如要讓應用程式的程式碼使用 Video Intelligence API,您必須為應用程式設定能夠向服務「驗證」其身分的適當憑證,以及取得執行工作的「授權」(這些憑證相關機制稱為「驗證」方法)。
Google Cloud API 驗證和授權 (通常合稱「驗證」) 一般是透過服務帳戶執行。服務帳戶可讓您的程式碼將應用程式憑證直接傳送給 Video Intelligence API。服務帳戶 (如同使用者帳戶) 是以電子郵件地址表示。與使用者帳戶不同,服務帳戶只會與應用程式建立關聯。
啟用 API
您必須先啟用 Video Intelligence API,才能進行驗證。
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
- 
    
    
      In the Google Cloud console, on the project selector page, select or create a Google Cloud project. Roles required to select or create a project - Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- 
      Create a project: To create a project, you need the Project Creator
      (roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
 
- 
  
    Verify that billing is enabled for your Google Cloud project. 
- 
  
  
    
      Enable the Cloud Video Intelligence API. Roles required to enable APIs To enable APIs, you need the Service Usage Admin IAM role ( roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.
- 
  
  Create a service account: - 
      Ensure that you have the Create Service Accounts IAM role
      (roles/iam.serviceAccountCreator). Learn how to grant roles.
- 
      In the Google Cloud console, go to the Create service account page. Go to Create service account
- Select your project.
- 
      In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name. In the Service account description field, enter a description. For example, Service account for quickstart.
- Click Create and continue.
- 
      Click Done to finish creating the service account. Do not close your browser window. You will use it in the next step. 
 
- 
      Ensure that you have the Create Service Accounts IAM role
      (
- 
    
  
  Create a service account key: - In the Google Cloud console, click the email address for the service account that you created.
- Click Keys.
- Click Add key, and then click Create new key.
- Click Create. A JSON key file is downloaded to your computer.
- Click Close.
 
- 
  Set the environment variable GOOGLE_APPLICATION_CREDENTIALSto the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again.
- 
      Install the Google Cloud CLI. 
- 
          如果您使用外部識別資訊提供者 (IdP),請先 使用聯合身分登入 gcloud CLI。 
- 
        如要初始化 gcloud CLI,請執行下列指令: gcloud init
- 
    
    
      In the Google Cloud console, on the project selector page, select or create a Google Cloud project. Roles required to select or create a project - Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- 
      Create a project: To create a project, you need the Project Creator
      (roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
 
- 
  
    Verify that billing is enabled for your Google Cloud project. 
- 
  
  
    
      Enable the Cloud Video Intelligence API. Roles required to enable APIs To enable APIs, you need the Service Usage Admin IAM role ( roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.
- 
  
  Create a service account: - 
      Ensure that you have the Create Service Accounts IAM role
      (roles/iam.serviceAccountCreator). Learn how to grant roles.
- 
      In the Google Cloud console, go to the Create service account page. Go to Create service account
- Select your project.
- 
      In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name. In the Service account description field, enter a description. For example, Service account for quickstart.
- Click Create and continue.
- 
      Click Done to finish creating the service account. Do not close your browser window. You will use it in the next step. 
 
- 
      Ensure that you have the Create Service Accounts IAM role
      (
- 
    
  
  Create a service account key: - In the Google Cloud console, click the email address for the service account that you created.
- Click Keys.
- Click Add key, and then click Create new key.
- Click Create. A JSON key file is downloaded to your computer.
- Click Close.
 
- 
  Set the environment variable GOOGLE_APPLICATION_CREDENTIALSto the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again.
- 
      Install the Google Cloud CLI. 
- 
          如果您使用外部識別資訊提供者 (IdP),請先 使用聯合身分登入 gcloud CLI。 
- 
        如要初始化 gcloud CLI,請執行下列指令: gcloud init
- 在 Google Cloud 主控台的「憑證」頁面中,選取「建立憑證」>「服務帳戶金鑰」。   
- 接著在「Service account」(服務帳戶) 之下選取「New service account」(新增服務帳戶)。   
- 在「Service account name」(服務帳戶名稱) 方塊中,輸入服務帳戶的名稱。這個名稱將用做「服務帳戶 ID」的預設名稱 (在產生的服務帳戶 ID 位址中「@」符號左邊的部分),但您可以變更這個服務帳戶 ID 名稱。這些名稱可以任意指定,只要方便記憶就好。 
- 在「金鑰類型」下方,為大多數新專案選取「JSON」。 
- 點選「建立」。 
在 Google Cloud 控制台中建立服務帳戶
如要使用 Google Cloud 控制台建立服務帳戶,請按照下列步驟操作:
 Google Cloud 主控台隨即會產生 JSON 金鑰 (以 .json文字檔保存),提示您將檔案下載至電腦,並顯示「Service account created」(已建立服務帳戶) 對話方塊。
 
產生的 JSON 金鑰會與下列 JSON 金鑰範例類似:
{
  "type": "service_account",
  "project_id": "PROJECT_ID",
  "private_key_id": "SOME_NUMBER",
  "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
  "client_email": "SERVICE_ACCOUNT_EMAIL",
  "client_id": "...",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"
}
請儲存 JSON 檔案並提供安全保護,因為這個檔案含有您的私密金鑰 (且這個檔案是該金鑰的唯一副本)。當您要將註解要求傳送至 Video Intelligence API 時,必須在程式碼中參照這個服務帳戶金鑰檔案。
使用應用程式預設憑證驗證
向 Video Intelligence API 驗證應用程式的最簡單方式,是使用應用程式預設憑證 (ADC)。使用 ADC 的服務會先搜尋 GOOGLE_APPLICATION_CREDENTIALS 環境變數指定的憑證。除非您特別要求 ADC 使用其他憑證 (例如使用者憑證),否則請將這個環境變數設為指向您的服務帳戶金鑰檔案 (建立服務帳戶金鑰時下載的 .json 檔案)。
$ export GOOGLE_APPLICATION_CREDENTIALS=PATH_TO_SERVICE_ACCOUNT_FILE