Authenticate your requests

Cloud Client Libraries for Java uses the Google Auth Library for Java to authenticate requests. This library supports multiple authentication types. For more details, see the project's README.md and javadoc .

Authentication in a Google Cloud environment

When using Google Cloud libraries from a Google Cloud environment (such as Compute Engine, Google Kubernetes Engine, or App Engine) you don't need to perform additional authentication steps.

An example call without additional authentication:

  Storage 
  
 storage 
  
 = 
  
 StorageOptions 
 . 
 getDefaultInstance 
 (). 
 getService 
 ();

Authentication in non-Google Cloud environments

To authenticate in a non-Google Cloud environment, there are three common options:

(Recommended) Use a service account.
Use the Google Cloud SDK with a local test environment.
Use an existing OAuth2 access token.

Use a service account

Generate a JSON service account key .

After downloading the key, you must do one of the following:

Define the environment variable GOOGLE_APPLICATION_CREDENTIALS to be the location of the key. For example:

  export 
  
 GOOGLE_APPLICATION_CREDENTIALS 
 = 
/path/to/my/key.json

Supply the JSON credentials file when building the service options. For example, this Storage object has the necessary permissions to interact with your Cloud Storage data:

  Storage 
  
 storage 
  
 = 
  
 StorageOptions 
 . 
 newBuilder 
 () 
  
 . 
 setCredentials 
 ( 
 ServiceAccountCredentials 
 . 
 fromStream 
 ( 
 new 
  
 FileInputStream 
 ( 
 "/path/to/my/key.json" 
 ))) 
  
 . 
 build 
 () 
  
 . 
 getService 
 ();

Use the Google Cloud SDK with a local test environment

If you are using a local environment for development or testing, you can use the Google Cloud SDK .

Create Application Default Credentials with gcloud auth application-default login . Cloud Client Libraries for Java will automatically detect these credentials.

Use an existing OAuth2 access token

If you have an OAuth2 access token, you can use it to authenticate. If you do, the access token isn't automatically refreshed:

  Credentials 
  
 credentials 
  
 = 
  
 GoogleCredentials 
 . 
 create 
 ( 
 new 
  
 AccessToken 
 ( 
 accessToken 
 , 
  
 expirationTime 
 )); 
 Storage 
  
 storage 
  
 = 
  
 StorageOptions 
 . 
 newBuilder 
 () 
  
 . 
 setCredentials 
 ( 
 credentials 
 ) 
  
 . 
 build 
 () 
  
 . 
 getService 
 ();

Another example:

  Credentials 
  
 credentials 
  
 = 
  
 GoogleCredentials 
 . 
 create 
 ( 
 new 
  
 AccessToken 
 ( 
 accessToken 
 , 
  
 expirationTime 
 )); 
 CloudTasksSettings 
  
 cloudTasksSettings 
  
 = 
  
 CloudTasksSettings 
 . 
 newBuilder 
 () 
  
 . 
 setCredentialProvider 
 ( 
 FixedCredentialsProvider 
 . 
 create 
 ( 
 credentials 
 )) 
  
 . 
 build 
 (); 
 CloudTasksClient 
  
 cloudTasksClient 
  
 = 
  
 CloudTasksClient 
 . 
 create 
 ( 
 cloudTasksSettings 
 );

Application Default Credentials

If you don't provide credentials, Cloud Client Libraries for Java will attempt to detect them from the environment using GoogleCredentials.getApplicationDefault() . This method searches for Application Default Credentials in the following locations, in order:

The credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
Credentials provided by the Google Cloud SDK gcloud auth application-default login command.
Google App Engine's built-in credentials.
Google Cloud Shell's built-in credentials.
Google Compute Engine's built-in service account credentials.

Authentication with an API key

Some Google Cloud APIs support authenticating with API keys .

To use an API key with Cloud Client Libraries for Java, you must manually set the x-goog-api-key header for the relevant service client.

For example, to set the API key with the Language service :

  public 
  
 LanguageServiceClient 
  
 createGrpcClientWithApiKey 
 ( 
 String 
  
 apiKey 
 ) 
  
 throws 
  
 Exception 
  
 { 
  
 // Manually set the API key using the header 
  
 Map<String 
 , 
  
 String 
>  
 header 
  
 = 
  
 new 
  
 HashMap<String 
 , 
  
 String 
> () 
  
 { 
  
 { 
 put 
 ( 
 "x-goog-api-key" 
 , 
  
 apiKey 
 );}}; 
  
 FixedHeaderProvider 
  
 headerProvider 
  
 = 
  
 FixedHeaderProvider 
 . 
 create 
 ( 
 header 
 ); 
  
 // Create the client 
  
 TransportChannelProvider 
  
 transportChannelProvider 
  
 = 
  
 InstantiatingGrpcChannelProvider 
 . 
 newBuilder 
 (). 
 setHeaderProvider 
 ( 
 headerProvider 
 ). 
 build 
 (); 
  
 LanguageServiceSettings 
  
 settings 
  
 = 
  
 LanguageServiceSettings 
 . 
 newBuilder 
 (). 
 setTransportChannelProvider 
 ( 
 transportChannelProvider 
 ). 
 build 
 (); 
  
 LanguageServiceClient 
  
 client 
  
 = 
  
 LanguageServiceClient 
 . 
 create 
 ( 
 settings 
 ); 
  
 return 
  
 client 
 ; 
  
 }

An example instantiation with the Language Client using REST:

   
 public 
  
 LanguageServiceClient 
  
 createRestClientWithApiKey 
 ( 
 String 
  
 apiKey 
 ) 
  
 throws 
  
 Exception 
  
 { 
  
 // Manually set the API key header 
  
 Map<String 
 , 
  
 String 
>  
 header 
  
 = 
  
 new 
  
 HashMap<String 
 , 
  
 String 
> () 
  
 { 
  
 { 
 put 
 ( 
 "x-goog-api-key" 
 , 
  
 apiKey 
 );}}; 
  
 FixedHeaderProvider 
  
 headerProvider 
  
 = 
  
 FixedHeaderProvider 
 . 
 create 
 ( 
 header 
 ); 
  
 // Create the client 
  
 TransportChannelProvider 
  
 transportChannelProvider 
  
 = 
  
 InstantiatingHttpJsonChannelProvider 
 . 
 newBuilder 
 (). 
 setHeaderProvider 
 ( 
 headerProvider 
 ). 
 build 
 (); 
  
 LanguageServiceSettings 
  
 settings 
  
 = 
  
 LanguageServiceSettings 
 . 
 newBuilder 
 (). 
 setTransportChannelProvider 
 ( 
 transportChannelProvider 
 ). 
 build 
 (); 
  
 LanguageServiceClient 
  
 client 
  
 = 
  
 LanguageServiceClient 
 . 
 create 
 ( 
 settings 
 ); 
  
 return 
  
 client 
 ; 
  
 }

Authenticate your requests Stay organized with collections Save and categorize content based on your preferences.