2018-05-19 google 官文档关于OAuth 2.0 和API keys的关系和使用

简单说:

2个相比的话:

OAuth 2.0 == 权限更高 (可以征用的数据更多,权限也多),另外比api key又更高优先级(有它,程序就跳过不看,也不需要api keys)

api key 权限低(也代表安全,只可以访问 google api / 个人制造的api的 public数据,它也其实不算登录到某个api,只是一个 “使用 ,read-only” 基本的key )  


Credentials, access, security, and identity

Each request to an API that is represented in the console must include a unique identifier. Unique identifiers enable the console to tie requests to specific projects to monitor traffic and enforce quotas.

Google supports two mechanisms for creating unique identifiers:

OAuth 2.0 client IDs: For applications that use the OAuth 2.0 protocol to call Google APIs, you can use an OAuth 2.0 client ID to generate an access token. The token contains a unique identifier. See Setting up OAuth 2.0 for more information.

API keys: An API key is a unique identifier that you generate using the console. Using an API key does not require user action or consent. API keys do not grant access to any account information, and are not used for authorization.

Use an API key when your application is running on a server and accessing one of the following kinds of data:

Data that the data owner has identified as public, such as a public calendar or blog.

Data that is owned by a Google service such as Google Maps or Google Translate. (Access limitations might apply.)

See Setting up API keys for more information.

If you're calling only APIs that do not require user data, such as the Google Custom Search API, then API keys might be simpler to use than OAuth 2.0 access tokens. However, if your application already uses an OAuth 2.0 access token, then there is no need to generate an API key as well. Google ignores passed API keys if a passed OAuth 2.0 access token is already associated with the corresponding project.

你可能感兴趣的:(2018-05-19 google 官文档关于OAuth 2.0 和API keys的关系和使用)