Search
Clear search
Close search
Google apps
Main menu
Cloud Platform Console Help
Cloud Platform Console Contact us

Setting up API keys

If your client application does not use OAuth 2.0, then it must include an API key when it calls an API that's enabled within a Google Cloud Platform project. The application passes this key into all API requests as a key=API_key parameter.

To create your application's API key:

  1. Go to the Cloud Platform Console.
  2. From the projects list, select a project or create a new one.
  3. If the API Manager page isn't already open, open the menu  Gallery Menu  and select API Manager.
  4. On the left, choose Credentials.
  5. Click Create credentials and then select API key.
  6. Choose the type of key to use. (API key types are described in more detail in the following sections.) If you're unsure whether an API key is appropriate for the API you're calling, select Help me choose and follow the instructions to pick the right credentials.

Note: In addition to reading the instructions on this page, be sure to read Best practices for securely using API keys.

The API supports several types of API keys, including server keys, browser keys, iOS keys, and Android keys.

Server keys

Create and use a Server key if your application runs on a server. Do not use this key outside of your server code. For example, do not embed it in a web page. To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses.

Browser keys

Create and use a Browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.

iOS keys

Create and use an iOS key if your application runs on iOS devices. Google verifies that each request originates from an iOS application that matches one of the bundle identifiers you specify. An app's .plist file contains its bundle identifier. Example: com.example.MyApp

Android keys

Create and use an Android key if your application runs on Android devices. To do so, you need to specify the SHA1 fingerprints and package names of the application using that key.

  1. In the Package name field, enter your Android app's package name.
  2. In a terminal, run the Keytool utility to get the SHA1 fingerprint for your digitally signed .apk file's public certificate.
    keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v

    Note: For the debug.keystore, the password is android. For Eclipse, the debug keystore is typically located at ~/.android/debug.keystore.

    The Keytool prints the fingerprint to the shell. For example:

    $ keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v
    Enter keystore password: Type "android" if using debug.keystore
    Alias name: androiddebugkey
    Creation date: Aug 27, 2012
    Entry type: PrivateKeyEntry
    Certificate chain length: 1
    Certificate[1]:
    Owner: CN=Android Debug, O=Android, C=US
    Issuer: CN=Android Debug, O=Android, C=US
    Serial number: 503bd581
    Valid from: Mon Aug 27 13:16:01 PDT 2012 until: Wed Aug 20 13:16:01 PDT 2042
    Certificate fingerprints:
       MD5: 1B:2B:2D:37:E1:CE:06:8B:A0:F0:73:05:3C:A3:63:DD
       SHA1: D8:AA:43:97:59:EE:C5:95:26:6A:07:EE:1C:37:8E:F4:F0:C8:05:C8
       SHA256: F3:6F:98:51:9A:DF:C3:15:4E:48:4B:0F:91:E3:3C:6A:A0:97:DC:0A:3F:B2:D2:E1:FE:23:57:F5:EB:AC:13:30
       Signature algorithm name: SHA1withRSA
       Version: 3

    Copy the SHA1 fingerprint, which is bold in the example above.

    Important: When you prepare to release your app to your users, follow these steps again and create a new OAuth 2.0 client ID for your production app. For production apps, use your own private key to sign the production app's .apk file. For more information, see Signing your applications.
  3. Paste the SHA1 fingerprint into the form where requested.
  4. Click Create.
Was this article helpful?