Pollen API supports the use of OAuth 2.0 for authentication. Google supports common OAuth 2.0 scenarios such as those for a web server.
This document describes how to pass an OAuth token to the Pollen API call in your development environment. For instructions on using OAuth in a production environment, see Authentication at Google.
Before you begin
Before you start using the Pollen API, you need a project with a billing account and the Pollen API enabled. We recommend creating multiple Project Owners and Billing Administrators, so that you'll always have someone with these roles available to your team. To learn more, see Set up in Cloud Console.
About OAuth
There are many ways to create and manage access tokens with OAuth based on your deployment environment.
For example, the Google OAuth 2.0 system supports server-to-server interactions, such as those between your application and a Google service. For this scenario you need a service account, which is an account that belongs to your application instead of to an individual end user. Your application calls Google APIs on behalf of the service account, so users aren't directly involved. For more information on authentication methods, see Authentication at Google.
Alternatively, you might use the Pollen API as part of an Android or iOS mobile app. For general information on using OAuth with the Pollen API, including information on managing access tokens for different deployment environments, see Using OAuth 2.0 to Access Google APIs.
About OAuth scopes
To use OAuth with the Pollen API, the OAuth token must be assigned the scope:
https://www.googleapis.com/auth/cloud-platform
Example: Try REST API calls in your local development environment
If you want to try the Pollen API using an OAuth token, but do not have an environment setup to generate tokens, you can use the procedure in this section to make the call.
This example describes how to use the OAuth token provided by Application Default Credentials (ADC) to make the call. For information about using ADC to call Google APIs using client libraries, see Authenticate using client libraries.
Prerequisites
Before you can make a REST request using ADC, use the Google Cloud CLI to provide credentials to ADC:
- If you haven't already, create a project and enable billing by following the steps in the Set Up in the Google Cloud Console.
- Install and initialize the gcloud CLI.
Run the following
gcloud
command on your local machine to create your credential file:gcloud auth application-default login
- A login screen is displayed. After you log in, your credentials are stored in the local credential file used by ADC.
For more information, see Local development environment section of the Provide credentials for Application Default Credentials documentation.
Make a REST request
In this example, you pass two request headers:
Pass the OAuth token in the
Authorization
header by using the following command to generate the token:gcloud auth application-default print-access-token
The returned token has a scope of
https://www.googleapis.com/auth/cloud-platform.
- Pass the ID or name of your Google Cloud project that has billing enabled in the
X-Goog-User-Project
header. To learn more, see Set up in Cloud Console.
The following example makes a call to the Pollen API using an OAuth token:
curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" -H "X-Goog-User-Project: PROJECT_ID" -d '{ "location": { "latitude": 32.62782385865436, "longitude": 35.02197334774893 } }' "https://pollen.googleapis.com/v1/forecast:lookup"
Troubleshooting
If your request returns an error message about end-user credentials not being supported by this API, see User credentials not working.