What is the difference between these 2 APIs and what do they each allow you to do?
I've tried Googling, searching the GCP docs and running some tests in the console.
The API Library console page does not have very descriptive descriptions [see screenshot].
If I leave both of those APIs disabled, I can still create a SQL instance! Creating a SQL instance only appears to need the Compute Engine API.
If I need to use the Python libraries to query the instance(s) for its attributes, the error message tells me that the SQL Admin API (sqladmin.googleapis.com) needs to be enabled. However, there's a twist. The API only needs to be enabled in the Project that's set in my ADC, not in the (other) Project that I'm actually querying.
Cloud SQL Admin API aka sqladmin.googleapis.com is the correct api to use. You can also look at the documentation page for all the actions this API supports. You can ignore the Cloud SQL aka sql-component.googleapis.com. It is an obsolete api that does nothing.
Admin API is for administering your instances programmatically. The REST API is defined by BackupRuns, Databases, Instances, Flags, Operations, SslCerts, Tiers, and Users resources. You can check the details here. As you have correctly noticed this api is not required for creating Cloud SQL instances but it is required for other features like Flags, Certs BackupRuns etc.
Related
I have an account that is the verified owner for a property listed in the Google Search Console. I'm working to set up API access to it. I have a principal created that has access to each of the Google Cloud projects that I intend to query the data from. I've enabled the Google Search Console API for each of these projects.
After I authenticate the principal via OAuth2 and use the access token (including the 'https://www.googleapis.com/auth/webmasters.readonly' scope) to make a POST request to the query endpoint, I get an error message back that reads in part:
Google Search Console API has not been used in project 256595xxxxxx before or it is disabled
I searched this number in my Google Cloud Console and manually clicked through each of my properties and it doesn't match any of the projects on my account. How do I identify which project this number is referring to and/or how do I change it to point to one of my own Google Cloud properties so I might access its API?
Note: This answer speaks to what it is I'm trying to do (but with Google Search Console API), except that the error doesn't reflect my project ID, so I'm stumped about how to move forward with enabling the API on it.
This didn't take long to solve. After listing all the projects in the Google Cloud CLI per the first half of the instruction here, I was able to identify the project as that which is used as the service principal to do the authentication in the first place (and not actually an account I intend to export any of the data to).
Assume that there is an application, SPA, that uses Google OAuth2.0 to access the Google Drive API.
Reading the docs, the application flow seems familiar enough on the client-side specially with Google's JavaScript library for authentication. However, I have stumbled upon a roadblock during application registration phase.
When creating the credentials for our client application, I am redirected to fill out the form at the OAuth Consent Screen first. There, among other things it demands us to declare whether the application is in Testing or In Production phase, so it can decide whether the app will be available to everyone or to Test Users only.
Assume I create a project for our application and set it on testing at first and then change it to production once I am ready to publish (with a new set of credentials as well).
My question is this. What if development continues on the application for new features while one instance of the app is in production? During development and testing I would need to restrict the application to my Test Users alone. Since the OAuth consent screen is project specific, not credential specific, will I require multiple projects on the console for every environment in which the application is running?
As in,
Project MyAppTesting will permanently remain in testing mode and will denote our development/testing branch.
Project MyAppProduction is always in production and denotes my production branch.
Similarly for the mobile client:
A MyMobileAppDev project having credentials configured with the debug keystore hash
A MyMobileAppProd project having credentials configured with the production keystore hash.
(both sets of credentials share the same package name).
Is this the idiomatic way? I failed to find any documentation on the matter. Please advise.
What #JohnHanley stated is the best way and the best practice when deploying application/s in GCP.
You can create multiple projects and create different Oauth for each of the projects. Check out this link on service accounts.
In addition to that, there are also some pros and cons when it comes to billing.
Pros:
Users consider having multiple billing accounts with respective projects assigned for each account to be able to see their billing details separately. In this way you can monitor the billing for each of the respective projects for each account.
Cons:
Attaching all the projects to one billing account, however, the billing reports will show all of the sum of the cost for all the projects, but you can still use the filter menu to be able to see the charges for each project.
I have multiple GCP projects, And I want to setup a multi-projects monitoring workspace for my environment. I would like to add all un-monitored projects to the workspace that I have already created, but via an API so that this job is automated.
Via console I know that it's possible using this link's setup (https://cloud.google.com/monitoring/workspaces/create#add-monitored-project) But how can I achieve this via an API?
Please can someone provide any inputs here.
You can manage Dashboard via API, and list services in the workspace, but API does not support adding projects to a workspace.
You can find list of all API methods here.
If you think that functionality should be supported, you can file a Feature Request.
I want to access Google Compute Engine Instances, then I active Google Compute Engine API, but how to retrieve an API key, between server key and browser key, which one should I create ?
If you're using OAuth to authenticate, there're different kind of credentials that you can use, such as web server applications, installed apps, client-sid apps, etc. You need to find out which one you need.
In the Developers Console, you can create the credentials that you might need. At the provided links you can find more information.
There are multiple methods when it comes to authenticate your project to Google API's, You will find the details in page [1] below. Logging to a Compute Engine instance using the UI will use the third method 'Service Account Key' where you don't have to put any action as by default it will use your Compute Engine default service account.
[1] https://cloud.google.com/docs/authentication/api-keys#creating_an_api_key
My team is trying to develop a product for the google apps marketplace and I am having issues with the workflow in the new ADMIN SDK.
With the now deprecated Provisioning API we simply ask for a username and password from the account we are trying to manage.
With the ADMIN SDK it seems as though they would need to go enable the API, create a key and do a lot of manual work for this to happen. This really is a tough option for us as the technical level of our clients is not likely to be able to make this transition.
Is there something like the work flow for the provisioning API where they can enable management from a third party or a recommended workflow for a developer to build an application that can access any number of google apps accounts?
A use case for this is say I want to develop a different option for a console, I want to build a console web app and simply ask for credentials or easy setup routine and allow our users to manage their google apps account in a different way.
Thanks in advance,
Steve
The Admin SDK Directory and Reports APIs work correctly with 2-legged OAuth 1.0a which is what the Google Apps Marketplace currently supports and automates. You do need to turn the Admin SDK on under "Register for additional APIs" from your Vendor Profile page on the marketplace. Also, the Administrative APIs for the domain must be turned on. You'll get a generic error that the domain cannot use the APIs if it's off in which case you can direct the client to the exact CPanel page where they can turn it on.