Use the ARCore API on Google Cloud

Select platform:

ARCore features such as the Geospatial API and Cloud Anchors use the ARCore API hosted on Google Cloud. When using these features, your application uses credentials to access the ARCore API service.

This quickstart describes how to set up your application so that it can communicate with the ARCore API service hosted on Google Cloud.

Create a new Google Cloud project or use an existing project

If you have an existing project, select it.

Go to project selector

If you don't have an existing Google Cloud project, create one.

Create new project

Enable the ARCore API

To use the ARCore API, you must enable it in your project.

Enable the ARCore API

Set up an authorization method

An Android application can communicate with the ARCore API using two different authorization methods: Keyless authorization (OAuth 2.0), which is the recommended method, and API Key authorization:

  • Keyless authorization uses a combination of the application's package name and the fingerprint of the signing key to authorize your application.
  • An API key is a string that identifies a Google Cloud project. API keys are generally not considered secure as they are typically accessible to clients. Consider using Keyless authorization to communicate with the ARCore API.


To authorize your app using Keyless authentication, create OAuth 2.0 client IDs.

Determine signing key fingerprints

A OAuth 2.0 client ID uses your app's signing key fingerprint to identify your app.

How to obtain your debug signing fingerprint

When running or debugging your project, the Android SDK tools automatically sign your app with a generated debug certificate.

  • In Android Studio, open the Gradle toolpane.
  • Navigate to project-name > Tasks > android.
  • Run the signingReport task.

  • Copy the SHA-1 fingerprint for the debug variant.

How to obtain a signing fingerprint from a keystore

If you have a keystore file, use the keytool utility to determine the fingerprint.

keytool -list -v -alias your-key-name -keystore path-to-production-keystore

The keytool utility then prints the fingerprint to the terminal. For example:

   Certificate fingerprint: SHA1: DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09

How to obtain your app's signing key from Play App Signing

When using Play App Signing, Google manages your app's signing key and uses it to sign your APKs. This key should be used for the signing fingerprint.

  1. In the App Signing page in Google Play Console, scroll to App signing key certificate.
  2. Use the SHA-1 certificate fingerprint.

Create OAuth 2.0 client IDs

For each applicable signing key from the previous steps, create an OAuth 2.0 client ID in your Google Cloud project's credentials.

  • In Google Cloud, open the Credentials page.


  • Click Create credentials, then select OAuth client ID from the menu.

  • Fill in the required fields as follows:

    • Application type: choose Android.
    • Package name: use the package name as declared in your AndroidManifest.xml.
    • SHA-1 certificate fingerprint: use a fingerprint obtained in previous steps.
  • Press Create.

Include required libraries

  1. Include in your app's dependencies.
  2. If you are using code minification, add it to your app's build.gradle file:

    buildTypes {
      release {
        proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), ''
  3. Add the following to your app's file:

    -keep class** { *; }
    -keep class** { *; }
    -keep class** { *; }
    -keep class** { *; }

Your app is now configured to use Keyless authentication.


  1. In Google Cloud, open the Credentials page.
  2. Click Create credentials, then select API key from the menu.
    The API key created dialog displays the string for your newly created key.
  3. In Android Studio, add the new API key to your project. Include the API key in a <meta-data> element in the <application> element in your app's AndroidManifest.xml:

  4. Review documentation on API key restrictions to secure your API key.

Your app is now configured to use API keys.

What's next

With authorization configured, check out the following ARCore features that use it: