Getting Started with Google Cloud Platform (GCP) APIs

A Step-by-Step Tutorial on how to use them

Photo by Mitchell Luo on Unsplash

Introduction

What is a GCP API?

First thing first, GCP API stands for Google Cloud Platform Application Programming Interface. If you have ever used an API in any project then you know the importance of API for any developer. But what if you want to incorporate GCP into your project? As almost all service have their APIs, GCP has its own API, which provides endpoints that developers can use to interact with various GCP services and resources, such as Google Cloud Storage, Compute Engine, BigQuery, and more. All GCP APIs are a subdomain of googleapis.com, eg. compute.googleapis.com, etc.

How can one send a request to these APIs?

The endpoints of these APIs support HTTP and gRPC requests. All GCP APIs provide a simple JSON HTTP interface that you can call directly or via Google API Client Libraries. Most Cloud APIs also provide a gRPC interface you can call via Google Client Libraries, which provides better performance and usability. In short, there are two types of libraries (More on these libraries later).

How Secure is using these APIs?

All GCP APIs accept only secure requests using TLS encryption and everything is handled by Google. Thank You, Google :)

What are some Examples of GCP APIs?

All services in GCP have their own API. Some of the most popular APIs are listed below:

1. Compute Engine API: This API allows you to create and manage Virtual Machines on GCP called Compute Engines.
2. Cloud Storage API: This API allows to store and access data from Google Cloud Storage.
3. Cloud SQL API: This API allows you to create and manage a database in GCP.
4. Cloud Pub/Sub API: Thi API allows you to publish and subscribe to messages in real-time.

Benefits of using GCP APIs

There are many benefits of using GCP APIs to call GCP services. Some of the most important benefits are:

1. Ease of Use: GCP APIs are designed to be easy to use.
2. Power: GCP APIs give you full control to create, manage and use GCP services.
3. Scalability: GCP APIs are designed to scale according to your need.
4. Security: GCP APIs use industry-standard security protocols to protect your data.
5. Cost Effectiveness: You only pay for the API calls you make with no long-term commitments.

In addition to these benefits, GCP APIs also offer a number of other features which are beneficial for any beginner or Developer

1. Documentation: GCP APIs documentation, similar to GCPs documentation is very easy to understand and follow. They also provide you with API Explorer which allows you to try almost all Google REST APIs without writing any code.
2. Samples: GCP provides a number of sample codes in different languages on their Documentation page, that you can use to get started.
3. Support: GCP offers support for GCP APIs, so you can get help if you need any.

Client Libraries make GCP APIs easy peasy

Client libraries make it easier to use Google APIs and are available in many supported languages. While you can call these APIs directly by making a raw request to API, client libraries provide a lot of benefits and also reduce the amount of code you need to write.

GCP provides two ways to use its client libraries in multiple languages.

Image by Author: Difference between Libraries

Prerequisites GCP Environment

Following are the prerequisites that are understood you have already in place to move further.

Note: In this article, we will be using Python.

1. Google Account
2. GCP project
3. Create and Enable billing [Optional]
4. Install and Configure gcloud cli
5. Python 3.10.7 or greater
6. Install Python Packages

• Required Packages

pip install google-auth-httplib2 google-auth-oauthlib

• Install any one of the following Python packages depending on how you are going to access the API

# If Using Cloud Client Library (eg.For Cloud Storage)
pip install google-cloud-storage

# If using Google API Client Library
pip install --upgrade google-api-python-client

Exploring GCP API Libraries

Finding and Choosing the Right API Library

Before using any APIs, you should know which API to use. Just like Amazon where you can find any product in one place, you can find all GCP APIs in one place at Google Cloud Console API Library or using Google API Explorer. You can browse all available APIs and select the one that best meets your needs.

Enabling API

• Some APIs are enabled by default when you create a project.
• While you have to enable most of your APIs. You can do this at Google Cloud Console API Library (or search API library in the search bar). You can also enable any API using the gcloud command (command line tool for GCP)
• Also, when you enable an API for the project it is enabled for that project only, if your work involves multiple projects you may have to enable the APIs on various projects independently.
• Some APIs are dependent on other APIs to work, so they automatically enable other APIs. So if you see a couple of extra APIs do not disable it directly, first check if it was enabled by mistake or does any required API depend on it.
• Some APIs require Billing Account to be created and attached to the project.
• You may need serviceusage.services.enable permission or any higher role like owner on the project in order to enable any API in that project.

Authenticating with GCP API

Security is a major factor in any system and setting up authentication is a way in which we can implement it. But setting up authentication is a task of its own. But no worries, Google have implemented Authentication for you and that too with the current Google account that you are already using. There are several authentication methods that are available in GCP; using service account key, OAuth 2.0 credentials and most important ADC (You’ll love it when you understand it).

I won’t be covering much in detail about Authentication in this article. GCP Authentication will require its own article. I’ll update the link to that article once it is published. Till then for the matter of this article, we will use basic ADC.

ADC stands for Application Default Credentials basically, you say to Google if not explicitly specified use this credential to authenticate.

