如要讓應用程式的程式碼使用 Video Intelligence API,您必須為應用程式設定能夠向服務「驗證」其身分的適當憑證,以及取得執行工作的「授權」(這些憑證相關機制稱為「驗證」方法)。
Google Cloud API 驗證和授權 (通常合稱「驗證」) 一般是透過服務帳戶執行。服務帳戶可讓您的程式碼將應用程式憑證直接傳送給 Video Intelligence API。服務帳戶 (如同使用者帳戶) 是以電子郵件地址表示。與使用者帳戶不同,服務帳戶只會與應用程式建立關聯。
啟用 API
您必須先啟用 Video Intelligence API,才能進行驗證。
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Video Intelligence API.
-
Create a service account:
-
In the Google Cloud console, go to the Create service account page.
Go to Create service account - Select your project.
-
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.
In the Service account description field, enter a description. For example,
Service account for quickstart
. - Click Create and continue.
-
Click Done to finish creating the service account.
Do not close your browser window. You will use it in the next step.
-
-
Create a service account key:
- In the Google Cloud console, click the email address for the service account that you created.
- Click Keys.
- Click Add key, and then click Create new key.
- Click Create. A JSON key file is downloaded to your computer.
- Click Close.
-
Set the environment variable
GOOGLE_APPLICATION_CREDENTIALS
to the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again. -
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Video Intelligence API.
-
Create a service account:
-
In the Google Cloud console, go to the Create service account page.
Go to Create service account - Select your project.
-
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.
In the Service account description field, enter a description. For example,
Service account for quickstart
. - Click Create and continue.
-
Click Done to finish creating the service account.
Do not close your browser window. You will use it in the next step.
-
-
Create a service account key:
- In the Google Cloud console, click the email address for the service account that you created.
- Click Keys.
- Click Add key, and then click Create new key.
- Click Create. A JSON key file is downloaded to your computer.
- Click Close.
-
Set the environment variable
GOOGLE_APPLICATION_CREDENTIALS
to the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again. -
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
-
To initialize the gcloud CLI, run the following command:
gcloud init
在 Google Cloud 主控台的「憑證」頁面中,選取「建立憑證」>「服務帳戶金鑰」。
接著在「Service account」(服務帳戶) 之下選取「New service account」(新增服務帳戶)。
在「Service account name」(服務帳戶名稱) 方塊中,輸入服務帳戶的名稱。這個名稱將用做「服務帳戶 ID」的預設名稱 (在產生的服務帳戶 ID 位址中「@」符號左邊的部分),但您可以變更這個服務帳戶 ID 名稱。這些名稱可以任意指定,只要方便記憶就好。
在「金鑰類型」下方,為大多數新專案選取「JSON」。
點選「建立」。
在 Google Cloud 控制台中建立服務帳戶
如要使用 Google Cloud 控制台建立服務帳戶,請按照下列步驟操作:
Google Cloud 主控台隨即會產生 JSON 金鑰 (以 .json
文字檔保存),提示您將檔案下載至電腦,並顯示「Service account created」(已建立服務帳戶) 對話方塊。

產生的 JSON 金鑰會與下列 JSON 金鑰範例類似:
{ "type": "service_account", "project_id": "PROJECT_ID", "private_key_id": "SOME_NUMBER", "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n", "client_email": "SERVICE_ACCOUNT_EMAIL", "client_id": "...", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://accounts.google.com/o/oauth2/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL" }
請儲存 JSON 檔案並提供安全保護,因為這個檔案含有您的私密金鑰 (且這個檔案是該金鑰的唯一副本)。當您要將註解要求傳送至 Video Intelligence API 時,必須在程式碼中參照這個服務帳戶金鑰檔案。
使用應用程式預設憑證驗證
向 Video Intelligence API 驗證應用程式的最簡單方式,是使用應用程式預設憑證 (ADC)。使用 ADC 的服務會先搜尋 GOOGLE_APPLICATION_CREDENTIALS
環境變數指定的憑證。除非您特別要求 ADC 使用其他憑證 (例如使用者憑證),否則請將這個環境變數設為指向您的服務帳戶金鑰檔案 (建立服務帳戶金鑰時下載的 .json
檔案)。
$ export GOOGLE_APPLICATION_CREDENTIALS=PATH_TO_SERVICE_ACCOUNT_FILE