Use OAuth

Places Insights API supports the use of OAuth 2.0 for authentication. Google supports common OAuth 2.0 scenarios such as those for a web server.

This document describes how to pass an OAuth token to the Places Insights API call in your development environment. For instructions on using OAuth in a production environment, see Authentication at Google.

Before you begin

Before you start using the Places Insights API, you need a project with a billing account and the Places Insights API enabled. We recommend creating multiple Project Owners and Billing Administrators, so that you'll always have someone with these roles available to your team. To learn more, see Set up in Cloud Console.

About OAuth

There are many ways to create and manage access tokens with OAuth based on your deployment environment.

For example, the Google OAuth 2.0 system supports server-to-server interactions, such as those between your application and a Google service. For this scenario you need a service account, which is an account that belongs to your application instead of to an individual end user. Your application calls Google APIs on behalf of the service account, so users aren't directly involved. For more information on authentication methods, see Authentication at Google.

Alternatively, you might use the Places Insights API as part of an Android or iOS mobile app. For general information on using OAuth with the Places Insights API, including information on managing access tokens for different deployment environments, see Using OAuth 2.0 to Access Google APIs.

About OAuth scopes

To use OAuth with the Places Insights API, the OAuth token must be assigned the scope:

  • https://www.googleapis.com/auth/cloud-platform

Example: Try REST API calls in your local development environment

If you want to try the Places Insights API using an OAuth token, but do not have an environment setup to generate tokens, you can use the procedure in this section to make the call.

This example describes how to use the OAuth token provided by Application Default Credentials (ADC) to make the call. For information about using ADC to call Google APIs using client libraries, see Authenticate using client libraries.

Prerequisites

Before you can make a REST request using ADC, use the Google Cloud CLI to provide credentials to ADC:

  1. If you haven't already, create a project and enable billing by following the steps in the Set Up in the Google Cloud Console.
  2. Install and initialize the gcloud CLI.
  3. Run the following gcloud command on your local machine to create your credential file:

    gcloud auth application-default login
  4. A login screen is displayed. After you log in, your credentials are stored in the local credential file used by ADC.

For more information, see Local development environment section of the Provide credentials for Application Default Credentials documentation.

Make a REST request

In this example, you pass two request headers:

  • Pass the OAuth token in the Authorization header by using the following command to generate the token:

    gcloud auth application-default print-access-token

    The returned token has a scope of https://www.googleapis.com/auth/cloud-platform.

  • Pass the ID or name of your Google Cloud project that has billing enabled in the X-Goog-User-Project header. To learn more, see Set up in Cloud Console.

The following example makes a call to the Places Insights API using an OAuth token:

curl -X POST 'https://areainsights.googleapis.com/v1:computeInsights' \
-H "Content-Type: application/json" \
-H "X-Goog-User-Project: PROJECT_NUMBER_OR_ID" \
-H "Authorization: Bearer $TOKEN" \
--data '{
   "insights":[
      "INSIGHT_COUNT"
   ],
   "filter":{
      "location_filter":{
         "region":{
            "place":"places/ChIJIQBpAG2ahYAR_6128GcTUEo"
         }
      },
      "type_filter":{
         "included_types":[
            "restaurant"
         ]
      },
      "price_levels":[
         "PRICE_LEVEL_INEXPENSIVE"
      ]
   }
}'

Troubleshooting

If your request returns an error message about end-user credentials not being supported by this API, see User credentials not working.