Google is committed to advancing racial equity for Black communities. See how.

Cloud Anchors developer guide for ARCore Extensions for iOS

Learn how to use the Cloud Anchor API in your own apps. If you are new to Cloud Anchors:

  • Read through the quickstart for system requirements, setup, and installation instructions.

Enable Cloud Anchors in your app

Cloud Anchors are disabled by default in ARCore. The sample app ships with Cloud Anchors enabled for demo purposes only. You can enable Cloud Anchor capabilities in your session configuration, and enable the ARCore Cloud Anchor API for your Google Cloud Platform project.

Host a Cloud Anchor with persistence

Prior to ARCore v1.20, Cloud Anchors could only be resolved for up to 24 hours after they were first hosted. With persistent Cloud Anchors, you can now use ARAnchorManager.HostCloudAnchor(ARAnchor, int) to host a Cloud Anchor with a time to live (TTL) between one and 365 days. You can also extend the lifetime of the anchor after it is already hosted using the Cloud Anchor Management API.

// ttlDays: The lifetime of the anchor in days. Must be positive. The
// maximum allowed value is 1 if using an API Key to authenticate with the
// ARCore Cloud Anchor Service, otherwise the maximum allowed value is 365.
ARCloudAnchor ARAnchorManager.HostCloudAnchor(ARAnchor anchor, int ttlDays)

Authentication

Your app needs a form of authentication to use Cloud Anchors. When targeting iOS, ARCore Extensions for Unity offers the Authentication token and API Key options for authentication. Cloud Anchors with a TTL greater than one day must use a token for authentication.

Token (signed JWT) authentication

The authentication token option can host a Cloud Anchor for up to 365 days. Cloud Anchors with a TTL greater than one day must use this method. In order to generate tokens for iOS, you must have an endpoint on your server that satisfies the following requirements:

  • Your own authentication mechanism must protect the endpoint.

  • The endpoint must generate a new token every time, such that:

    • Each user gets a unique token.
    • Tokens don’t immediately expire.

Currently, the only supported token type is a signed JWT (that is, a JSON Web token signed by a Google Service account). See the official JWT website for an introduction to JWTs.

Create a service account and signing key

Follow these steps to create a Google Service account and signing key:

  1. In the navigation menu of the Google Cloud Platform console, go to APIs & Services > Credentials.

  2. Select the desired project, then click Create Credentials > Service account.

  3. Under Service account details, type a name for the new account, then click Create.

  4. On the Service account permissions page, go to the Select a role dropdown. Select Service Accounts > Service Account Token Creator, then click Continue.

  5. On the Grant users access to this service account page, click Done. This takes you back to APIs & Services > Credentials.

  6. On the Credentials page, scroll down to the Service Accounts section and click the name of the account you just created.

  7. On the Service account details page, scroll down to the Keys section and select Add Key > Create new key.

  8. Select JSON as the key type and click Create. This downloads a JSON file containing the private key to your machine. Store the downloaded JSON key file in a secure location.

Create tokens on your server

To create new tokens (JWTs) on your server, use the standard JWT libraries and the JSON file that you securely downloaded from your new service account.

Create tokens on your development machine

To generate JWTs on your development machine, use the following oauth2l command:

oauth2l fetch --jwt --json $KEYFILE $AUDIENCE --cache ""

Specifying an empty cache location using the --cache flag is necessary to ensure that a different token is produced each time. Be sure to trim the resulting string because extra spaces or newline characters will cause ARCore to reject the token.

Sign the token

You must use the RS256 algorithm and the following claims to sign the JWT:

  • iss — The service account email address.
  • sub — The service account email address.
  • iat — The Unix time when the token was generated, in seconds.
  • expiat + 3600 (1 hour). The Unix time when the token expires, in seconds.
  • aud — The audience. The correct ‘audience’ for the Cloud Anchor API is https://arcorecloudanchor.googleapis.com/.

Non-standard claims are not required in the JWT payload, though you may find the uid claim useful for identifying the corresponding user.

If you use a different approach to generate your JWTs, such as using a Google API in a Google-managed environment, make sure to sign your JWTs with the claims in this section. Above all, make sure that the audience is correct.

Pass a token into the ARCore session

When you obtain a token, pass it into your ARCore session using ARAnchorManager.SetAuthToken():

// Designate the token to use when authenticating with the ARCore Cloud Anchor service
// on the iOS platform. This should be called each time the application's token is refreshed.
ARAnchorManager.SetAuthToken(string authToken);

Note the following when you pass a token into the session:

  • If you do not pass in a valid token before attempting to host or resolve an anchor, you will get authentication errors.

  • ARCore ignores tokens that contain spaces or special characters. ARCore also ignores all tokens if you create your session with a valid API key. If you previously used an API key and no longer need it, we recommend deleting it in the Google Developers Console and removing it from your app after migrating users to the newest version.

  • Tokens typically expire after one hour. If there is a possibility that your token may expire while in use, obtain a new token and pass it to the API.

API key authentication

The API key authentication option can host a Cloud Anchor for up to one day.

Follow these steps to obtain and add an API key to your project:

  1. See the Google Cloud Platform Console Help Center to obtain an API key.

  2. Add the new API key to your project:

  • In Unity, go to Edit > Project Settings > XR > ARCore Extensions.
  • Add your API key to the Cloud Anchor API Keys field.

Mapping quality

FeatureMapQuality indicates the quality of feature points seen by ARCore in the preceding few seconds from a given camera pose. Cloud Anchors hosted using higher quality features generally result in more accurately resolved poses. If feature map quality cannot be estimated for a given pose, EstimateFeatureMapQualityForHosting logs a warning message and returns FeatureMapQuality.Insufficient. This state indicates that ARCore will likely have more difficulty resolving the Cloud Anchor. Encourage the user to move the device, so that the desired position of the Cloud Anchor to be hosted is viewed from different angles.

FeatureMapQuality quality = ARAnchorManager.EstimateFeatureMapQualityForHosting(pose)

public enum FeatureMapQuality
{
    /// The quality of feature points identified from the pose in the preceding
    /// few seconds is low. This state indicates that ARCore will likely have
    /// more difficulty resolving the Cloud Anchor. Encourage the user to move the
    /// device, so that the desired position of the Cloud Anchor to be hosted is
    /// viewed from different angles.
    Insufficient = 0,

    /// The quality of feature points identified from the pose in the preceding
    /// few seconds is likely sufficient for ARCore to successfully resolve
    /// a Cloud Anchor, although the accuracy of the resolved pose will likely be
    /// reduced. Encourage the user to move the device, so that the desired position of
    /// the Cloud Anchor they wish to host can be viewed from different angles.
    Sufficient = 1,

    /// The quality of feature points identified from the pose in the preceding
    /// few seconds is likely sufficient for ARCore to successfully resolve
    /// a Cloud Anchor with a high degree of accuracy.
    Good = 2,
}

API quotas

The ARCore Cloud Anchor API has the following quotas for request bandwidth:

Quota type Maximum Duration Applies to
Number of anchors Unlimited N/A Project
Anchor host requests 30 minute IP address and project
Anchor resolve requests 300 minute IP address and project

Performance considerations

Memory usage increases when you enable the Cloud Anchor API. Expect the device’s battery usage to rise due to higher network usage and CPU utilization.

Next steps