Keys, access, security, and identity

Each request to an API that is represented in the Google Developers Console must include a unique identifier.

Unique identifiers enable the Developers Console to tie requests to specific projects in order to

• monitor traffic,
• enforce quotas, and
• handle billing.

Google supports two mechanisms for creating unique identifiers:

1. OAuth 2.0 client IDs

   For applications that use the OAuth 2.0 protocol to call Google APIs, you can use an OAuth 2.0 client ID to generate an access token. The token contains a unique identifier.

2. API keys

   An API key (either a server key or a browser key) is a unique identifier that you generate using the Developers Console. Using an API key does not require user action or consent. API keys do not grant access to any account information, and are not used for authorization.

Use an API key when your application is running on a server and accessing one of the following kinds of data:

• Data that the data owner has identified as public, such as a public calendar or blog.
• Data that is owned by a Google service such as Google Maps or Google Translate. (Access limitations may apply.)
• If you are only calling APIs that do not require user data, such as the Google Custom Search API, then API keys might be simpler to use than OAuth 2.0 access tokens. However, if your application already uses an OAuth 2.0 access token, then there is no need to generate an API key as well. Google ignores passed API keys if a passed OAuth 2.0 access token is already associated with the corresponding project.