Google APIs and Account Authentication Types

There are two types of authentication methods you can use for Google API access:

  • Web-based authentication (authenticates as _your_ account)
  • Service-account authentication (allows for non-interfacing scripting)

Web-Based Authentication

Pros:

  • Everything you do will be done as you - no need to mess with permissions, etc.
  • All files you upload will be to your drive space.
  • More secure as you must authenticate as yourself every time the script runs

Cons:

  • Requires human-interface for authentication every time you authenticate
  • Cannot automate script/run on GUI-less server

Service-Account Authentication

Pros:

  • Can automate scripts/requires no interfacing
  • Gets its own drive space (also a con)

Cons:

  • Gets its own drive space - this means all files uploaded are to this account and not yours. You then must share the file with yourself.
  • All files existing in your drive space you want to work with must be shared with the service account before it can see them.

Steps to Get Started

Create A Project

  1. Go to your Google Console to create a new project: [https://console.cloud.google.com/projectcreate]
  2. Give your project a name (‘Example Project’) and click “Create”
  3. You will be taken to the main dashboard [https://console.cloud.google.com/home/dashboard].

Enable APIs

  1. Go to the “Google Drive API” dashboard: [https://console.cloud.google.com/apis/library/drive.googleapis.com] Make sure your project (‘Example Project’) is selected in the drop-down menu at the top.
  2. Click “Enable”
  3. Go to the “Google Sheets API” dashboard: [https://console.cloud.google.com/apis/library/sheets.googleapis.com] Make sure your project (‘Example Project’) is selected in the drop-down menu at the top.
  4. Click “Enable”

Create Credentials

Seriously consider what kind of authentication method you would like to use. This will heavily depend on your project’s needs, and may mean more or less work in your code.

  1. Go to [https://console.cloud.google.com/apis/credentials] to start creating credentials.

    • If you want to create a web-based authentication credential, select “OAuth client ID”.
    • If you want to create a service-account credential, select “Service account key”

OAuth Client (Web Browser-based Authentication)

1. If this is your first OAuth client for this project, you must configure the consent screen here: [https://console.cloud.google.com/apis/credentials/consent?createClient]

  1. Fill out the “Product name shown to users” field and click “Save”.
  2. This should take you back to the OAuth Client screen: [https://console.cloud.google.com/apis/credentials/oauthclient]
  3. Select “Other” and give it a name (example: “My Script”) and click “Create”
  4. Close the pop-up window that shows your “Client ID” and “Secret”
  5. On the far-right side of your new credential, click on the Download link to download your client credentails JSON file.
  6. Keep this JSON file someplace secret! It will be needed to use this API.

Service-Account

  1. On the “Create Service Account” page [https://console.cloud.google.com/apis/credentials/serviceaccountkey], click “Create Service Account”.
  2. Give your service account a name (‘myserviceaccount’), verify the service account ID and copy the Email address generated under the service account ID field. This will be the email address you share folders with.
  3. Click “Create and Continue”
  4. Under “Role”, select “Service Account Admin” and click “Done”.
  5. Click on the new service account email that now shows in the list, and click the “KEYS” tab.
  6. Click “ADD KEY” -> “Create new key”.
  7. Make sure “JSON” is selected, and click “Create”.
  1. Save the returned credentials JSON file someplace safe! It will be needed to use this API.