What's the difference between api key, client id and service account?

荒凉一梦 提交于 2021-02-17 18:58:49

问题


I needed to access a Google's service, i.e. Google Analytics, from my Symfony 2 application, so I had to use the Google api client (version 2). Before accessing Google Analytics' info, I had to create either a api key, a client id or a service account in the Google API Console.

At the end, I created a service account, and a file was downloaded. This file is used by the Google api client to grant access to my Google Analytics account and its respective collected info.

My question are:

  1. What are the differences between api key, client id and service account?

  2. When to create/use one over the other, and why?

I've not seen any exhaustive article which explains what I'm asking in this question.


回答1:


This thread is old, but still adding the information. Might help others in future.

Google needs unique identifier to tie it to your project (with your android package) for authentication and to manage traffic or quotas.

Oauth and API key are such unique identifiers.

OAuth 2.0 client IDs: If your application is using OAuth 2.0 protocol, then use OAuth client ID. OAuth is used to create the Access token, which in turn is a unique identifier. However, the user needs to agree a consent. https://developers.google.com/identity/protocols/OAuth2

API keys: An API key is a unique identifier that you generate using the console. The advantage is the user does not require an user action or consent. But you cannot use the API key for authorization unlike OAuth. Use an API key when the data you want is public and does not need a user authentication, such as Google maps.

Service Account : Google APIs such as the Prediction API and Google Cloud Storage can act on behalf of your application without accessing user information. In these situations your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources. For these types of server-to-server interactions you need a service account. https://developers.google.com/identity/protocols/OAuth2#serviceaccount




回答2:


The API keys authenticate for APIs that do not access personal data.

The client id authenticates with your Google Account.

The service account authenticates your application when you do not want to use the login data of your own account (or any real persons account).

You still need to add the service account to any Google service you want to access with that service account.



来源:https://stackoverflow.com/questions/39181501/whats-the-difference-between-api-key-client-id-and-service-account

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!