What's the difference between api key, client id and service account?

php symfony google-analytics google-api-php-client difference
nbro picture nbro · Aug 27, 2016 · Viewed 11.7k times · Source

I needed to access a Google's service, i.e. Google Analytics, from my Symfony 2 application, so I had to use the Google api client (version 2). Before accessing Google Analytics' info, I had to create either a api key, a client id or a service account in the Google API Console.

At the end, I created a service account, and a file was downloaded. This file is used by the Google api client to grant access to my Google Analytics account and its respective collected info.

My question are:

  1. What are the differences between api key, client id and service account?

  2. When to create/use one over the other, and why?

I've not seen any exhaustive article which explains what I'm asking in this question.

Answer

Android4Fun picture Android4Fun · Feb 16, 2018

This thread is old, but still adding the information. Might help others in future.

Google needs unique identifier to tie it to your project (with your android package) for authentication and to manage traffic or quotas.

Oauth and API key are such unique identifiers.

OAuth 2.0 client IDs: If your application is using OAuth 2.0 protocol, then use OAuth client ID. OAuth is used to create the Access token, which in turn is a unique identifier. However, the user needs to agree a consent. https://developers.google.com/identity/protocols/OAuth2

API keys: An API key is a unique identifier that you generate using the console. The advantage is the user does not require an user action or consent. But you cannot use the API key for authorization unlike OAuth. Use an API key when the data you want is public and does not need a user authentication, such as Google maps.

Service Account : Google APIs such as the Prediction API and Google Cloud Storage can act on behalf of your application without accessing user information. In these situations your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources. For these types of server-to-server interactions you need a service account. https://developers.google.com/identity/protocols/OAuth2#serviceaccount

Related questions

Running Composer returns: "Could not open input file: composer.phar"

I am new to symfony2 and reading symblog. In third chapter while trying with data-fixtures I tried the command: php composer.phar update but I got the error: Could not open input file: composer.phar So I googled a little …

Read More
How to get the request parameters in Symfony 2?

I am very new to symfony. In other languages like java and others I can use request.getParameter('parmeter name') to get the value. Is there anything similar that we can do with symfony2. I have seen some examples but …

Read More
Access POST values in Symfony2 request object

OK, this is a newbie question, but I can't find the answer anywhere. In a controller in Symfony2, I want to access the POST value from one of my forms. In the controller I have: public function indexAction() { $request = $this-&…

Read More