api密钥，客户端ID和服务帐户之间有什么区别? [英] What's the difference between api key, client id and service account?

问题描述

我需要从我的Symfony 2应用程序访问Google的服务，即Google Analytics(分析)，因此我必须使用Google api客户端(版本2).访问Google Analytics(分析)的信息之前，我必须在Google API控制台中创建api密钥，客户端ID或服务帐户.

I needed to access a Google's service, i.e. Google Analytics, from my Symfony 2 application, so I had to use the Google api client (version 2). Before accessing Google Analytics' info, I had to create either a api key, a client id or a service account in the Google API Console.

最后，我创建了一个服务帐户，并下载了一个文件.Google api客户端使用此文件来授予对我的Google Analytics(分析)帐户及其各自收集的信息的访问权限.

At the end, I created a service account, and a file was downloaded. This file is used by the Google api client to grant access to my Google Analytics account and its respective collected info.

我的问题是:

1. api密钥，客户端ID和服务帐户之间有什么区别?

1. What are the differences between api key, client id and service account?

何时在另一个之上创建/使用一个，为什么?

When to create/use one over the other, and why?

我没有看到任何详尽的文章来解释我在这个问题中的要求.

I've not seen any exhaustive article which explains what I'm asking in this question.

推荐答案

该线程较旧，但仍在添加信息.将来可能会帮助他人.

This thread is old, but still adding the information. Might help others in future.

Google需要唯一的标识符，以将其与您的项目(使用您的android软件包)绑定以进行身份​​验证并管理流量或配额.

Google needs unique identifier to tie it to your project (with your android package) for authentication and to manage traffic or quotas.

Oauth和API密钥就是这样的唯一标识符.

Oauth and API key are such unique identifiers.

OAuth 2.0客户端ID :如果您的应用程序使用的是OAuth 2.0协议，请使用OAuth客户端ID.OAuth用于创建访问令牌，而访问令牌又是唯一标识符.但是，用户需要同意同意. https://developers.google.com/identity/protocols/OAuth2

OAuth 2.0 client IDs: If your application is using OAuth 2.0 protocol, then use OAuth client ID. OAuth is used to create the Access token, which in turn is a unique identifier. However, the user needs to agree a consent. https://developers.google.com/identity/protocols/OAuth2

API密钥: API密钥是您使用控制台生成的唯一标识符.优点是用户不需要用户操作或同意.但是您不能像OAuth一样使用API​​密钥进行授权.当您想要的数据是公共数据并且不需要用户身份验证(例如Google地图)时，请使用API​​密钥.

API keys: An API key is a unique identifier that you generate using the console. The advantage is the user does not require an user action or consent. But you cannot use the API key for authorization unlike OAuth. Use an API key when the data you want is public and does not need a user authentication, such as Google maps.

服务帐户:诸如Prediction API和Google Cloud Storage之类的Google API可以代表您的应用程序运行，而无需访问用户信息.在这些情况下，您的应用程序需要向API证明自己的身份，但无需用户同意.同样，在企业方案中，您的应用程序可以请求委派对某些资源的访问.对于这些类型的服务器到服务器交互，您需要一个服务帐户. https://developers.google.com/identity/protocols/OAuth2#serviceaccount

Service Account : Google APIs such as the Prediction API and Google Cloud Storage can act on behalf of your application without accessing user information. In these situations your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources. For these types of server-to-server interactions you need a service account. https://developers.google.com/identity/protocols/OAuth2#serviceaccount

这篇关于api密钥，客户端ID和服务帐户之间有什么区别?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！