问题
I needed to access a Google's service, i.e. Google Analytics, from my Symfony 2 application, so I had to use the Google api client (version 2). Before accessing Google Analytics' info, I had to create either a api key, a client id or a service account in the Google API Console.
At the end, I created a service account, and a file was downloaded. This file is used by the Google api client to grant access to my Google Analytics account and its respective collected info.
My question are:
What are the differences between api key, client id and service account?
When to create/use one over the other, and why?
I've not seen any exhaustive article which explains what I'm asking in this question.
回答1:
This thread is old, but still adding the information. Might help others in future.
Google needs unique identifier to tie it to your project (with your android package) for authentication and to manage traffic or quotas.
Oauth and API key are such unique identifiers.
OAuth 2.0 client IDs: If your application is using OAuth 2.0 protocol, then use OAuth client ID. OAuth is used to create the Access token, which in turn is a unique identifier. However, the user needs to agree a consent. https://developers.google.com/identity/protocols/OAuth2
API keys: An API key is a unique identifier that you generate using the console. The advantage is the user does not require an user action or consent. But you cannot use the API key for authorization unlike OAuth. Use an API key when the data you want is public and does not need a user authentication, such as Google maps.
Service Account : Google APIs such as the Prediction API and Google Cloud Storage can act on behalf of your application without accessing user information. In these situations your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources. For these types of server-to-server interactions you need a service account. https://developers.google.com/identity/protocols/OAuth2#serviceaccount
回答2:
The API keys authenticate for APIs that do not access personal data.
The client id authenticates with your Google Account.
The service account authenticates your application when you do not want to use the login data of your own account (or any real persons account).
You still need to add the service account to any Google service you want to access with that service account.
来源:https://stackoverflow.com/questions/39181501/whats-the-difference-between-api-key-client-id-and-service-account