ApiAuthentication

JSON representation
ApiKeyConfig
- JSON representation
ApiKeyConfig.RequestLocation
OAuthConfig
- JSON representation
OAuthConfig.OauthGrantType
ServiceAgentIdTokenAuthConfig
ServiceAccountAuthConfig
- JSON representation
BearerTokenConfig
- JSON representation

Authentication information required for API calls.

JSON representation

JSON representation
{ // Union field `auth_config` can be only one of the following: "apiKeyConfig": { object (`ApiKeyConfig`) }, "oauthConfig": { object (`OAuthConfig`) }, "serviceAgentIdTokenAuthConfig": { object (`ServiceAgentIdTokenAuthConfig`) }, "serviceAccountAuthConfig": { object (`ServiceAccountAuthConfig`) }, "bearerTokenConfig": { object (`BearerTokenConfig`) } // End of list of possible types for union field `auth_config`. }

{

  // Union field auth_config can be only one of the following:
  "apiKeyConfig": {
    object (ApiKeyConfig)
  },
  "oauthConfig": {
    object (OAuthConfig)
  },
  "serviceAgentIdTokenAuthConfig": {
    object (ServiceAgentIdTokenAuthConfig)
  },
  "serviceAccountAuthConfig": {
    object (ServiceAccountAuthConfig)
  },
  "bearerTokenConfig": {
    object (BearerTokenConfig)
  }
  // End of list of possible types for union field auth_config.
}

Fields
Union field `auth_config`. The auth configuration. `auth_config` can be only one of the following:
`apiKeyConfig`	`object (ApiKeyConfig)` Optional. Config for API key auth.
`oauthConfig`	`object (OAuthConfig)` Optional. Config for OAuth.
`serviceAgentIdTokenAuthConfig`	`object (ServiceAgentIdTokenAuthConfig)` Optional. Config for ID token auth generated from CES service agent.
`serviceAccountAuthConfig`	`object (ServiceAccountAuthConfig)` Optional. Config for service account authentication.
`bearerTokenConfig`	`object (BearerTokenConfig)` Optional. Config for bearer token auth.

ApiKeyConfig

Configurations for authentication with API key.

JSON representation
{ "keyName": string, "apiKeySecretVersion": string, "requestLocation": enum (`ApiKeyConfig.RequestLocation`) }

Fields

Fields
`keyName`	`string` Required. The parameter name or the header name of the API key. E.g., If the API request is "https://example.com/act?X-Api-Key=", "X-Api-Key" would be the parameter name.
`apiKeySecretVersion`	`string` Required. The name of the SecretManager secret version resource storing the API key. Format: `projects/{project}/secrets/{secret}/versions/{version}` Note: You should grant `roles/secretmanager.secretAccessor` role to the CES service agent `service-<PROJECT-NUMBER>@gcp-sa-ces.iam.gserviceaccount.com`.
`requestLocation`	`enum (ApiKeyConfig.RequestLocation)` Required. Key location in the request.

keyName

string

Required. The parameter name or the header name of the API key. E.g., If the API request is "https://example.com/act?X-Api-Key=", "X-Api-Key" would be the parameter name.

apiKeySecretVersion

string

Required. The name of the SecretManager secret version resource storing the API key. Format: projects/{project}/secrets/{secret}/versions/{version}

Note: You should grant roles/secretmanager.secretAccessor role to the CES service agent service-<PROJECT-NUMBER>@gcp-sa-ces.iam.gserviceaccount.com.

requestLocation

enum (ApiKeyConfig.RequestLocation)

Required. Key location in the request.

ApiKeyConfig.RequestLocation

The location of the API key in the request.

Enums
`REQUEST_LOCATION_UNSPECIFIED`	Unspecified. This value should not be unused.
`HEADER`	Represents the key in http header.
`QUERY_STRING`	Represents the key in query string.

OAuthConfig

Configurations for authentication with OAuth.

JSON representation
{ "oauthGrantType": enum (`OAuthConfig.OauthGrantType`), "clientId": string, "clientSecretVersion": string, "tokenEndpoint": string, "scopes": [ string ] }

Fields
`oauthGrantType`	`enum (OAuthConfig.OauthGrantType)` Required. OAuth grant types.
`clientId`	`string` Required. The client ID from the OAuth provider.
`clientSecretVersion`	`string` Required. The name of the SecretManager secret version resource storing the client secret. Format: `projects/{project}/secrets/{secret}/versions/{version}` Note: You should grant `roles/secretmanager.secretAccessor` role to the CES service agent `service-<PROJECT-NUMBER>@gcp-sa-ces.iam.gserviceaccount.com`.
`tokenEndpoint`	`string` Required. The token endpoint in the OAuth provider to exchange for an access token.
`scopes[]`	`string` Optional. The OAuth scopes to grant.

OAuthConfig.OauthGrantType

OAuth grant types. Only client credential grant is supported.

Enums
`OAUTH_GRANT_TYPE_UNSPECIFIED`	Unspecified. Defaults to CLIENT_CREDENTIAL.
`CLIENT_CREDENTIAL`	Represents the client credential flow.

ServiceAgentIdTokenAuthConfig

This type has no fields.

Configurations for authentication with ID token generated from service agent.

ServiceAccountAuthConfig

Configurations for authentication using a custom service account.

JSON representation
{ "serviceAccount": string }

Fields

Fields
`serviceAccount`	`string` Required. The email address of the service account used for authenticatation. CES uses this service account to exchange an access token and the access token is then sent in the `Authorization` header of the request. The service account must have the `roles/iam.serviceAccountTokenCreator` role granted to the CES service agent `service-<PROJECT-NUMBER>@gcp-sa-ces.iam.gserviceaccount.com`.

serviceAccount

string

Required. The email address of the service account used for authenticatation. CES uses this service account to exchange an access token and the access token is then sent in the Authorization header of the request.

The service account must have the roles/iam.serviceAccountTokenCreator role granted to the CES service agent service-<PROJECT-NUMBER>@gcp-sa-ces.iam.gserviceaccount.com.

BearerTokenConfig

Configurations for authentication with a bearer token.

JSON representation
{ "token": string }

Fields

Fields
`token`	`string` Required. The bearer token. Must be in the format `$context.variables.<name_of_variable>`.

token

string

Required. The bearer token. Must be in the format $context.variables.<name_of_variable>.

ApiAuthentication Stay organized with collections Save and categorize content based on your preferences.

ApiKeyConfig

ApiKeyConfig.RequestLocation

OAuthConfig

OAuthConfig.OauthGrantType

ServiceAgentIdTokenAuthConfig

ServiceAccountAuthConfig

BearerTokenConfig

ApiAuthentication