Short lived credential tokens for ajax calls
24 views
Skip to first unread message
Ben Sawyer
Oct 31, 2023, 6:33:55 PM10/31/23
to Google Civic Information API
Hi all,
I'm building a small web app that needs to make ajax calls to this API. From the docs and guides, it sounds like this is supposed to be done using a service account and generating short lived credential tokens so as not to be passing an API key to the browser.
I get the concept, but I'm having trouble ironing out the details. Can anyone help me with the following?
1. I can restrict an API key to a specific API, but how do I do the same with a service account? I want the credential tokens to grant access to nothing but this API
2. Does this mean that I need 1 service account that the credentials are being used to impersonate, then another service account or API key used by the backend to generate the short-lived credentials?
3. What are the specific roles/permissions I need to assign to these accounts/API keys? I don't see any permissions that are specific to this API.
I'm building a small web app that needs to make ajax calls to this API. From the docs and guides, it sounds like this is supposed to be done using a service account and generating short lived credential tokens so as not to be passing an API key to the browser.
I get the concept, but I'm having trouble ironing out the details. Can anyone help me with the following?
1. I can restrict an API key to a specific API, but how do I do the same with a service account? I want the credential tokens to grant access to nothing but this API
2. Does this mean that I need 1 service account that the credentials are being used to impersonate, then another service account or API key used by the backend to generate the short-lived credentials?
3. What are the specific roles/permissions I need to assign to these accounts/API keys? I don't see any permissions that are specific to this API.
I'm not familiar with the google cloud APIs, so I want to make sure I don't have credentials floating around that allow access to anything they shouldn't
Much appreciated if anyone can answer or point me to docs for these questions.
Thanks!
Much appreciated if anyone can answer or point me to docs for these questions.
Thanks!
Reply all
Reply to author
Forward
0 new messages