/

How to Authenticate to Any Google API

How to Authenticate to Any Google API

Authenticating to Google APIs can be complicated, especially when working with the Google Developers Console. This can sometimes discourage developers from using Google APIs. However, this article aims to simplify the process of authenticating to any Google API by explaining how to use the Google Developers Console.

To get started, make sure you already have a Google account. Here’s a step-by-step guide on how to authenticate to any Google API:

Create a new Google API Project

  1. If you haven’t done so already, create a new project on the Google Developers Console. After logging in to the console, click on “Create a new project”. Give it a name and you’ll be redirected to the project dashboard.

  2. From the project dashboard, click on “Enable APIs and services”.

  3. In the API library, search for the API you’re interested in and enable it.

That’s it! The project is now ready for authentication.

Create the Authentication Credentials

There are three ways to authenticate with Google APIs: OAuth 2, Service to Service, and API key. API key is less secure and restricted in scope and usage by Google, while OAuth 2 is more complex and suitable for apps that make requests on behalf of a user. In this article, we’ll focus on the Service to Service authentication model, which is the simplest method.

To use this method:

  1. Generate a JSON Key File through the Google Developers Console. From the project dashboard, click on “Create credentials” and choose “Service Account Key”.

  2. Fill in the form and choose “JSON” as the key type. Google will send you a JSON file containing the authentication credentials.

  3. This JSON file, called the “JSON Key File”, contains the following information:

1
2
3
4
5
6
7
8
9
10
11
12
{
  "type": "service_account",
  "project_id": "...",
  "private_key_id": "...",
  "private_key": "...",
  "client_email": "...",
  "client_id": "...",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "..."
}

Using the JSON Key File

To use the JSON Key File for authentication:

  1. Save the JSON file somewhere reachable by your program, preferably on the filesystem. For example, you can put the JSON file in the same directory as your Node.js app and rename it to “auth.json”.

  2. Make sure the GOOGLE_APPLICATION_CREDENTIALS environment variable points to the location of the JSON file on the filesystem. For example, you can set it to ‘./auth.json’.

  3. Create a JSON Web Token (JWT) using the properties contained in the JSON file. Here’s an example in Node.js:

1
const jwt = new google.auth.JWT(key.client_email, null, key.private_key, scopes)
  1. Pass the JWT to any API request you make. For example, to use the Google Analytics API:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
const { google } = require('googleapis')

const key = require('./auth.json')
const scopes = 'https://www.googleapis.com/auth/analytics.readonly'
const jwt = new google.auth.JWT(key.client_email, null, key.private_key, scopes)
const view_id = 'XXXXXXX'

// Set the GOOGLE_APPLICATION_CREDENTIALS environment variable 
process.env.GOOGLE_APPLICATION_CREDENTIALS = './auth.json'

jwt.authorize((err, response) => {
  google.analytics('v3').data.ga.get(
    {
      auth: jwt,
      ids: 'ga:' + view_id,
      'start-date': '30daysAgo',
      'end-date': 'today',
      metrics: 'ga:pageviews'
    },
    (err, result) => {
      console.log(err, result)
    }
  )
})

Use Environment Variables

In situations where storing authentication credentials on the filesystem is not practical or secure, you can use environment variables. Instead of storing the entire JSON file, extract the necessary information and set them as environment variables. Here’s an example:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
const { google } = require('googleapis')

const scopes = 'https://www.googleapis.com/auth/analytics.readonly'
const jwt = new google.auth.JWT(
  process.env.CLIENT_EMAIL,
  null,
  process.env.PRIVATE_KEY,
  scopes
)
const view_id = 'XXXXXXX'

jwt.authorize((err, response) => {
  google.analytics('v3').data.ga.get(
    {
      auth: jwt,
      ids: 'ga:' + view_id,
      'start-date': '30daysAgo',
      'end-date': 'today',
      metrics: 'ga:pageviews'
    },
    (err, result) => {
      console.log(err, result)
    }
  )
})

Access Other APIs

In the examples above, we used the Google Analytics API. However, you can access other APIs using a similar approach. For example:

1
2
google.urlshortener('v1')
google.drive('v2')

This guide provides a simplified way of authenticating to any Google API using the Google Developers Console. By following these steps, you’ll be able to authenticate to Google APIs more easily and efficiently.

tags: [“Google API”, “authentication”, “Google Developers Console”, “JSON Key File”, “Service to Service API”, “environment variables”, “Google Analytics API”]