API stands for application programming interface, a set of definitions and protocols for building and integrating applications. Google Cloud APIs are programmatic interfaces that interact with Google Cloud services. In Chapter 3, we learned how to enable and disable Google Cloud APIs with the gcloud command-line interface. In this part of this chapter, we would like to focus on working with Google Cloud APIs using REST/HTTP APIs. As mentioned in Chapter 3, Google Cloud offers many ways to interact with its services. For this chapter, we will show you how to interact with data-related products using REST/HTTP APIs.
Using Google Cloud APIs with REST/HTTP APIs
We can use various tools to work with REST/HTTP APIs. Depending on the operating system and our preferences, it can be a curl Linux command-line tool, or we can use desktop applications such as Postman, Swagger, or HTTPie. These tools are multiplatform, and you can try them out yourself. We will use Postman in this part of this book.
Before interacting with Google Cloud APIs, we need to authenticate ourselves with Google Cloud.
Authenticating using REST
Similar to the different choices Google Cloud offers us for interacting with APIs, we have different ways to authenticate with Google Cloud to work with its services. In our case, we will describe OAuth 2.0 authentication with Postman, as other authentication possibilities exceed Associate Cloud Engineer certification requirements.
If you wish to learn about different ways, go to https://cloud.google.com/docs/authentication/client-libraries.
OAuth 2.0
OAuth 2.0 is an open standard protocol that allows users to grant third-party application access to their resources without them revealing their credentials. It provides a secure and standard way for users to authorize access to their resources, such as social media profiles, email accounts, or online storage services.
In an OAuth 2.0 flow, the user authenticates with the resource provider (for example, Google, Facebook, or another provider) and then authorizes the third-party application to access their resources. The third-party application obtains an access token, which it can use to make requests on behalf of the user to access their resources.
To set OAuth 2.0, we must first create credentials in APIs & Services in Google Cloud:
- In the desired project, go to APIs & Services.
- Click Credentials. If this is the first time you’re creating credentials, you must configure the consent screen. Click the CONFIGURE CONSENT SCREEN button:
Figure 10.13 – The Credentials section in APIs & Services
- In our case, we will set User Type to Internal. Click Create.
- In the next section, we need to enter App name (the name of the app asking for consent) and User support email (for users to contact you with questions about their consent) details; optionally, we can add the app logo and more information about the app. We can also look at the app’s home page, privacy policy, and terms of service:
Figure 10.14 – OAuth consent screen creation