This document describes API Keys, when to use them, how to acquire them, and how to use them with the Google APIs Client Library for Python.
When calling an API that does not access private user data, you can use a simple API key. This key is used to authenticate your application for accounting purposes. The Google APIs Console documentation also describes API keys.
Note: If you do need to access private user data, you must use OAuth 2.0.
Acquiring API keys
- Go to the Google Developers Console.
- Select a project, or create a new one.
- In the sidebar on the left, expand APIs & auth. Next, click APIs. Select the Enabled APIs link in the API section to see a list of all your enabled APIs. Make sure that the API is on the list of enabled APIs. If you have not enabled it, select the API from the list of APIs, then select the Enable API button for the API.
- In the sidebar on the left, select Credentials.
- Click Create new Key and select the appropriate key type:
Create and use a server key if your application runs on a server. Do not use this key outside of your server code. For example, do not embed it in a web page. To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses.
Create and use a browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.
Create and use an iOS key if your application runs on iOS devices. Google verifies that each request originates from an iOS application that matches one of the bundle identifiers you specify. An app's
.plistfile contains its bundle identifier. Example:
Create and use an Android key if your application runs on Android devices. To do so, you need to specify the SHA1 fingerprints and package names of the application using that key.
In a terminal, run the
Keytool utility to get the
SHA1 fingerprint for your digitally signed
.apkfile's public certificate.
keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v
The Keytool prints the fingerprint to the shell. For example:
$ keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v Enter keystore password: Type "android" if using debug.keystore Alias name: androiddebugkey Creation date: Aug 27, 2012 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate: Owner: CN=Android Debug, O=Android, C=US Issuer: CN=Android Debug, O=Android, C=US Serial number: 503bd581 Valid from: Mon Aug 27 13:16:01 PDT 2012 until: Wed Aug 20 13:16:01 PDT 2042 Certificate fingerprints: MD5: 1B:2B:2D:37:E1:CE:06:8B:A0:F0:73:05:3C:A3:63:DD SHA1: D8:AA:43:97:59:EE:C5:95:26:6A:07:EE:1C:37:8E:F4:F0:C8:05:C8 SHA256: F3:6F:98:51:9A:DF:C3:15:4E:48:4B:0F:91:E3:3C:6A:A0:97:DC:0A:3F:B2:D2:E1:FE:23:57:F5:EB:AC:13:30 Signature algorithm name: SHA1withRSA Version: 3
Copy the SHA1 fingerprint, which is highlighted in the example above.
- Paste the SHA1 fingerprint into the form where requested.
- After the fingerprint, type a semicolon and then enter your Android app's package name.
- Click Create.
- In a terminal, run the Keytool utility to get the SHA1 fingerprint for your digitally signed
To keep your API keys secure, follow the best practices for securely using API keys.
Using API keys
To use an API key, pass it to the build() function when creating a service object. The Simple API Example on the Getting Started page provides a complete example that uses API keys. Here is the relevant line from that script:
service = build('books', 'v1', developerKey="api_key")
All calls made using that service object will include your API key.