Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Steps involve in the setup of Google API connection
- Obtain OAuth 2.0 credentials from the Google API Console. The generated email address that is unique, a client ID, and at least one public/private key pair.
- Obtain an access token from the Google Authorization Server. Before your application can access private data using a Google API, it must obtain an access token that grants access to that API. A single access token can grant varying degrees of access to multiple APIs. A variable parameter called scope controls the set of resources and operations that an access token permits. During the access token request, your application sends one or more values in the scope parameter.
If the permission is granted, the Google Authorization Server sends the application an access token
- Send the access token to an API. After an application obtains an access token, it sends the token to a Google API in an HTTP authorization header. Access tokens are valid only for the set of operations and resources described in the scope of the token request. For example, if an access token is issued for the Google+ API, it does not grant access to the Google Contacts API. You can, however, send that access token to the Google+ API multiple times for similar operations.
Service accounts
Google APIs such as the Prediction API and Google Cloud Storage can act on behalf of your application without accessing user information. In these situations, your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources.
For these types of server-to-server interactions, you need a service account, which is an account that belongs to your application instead of to an individual end-user. Your application calls Google APIs on behalf of the service account, and user consent is not required. (In non-service-account scenarios, your application calls Google APIs on behalf of end-users, and user consent is sometimes required.)
A service account's credentials, which you obtain from the Google API Console, include a generated email address that is unique, a client ID, and at least one public/private key pair. You use the client ID and one private key to create a signed JWT and construct an access token request in the appropriate format. Your application then sends the token request to the Google OAuth 2.0 Authorization Server, which returns an access token. The application uses the token to access a Google API. When the token expires, the application repeats the process.
References:
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | serviceaccount.png | 6.53 KB | boaloysius |
Comments
Comment #2
boaloysius CreditAttribution: boaloysius as a volunteer and at Google Summer of Code commentedComment #3
boaloysius CreditAttribution: boaloysius as a volunteer and at Google Summer of Code commentedComment #4
boaloysius CreditAttribution: boaloysius as a volunteer and at Google Summer of Code commentedComment #5
boaloysius CreditAttribution: boaloysius as a volunteer and at Google Summer of Code commentedComment #6
boaloysius CreditAttribution: boaloysius as a volunteer and at Google Summer of Code commentedComment #7
boaloysius CreditAttribution: boaloysius as a volunteer and at Google Summer of Code commentedComment #8
boaloysius CreditAttribution: boaloysius as a volunteer and at Google Summer of Code commentedComment #9
boaloysius CreditAttribution: boaloysius as a volunteer and at Google Summer of Code commented