spot, and BlueJeans will create a corresponding 'App Secret'.
Is anyone aware of any Google API with the user scope (NOT the Admin API in the Directory SDK) that allows you to retrieve the custom employee attributes?
The G+ API seems to skip these
https://developers.google.com/+/web/api/rest/latest/people#resource
Our issue is that we don't want to grant access to the developer console, but rather do this PER-USER. I.E. a user logs into our app and we display to her the custom attributes for her G Suite account, but we do this as her (not as an approved API scope via the dev console).
Leaving this answer for anyone like me who finds this question.
The Directory API allows a user to query the custom attributes for their account even without any admin permissions at all.
https://developers.google.com/admin-sdk/directory/v1/reference/users/get
You need to ensure that projection is set to full and viewType is set to domain_public.
You may need to check the permissions for reading the custom attributes to ensure that a user is allowed to see theirs. We do this in the Google Cloud Directory Sync.
We're using Google Analytics API in our application and perform actions (read data) on behalf of our users (we get their tokens via OAuth2). We use a client id and client secret to authorize our Google API project (application).
The problem is that we're unable to reach this project in Google's developer console, because the user in our Google App account who created this project was deleted. Regardless, the Google API still works (we have the key and the client secret) but we're unable to reach it in the admin section in the browser, but we can't access it because the owner was deleted.
What are the options to recover access to this API project? Is it possible to transfer ownership of this project using Google API? It's running in production so we can't afford to generate a new API project.
Is it perhaps possible to generate a new API project by keeping all our users consents (they authorize their accounts using an authorization popup in our web app)?
EDIT: it's also possible the user still exists, but we don't know who's the owner. Is it possible to retrieve this info using the app's api key/secret?
How to find out who owns your credentials.
Authenticate your application the pop up window will appear. Click on the name of the application the little arrow and a drop down will apear with the email address of the developer who owns the project.
If you have lost access to this account i am not aware of any way of getting access back. However for the sake of curiosity i am going to contact someone at Google and find out if they have a procedure for account recovery or not. I will update this when i hear back.
If the account that has a credential was a gsuite user then we can transfer the project to the admin of the domain.
Have the admin of the GSuite contact me with information on the project, client id, email of the user who was deleted. We can then add the admin of the gSuite as the owner of the project.
From the question, this was likely a gsuite user because even after the account is deleted, the project was not deleted.
I currently have a Mirror API only application that I am transitioning to a Hybrid (Mirror API + GDK App). The Mirror section of the application has the needed credentials and on new installs I am able to create the account (using the Account Manager system https://developers.google.com/glass/develop/gdk/authentication).
However, the Account insert call that happens from the Mirror API needs the userToken. The userToken is only provided on the initial authentication request from Google (and it specifically says not to save the userToken).
Is there some other identifier I can use in order to create the accounts? I'd like to back fill the account credentials for my existing users to make the transition to a hybrid application as smooth as possible.
It sounds like you're asking for a way to create accounts on Glass automatically for existing users of your application, correct?
Unfortunately, that's not possible; as you found out, a call to mirror.accounts.insert can only be made using the userToken that you receive from the MyGlass redirect. In order to create an account on the device for the GDK component of the application, your users will need to disable and then re-enable your Glassware so that they are redirected through your new authorization flow.