api 密钥、客户端 ID 和服务帐户之间有什么区别?

我需要从我的 Symfony 2 应用程序访问 Google 的服务,即 Google Analytics,所以我不得不使用 Google api 客户端(版本 2).在访问 Google Analytics 的信息之前,我必须在 Google API 控制台中创建 API 密钥、客户端 ID 或服务帐户.

I needed to access a Google's service, i.e. Google Analytics, from my Symfony 2 application, so I had to use the Google api client (version 2). Before accessing Google Analytics' info, I had to create either a api key, a client id or a service account in the Google API Console.

最后,我创建了一个服务帐户,并下载了一个文件.Google api 客户端使用此文件来授予对我的 Google Analytics(分析)帐户及其各自收集的信息的访问权限.

At the end, I created a service account, and a file was downloaded. This file is used by the Google api client to grant access to my Google Analytics account and its respective collected info.

我的问题是:

  1. api key、c​​lient id 和 service account 有什么区别?

  1. What are the differences between api key, client id and service account?

何时创建/使用一个而不是另一个,为什么?

When to create/use one over the other, and why?

我还没有看到任何详尽的文章来解释我在这个问题中提出的问题.

I've not seen any exhaustive article which explains what I'm asking in this question.

推荐答案

这个帖子很旧,但仍在添加信息.将来可能会帮助别人.

This thread is old, but still adding the information. Might help others in future.

Google 需要唯一标识符来将其绑定到您的项目(使用您的 android 包)以进行身份​​验证和管理流量或配额.

Google needs unique identifier to tie it to your project (with your android package) for authentication and to manage traffic or quotas.

Oauth 和 API 密钥就是这样的唯一标识符.

Oauth and API key are such unique identifiers.

OAuth 2.0 客户端 ID:如果您的应用程序使用 OAuth 2.0 协议,则使用 OAuth 客户端 ID.OAuth 用于创建访问令牌,而访问令牌又是一个唯一标识符.但是,用户需要同意同意.https://developers.google.com/identity/protocols/OAuth2

OAuth 2.0 client IDs: If your application is using OAuth 2.0 protocol, then use OAuth client ID. OAuth is used to create the Access token, which in turn is a unique identifier. However, the user needs to agree a consent. https://developers.google.com/identity/protocols/OAuth2

API 密钥:API 密钥是您使用控制台生成的唯一标识符.优点是用户不需要用户操作或同意.但与 OAuth 不同,您不能使用 API 密钥进行授权.当您想要的数据是公开的并且不需要用户身份验证(例如 Google 地图)时,请使用 API 密钥.

API keys: An API key is a unique identifier that you generate using the console. The advantage is the user does not require an user action or consent. But you cannot use the API key for authorization unlike OAuth. Use an API key when the data you want is public and does not need a user authentication, such as Google maps.

服务帐户:Google API(例如 Prediction API 和 Google Cloud Storage)可以代表您的应用程序运行,而无需访问用户信息.在这些情况下,您的应用程序需要向 API 证明自己的身份,但不需要用户同意.同样,在企业场景中,您的应用程序可以请求对某些资源的委托访问.对于这些类型的服务器到服务器交互,您需要一个服务帐户.https://developers.google.com/identity/protocols/OAuth2#serviceaccount

Service Account : Google APIs such as the Prediction API and Google Cloud Storage can act on behalf of your application without accessing user information. In these situations your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources. For these types of server-to-server interactions you need a service account. https://developers.google.com/identity/protocols/OAuth2#serviceaccount

相关文章