Credentials, access, security, and identity
Each request to an API that is represented in the console must include a unique identifier. Unique identifiers enable the console to tie requests to specific projects to monitor traffic and enforce quotas.
Google supports two mechanisms for creating unique identifiers:
OAuth 2.0 client IDs: For applications that use the OAuth 2.0 protocol to call Google APIs, you can use an OAuth 2.0 client ID to generate an access token. The token contains a unique identifier. See Setting up OAuth 2.0 for more information.
API keys: An API key is a unique identifier that you generate using the console. Using an API key does not require user action or consent. API keys do not grant access to any account information, and are not used for authorization.
Use an API key when your application is running on a server and accessing one of the following kinds of data:
- Data that the data owner has identified as public, such as a public calendar or blog.
- Data that is owned by a Google service such as Google Maps or Google Translate. (Access limitations might apply.)
See Setting up API keys for more information.
If you're calling only APIs that do not require user data, such as the Google Custom Search API, then API keys might be simpler to use than OAuth 2.0 access tokens. However, if your application already uses an OAuth 2.0 access token, then there is no need to generate an API key as well. Google ignores passed API keys if a passed OAuth 2.0 access token is already associated with the corresponding project.
Note: You must use either an OAuth 2.0 access token or an API key for all requests to Google APIs represented in the Cloud Platform Console. Not all APIs require authorized calls. To learn whether authorization is required for a specific call, refer to the documentation for the API you're using.