Authorization and authentication
Stay organized with collections
Save and categorize content based on your preferences.
We strongly recommend that you use a service account for authentication when you integrate with
the SAS Portal API. If necessary,
create a service account. Be sure to select JSON as your key type when you
create your service account key. Once complete, your service account key is downloaded to your
browser's default location. Furthermore, be sure to
grant the "Project Owner" role to the service account.
Next, you need to provide your service account authentication as a Bearer token. If you call the
SAS Portal API directly, such as by making an HTTP request with cURL, you pass your
authentication as a Bearer token in an Authorization header. To obtain a Bearer token
with your service account, follow these steps:
-
Install the
gcloud command line tool.
-
Authenticate to your service account. In the following command, replace
${KEY_FILE} with the path to your service account key file:
gcloud auth activate-service-account --key-file ${KEY_FILE}
-
Use your service account to obtain an authorization token:
gcloud auth print-access-token
The command returns an access token value.
-
When you use the API, pass the token value as a Bearer token in an Authorization
header. See the following example:
curl -X GET -H "X-Goog-User-Project: ${CLIENT_PROJECT}" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${TOKEN}" \
"https://sasportal.googleapis.com/v1alpha1/customers"
Set ${CLIENT_PROJECT} to the
ID of the Google Cloud Project from which you make the requests, and then set
${TOKEN} to the authorization token.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2023-12-05 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2023-12-05 UTC."],[[["\u003cp\u003eService accounts are the recommended authentication method for integrating with the SAS Portal API, requiring the creation of a service account with a JSON key and granting it the "Project Owner" role.\u003c/p\u003e\n"],["\u003cp\u003eAuthentication to the SAS Portal API is done using a Bearer token obtained through the \u003ccode\u003egcloud\u003c/code\u003e command-line tool by activating the service account and printing an access token.\u003c/p\u003e\n"],["\u003cp\u003eWhen calling the API, include the Bearer token in the \u003ccode\u003eAuthorization\u003c/code\u003e header of your request along with the \u003ccode\u003eX-Goog-User-Project\u003c/code\u003e header specifying your Google Cloud Project ID.\u003c/p\u003e\n"]]],["The key actions are creating a service account with a JSON key, granting it the \"Project Owner\" role, and obtaining a Bearer token for API authentication. This is done by installing the `gcloud` tool, authenticating the service account using `gcloud auth activate-service-account --key-file`, and generating an access token via `gcloud auth print-access-token`. This token should then be included in the `Authorization` header when making API calls as a Bearer token.\n"],null,["# Authorization and authentication\n\nWe strongly recommend that you use a service account for authentication when you integrate with\nthe SAS Portal API. If necessary, [create a service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts#creating_a_service_account). Be sure to select JSON as your key type when you [create your service account key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys). Once complete, your service account key is downloaded to your\nbrowser's default location. Furthermore, be sure to [grant the \"Project Owner\" role](https://cloud.google.com/iam/docs/granting-changing-revoking-access) to the service account.\n\nNext, you need to provide your service account authentication as a Bearer token. If you call the\nSAS Portal API directly, such as by making an HTTP request with `cURL`, you pass your\nauthentication as a Bearer token in an `Authorization` header. To obtain a Bearer token\nwith your service account, follow these steps:\n\n1. [Install the `gcloud` command line tool](https://cloud.google.com/sdk/install).\n2. Authenticate to your service account. In the following command, replace\n \u003cvar translate=\"no\"\u003e${KEY_FILE}\u003c/var\u003e with the path to your service account key file:\n\n ```genshi\n gcloud auth activate-service-account --key-file ${KEY_FILE}\n ```\n3. Use your service account to obtain an authorization token:\n\n ```text\n gcloud auth print-access-token\n ```\n\n The command returns an access token value.\n4. When you use the API, pass the token value as a Bearer token in an `Authorization`\n header. See the following example:\n\n ```genshi\n curl -X GET -H \"X-Goog-User-Project: ${CLIENT_PROJECT}\" \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer ${TOKEN}\" \\\n \"https://sasportal.googleapis.com/v1alpha1/customers\"\n ```\n\n Set \u003cvar translate=\"no\"\u003e${CLIENT_PROJECT}\u003c/var\u003e to the\n [ID of the Google Cloud Project](https://cloud.google.com/resource-manager/docs/creating-managing-projects) from which you make the requests, and then set\n \u003cvar translate=\"no\"\u003e${TOKEN}\u003c/var\u003e to the authorization token."]]