Hide

API Keys

This document describes API Keys, when to use them, how to acquire them, and how to use them with the Google APIs Client Library for Python.

Introduction

When calling an API that does not access private user data, you can use a simple API key. This key is used to authenticate your application for accounting purposes. The Google APIs Console documentation also describes API keys.

Note: If you do need to access private user data, you must use OAuth 2.0.

Acquiring API keys

  1. Open the Credentials page.
  2. Click Add credentials > API key and select the appropriate key type:

    Server keys

    Create and use a server key if your application runs on a server. Do not use this key outside of your server code. For example, do not embed it in a web page. To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses.

    Browser keys

    Create and use a browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.

    iOS keys

    Create and use an iOS key if your application runs on iOS devices. Google verifies that each request originates from an iOS application that matches one of the bundle identifiers you specify. An app's .plist file contains its bundle identifier. Example: com.example.MyApp

    Android keys

    Create and use an Android key if your application runs on Android devices. To do so, you need to specify the SHA1 fingerprints and package names of the application using that key.

    1. In the Package name field, enter your Android app's package name.
    2. In a terminal, run the Keytool utility to get the SHA1 fingerprint for your digitally signed .apk file's public certificate.
      keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v

      The Keytool prints the fingerprint to the shell. For example:

      $ keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v
      Enter keystore password: Type "android" if using debug.keystore
      Alias name: androiddebugkey
      Creation date: Aug 27, 2012
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Certificate[1]:
      Owner: CN=Android Debug, O=Android, C=US
      Issuer: CN=Android Debug, O=Android, C=US
      Serial number: 503bd581
      Valid from: Mon Aug 27 13:16:01 PDT 2012 until: Wed Aug 20 13:16:01 PDT 2042
      Certificate fingerprints:
         MD5:  1B:2B:2D:37:E1:CE:06:8B:A0:F0:73:05:3C:A3:63:DD
         SHA1: D8:AA:43:97:59:EE:C5:95:26:6A:07:EE:1C:37:8E:F4:F0:C8:05:C8
         SHA256: F3:6F:98:51:9A:DF:C3:15:4E:48:4B:0F:91:E3:3C:6A:A0:97:DC:0A:3F:B2:D2:E1:FE:23:57:F5:EB:AC:13:30
         Signature algorithm name: SHA1withRSA
         Version: 3

      Copy the SHA1 fingerprint, which is highlighted in the example above.

    3. Paste the SHA1 fingerprint into the form where requested.
    4. Click Create.

To keep your API keys secure, follow the best practices for securely using API keys.

Using API keys

To use an API key, pass it to the build() function when creating a service object. The Simple API Example on the Getting Started page provides a complete example that uses API keys. Here is the relevant line from that script:

service = build('books', 'v1', developerKey="api_key")

All calls made using that service object will include your API key.