Using API Keys

When calling APIs that do not access private user data, you can use simple API keys. These keys are used to authenticate your application for accounting purposes. The Google Developers Console documentation also describes API keys.

Note: If you do need to access private user data, you must use OAuth 2.0. See Using OAuth 2.0 for Web Server Applications, Using OAuth 2.0 for Installed Applications, and Using OAuth 2.0 for Server to Server Applications for more information.

Acquiring API keys

  1. Go to the Google Developers Console.
  2. Select a project, or create a new one.
  3. In the sidebar on the left, expand APIs & auth. Next, click APIs. Select the Enabled APIs link in the API section to see a list of all your enabled APIs. Make sure that the API is on the list of enabled APIs. If you have not enabled it, select the API from the list of APIs, then select the Enable API button for the API.
  4. In the sidebar on the left, select Credentials.
  5. Click Create new Key and select the appropriate key type:

    Server keys

    Create and use a server key if your application runs on a server. Do not use this key outside of your server code. For example, do not embed it in a web page. To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses.

    Browser keys

    Create and use a browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.

    iOS keys

    Create and use an iOS key if your application runs on iOS devices. Google verifies that each request originates from an iOS application that matches one of the bundle identifiers you specify. An app's .plist file contains its bundle identifier. Example: com.example.MyApp

    Android keys

    Create and use an Android key if your application runs on Android devices. To do so, you need to specify the SHA1 fingerprints and package names of the application using that key.

    1. In a terminal, run the Keytool utility to get the SHA1 fingerprint for your digitally signed .apk file's public certificate.
      keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v

      The Keytool prints the fingerprint to the shell. For example:

      $ keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v
      Enter keystore password: Type "android" if using debug.keystore
      Alias name: androiddebugkey
      Creation date: Aug 27, 2012
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Owner: CN=Android Debug, O=Android, C=US
      Issuer: CN=Android Debug, O=Android, C=US
      Serial number: 503bd581
      Valid from: Mon Aug 27 13:16:01 PDT 2012 until: Wed Aug 20 13:16:01 PDT 2042
      Certificate fingerprints:
         MD5:  1B:2B:2D:37:E1:CE:06:8B:A0:F0:73:05:3C:A3:63:DD
         SHA1: D8:AA:43:97:59:EE:C5:95:26:6A:07:EE:1C:37:8E:F4:F0:C8:05:C8
         SHA256: F3:6F:98:51:9A:DF:C3:15:4E:48:4B:0F:91:E3:3C:6A:A0:97:DC:0A:3F:B2:D2:E1:FE:23:57:F5:EB:AC:13:30
         Signature algorithm name: SHA1withRSA
         Version: 3

      Copy the SHA1 fingerprint, which is highlighted in the example above.

    2. Paste the SHA1 fingerprint into the form where requested.
    3. After the fingerprint, type a semicolon and then enter your Android app's package name.
    4. Click Create.

To keep your API keys secure, follow the best practices for securely using API keys.

Using API keys

To use API keys, set the key attribute of the service object before making API calls. For example:

require 'google/apis/plus_v1'

plus =
plus.key = 'api_key'