We recommend that you use a service account for authentication when you integrate with the Google Spectrum Access System (SAS) Portal API.
Set up a service account
To use a service account for authentication, complete the following steps:
- Create a service account .
-
Create your service account key and select JSONas your key type.
After you complete this step, your service account key is downloaded to your browser's default location.
-
Grant the Project Ownerrole to the service account.
Obtain a bearer token
You need to provide your service account authentication as a bearer token. If
you call the SAS Portal API directly, such as by making an HTTP
request with curl
, you pass your authentication as a bearer token in the Authorization
header.
To obtain a bearer token with your service account, follow these steps:
-
In the gcloud CLI, authenticate to your service account:
gcloud auth activate-service-account --key-file ${KEY_FILE}Replace
${KEY_FILE}with the path to your service account key file. -
Use your service account to obtain an authorization token:
gcloud auth print-access-token
The command returns an access token value.
-
When you use the API, pass the token value as a bearer token in an
Authorizationheader. The following code sample shows how to pass the token value as a bearer token:curl -X GET -H "X-Goog-User-Project: ${CLIENT_PROJECT} " \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${TOKEN} " \ "https://sasportal.googleapis.com/v1alpha1/customers"
Replace the following:
-
${CLIENT_PROJECT}: the ID of the Google Cloud project from which you make the requests -
${TOKEN}: the authorization token
-
What's next
- To get an overview of the SAS Portal API, see Google SAS Portal API overview .
- For information about each API, see the Customers and Device Manager API pages.
- For examples of how to use the API, see API code samples .
- For reference documentation, see APIs and reference .
