通過 Video Intelligence API 驗證

本頁面說明服務帳戶的用途、如何建立服務帳戶來驗證對 Video Intelligence API 的要求,以及如何使用服務帳戶設定應用程式預設憑證

如要讓應用程式的程式碼使用 Video Intelligence API,您必須為應用程式設定能夠向服務「驗證」其身分的適當憑證,以及取得執行工作的「授權」(這些憑證相關機制稱為「驗證」方法)。

Google Cloud API 驗證和授權 (通常合稱「驗證」) 一般是透過服務帳戶執行。服務帳戶可讓您的程式碼將應用程式憑證直接傳送給 Video Intelligence API。服務帳戶 (如同使用者帳戶) 是以電子郵件地址表示。與使用者帳戶不同,服務帳戶只會與應用程式建立關聯。

啟用 API

您必須先啟用 Video Intelligence API,才能進行驗證。

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Cloud Video Intelligence API.

    Enable the API

  5. Create a service account:

    1. In the Google Cloud console, go to the Create service account page.

      Go to Create service account
    2. Select your project.
    3. In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

      In the Service account description field, enter a description. For example, Service account for quickstart.

    4. Click Create and continue.
    5. Click Done to finish creating the service account.

      Do not close your browser window. You will use it in the next step.

  6. Create a service account key:

    1. In the Google Cloud console, click the email address for the service account that you created.
    2. Click Keys.
    3. Click Add key, and then click Create new key.
    4. Click Create. A JSON key file is downloaded to your computer.
    5. Click Close.
  7. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again.

  8. Install the Google Cloud CLI.

  9. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  10. To initialize the gcloud CLI, run the following command:

    gcloud init
  11. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  12. Make sure that billing is enabled for your Google Cloud project.

  13. Enable the Cloud Video Intelligence API.

    Enable the API

  14. Create a service account:

    1. In the Google Cloud console, go to the Create service account page.

      Go to Create service account
    2. Select your project.
    3. In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

      In the Service account description field, enter a description. For example, Service account for quickstart.

    4. Click Create and continue.
    5. Click Done to finish creating the service account.

      Do not close your browser window. You will use it in the next step.

  15. Create a service account key:

    1. In the Google Cloud console, click the email address for the service account that you created.
    2. Click Keys.
    3. Click Add key, and then click Create new key.
    4. Click Create. A JSON key file is downloaded to your computer.
    5. Click Close.
  16. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again.

  17. Install the Google Cloud CLI.

  18. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  19. To initialize the gcloud CLI, run the following command:

    gcloud init
  20. 在 Google Cloud 控制台中建立服務帳戶

    如要使用 Google Cloud 控制台建立服務帳戶,請按照下列步驟操作:

    1. 在 Google Cloud 主控台的「憑證」頁面中,選取「建立憑證」>「服務帳戶金鑰」

    2. 接著在「Service account」(服務帳戶) 之下選取「New service account」(新增服務帳戶)

    3. 在「Service account name」(服務帳戶名稱) 方塊中,輸入服務帳戶的名稱。這個名稱將用做「服務帳戶 ID」的預設名稱 (在產生的服務帳戶 ID 位址中「@」符號左邊的部分),但您可以變更這個服務帳戶 ID 名稱。這些名稱可以任意指定,只要方便記憶就好。

    4. 在「金鑰類型」下方,為大多數新專案選取「JSON」

    5. 點選「建立」

    Google Cloud 主控台隨即會產生 JSON 金鑰 (以 .json文字檔保存),提示您將檔案下載至電腦,並顯示「Service account created」(已建立服務帳戶) 對話方塊。

    產生的 JSON 金鑰會與下列 JSON 金鑰範例類似:

    {
      "type": "service_account",
      "project_id": "PROJECT_ID",
      "private_key_id": "SOME_NUMBER",
      "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
      "client_email": "SERVICE_ACCOUNT_EMAIL",
      "client_id": "...",
      "auth_uri": "https://accounts.google.com/o/oauth2/auth",
      "token_uri": "https://accounts.google.com/o/oauth2/token",
      "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
      "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"
    }
    

    請儲存 JSON 檔案並提供安全保護,因為這個檔案含有您的私密金鑰 (且這個檔案是該金鑰的唯一副本)。當您要將註解要求傳送至 Video Intelligence API 時,必須在程式碼中參照這個服務帳戶金鑰檔案。

    使用應用程式預設憑證驗證

    向 Video Intelligence API 驗證應用程式的最簡單方式,是使用應用程式預設憑證 (ADC)。使用 ADC 的服務會先搜尋 GOOGLE_APPLICATION_CREDENTIALS 環境變數指定的憑證。除非您特別要求 ADC 使用其他憑證 (例如使用者憑證),否則請將這個環境變數設為指向您的服務帳戶金鑰檔案 (建立服務帳戶金鑰時下載的 .json 檔案)。

    $ export GOOGLE_APPLICATION_CREDENTIALS=PATH_TO_SERVICE_ACCOUNT_FILE