So the next that must arise is, how to inform Google about this default credential. You just have to run a gcloud command to authenticate and obtain API credentials.

gcloud auth application-default login

This command will open the browser and prompt you to log in to your Google Account and ask for permission to use ADC. After you give permission, your credentials will be stored in a local credential file which will be used by ADC to authenticate the app on your behalf. Yes, that's it.

You don't have to do any steps of authentication when running your code in a GCP environment (Cloud Function, GCP Compute Engine, etc.)

Calling GCP Services Programmatically

Making API Requests with Cloud Client Libraries

Using Cloud Client Libraries in Python is as simple as a cakewalk if you are familiar with working in Python. Just Import, Create an object and Execute it. Just keep in mind as mentioned above these client libraries are not available for all GCP services in all programming languages, so before planning, look if the client library is available for the GCP service required.

from google.cloud import storage

# Create a client using the authenticated credentials
client = storage.Client(project='project_id')

# Access an existing bucket
bucket = client.get_bucket('your-bucket-name')

# List objects in the bucket
blobs = bucket.list_blobs()
for blob in blobs:
    print(blob.name)

If the project argument in the storage client is not given explicitly then it will take the project id that is set as default in your gcloud configuration. You can check your configuration and set any value in your configuration using the gcloud config command. To know more about this command use

gcloud config --help

Let's take another example, querying Big Query table

from google.cloud import bigquery

# Create a client using the authenticated credentials
client = bigquery.Client(project='project_id')

# Execute a query
query = """
SELECT
  name, age
FROM
  `your-dataset.your-table`
WHERE
  age > 18
"""
query_job = client.query(query)

# Get query results
results = query_job.result()
for row in results:
    print(f"Name: {row['name']}, Age: {row['age']}")

Using Google API Client Library

This is the most basic yet effective method to call GCP APIs. One of the main benefits of using this method is that it is highly customizable. But at the same time requires a little bit of understanding, to begin with. Let's understand this with an example.

Let's say we want to get the latest version of a secret called “credentials_abc” from GCPs Secret Manager.

1. Getting to the REST API page of GCP Service.

First, we need to Google something like “Secret Manager Rest API”, you’ll find a page like this which is basically Google’s REST API Documentation Page for different services. Look below image for Secret Manager API Documentation page. Or you can even search for the required Service API Documentation page by visiting the Google APIs Explorer page.

Image by Author: Secret Manager API Documentation page

On the left, under Rest Reference, you’ll see different versions of APIs. Try to select the latest version that is stable. Some versions of API may be in beta as seen in the above image v1beta1, which is still under development. But sometimes new methods in API are only available in beta versions, in that case, you will have to use the beta version.

For our example of the secret manager, there is only one version v1 and the method we want ‘access’ is also available in v1. So we will use that.

2. Structuring API request

The access method page looks something like this

Image By Author: Secret Manager Access method

Using this page we will create our API request in API Client Library.

from googleapiclient import discovery

# Create a service object
service = discovery.build('secretmanager', 'v1')

# Build request
secret_key = 'credential_123'
project_id = 'project_id_123'
request = service.projects().secrets().versions().access(
            name=f'projects/{project_id}/secrets/{secret_key}/versions/latest')

# Execute request
secret_value = request.execute()

Explanation:

1. Create a service object

service = discovery.build('secretmanager', 'v1')

• First, we created the service object using the build method of the API client library. Here the first argument is always the service name that we intend to use. You can get this from the URL mentioned in the above image (underlined in blue). For our example, it is “secretmanager”.
• For Compute Engine the URL is “https://compute.googleapis.com” so the service name is “compute”. For Cloud SQL it is “https://sqladmin.googleapis.com” so the service name is “sqladmin”.
• The next argument is the version of API we want to use, as mentioned above we are using v1.

Note: If you want to pass credentials explicitly then you can use

service = discovery.build('secretmanager', 'v1', credentials=credential)

2. Build request

secret_key = 'credential_123'
project_id = 'project_id_123'
request = service.projects().secrets().versions().access(
            name=f'projects/{project_id}/secrets/{secret_key}/versions/latest')

As you can see the method name in the image above is projects.secrets.versions.access so our code also uses this method but a parenthesis follows after every step. Inside the access method, we use Path Parameters as shown in the image. The access method only has a “name” path parameter. The format of the name parameter can be found in the documentation itself (see image: underlined).

3. Execute request

secret_value = request.execute()

Next is to execute the method and get the secret’s latest version.

Request Body and Query Parameter

For some methods, you may have to pass a Request Body or a Query Parameter. For example to create a secret you need to send a Request Body to body argument and the name of the secret as a Query Parameter to the request.

# Request Body is passed to argument "body"
request = service.projects().secrets().create(parent=f'projects/{project_id}', body=secret_body)
# Query Parameter
request.uri += f"&secretId={secret_name}"
# Execute the request
request.execute()

Where the secret body can be obtained from the Request Body section of the Documentation page (see image below).

Image By Author: Components of API request as on Documentation

# Create a service object
service = discovery.build('SERVICE_NAME', 'API_VERSION')
# Request Body is passed to argument "body"
request = service.METHOD_NAME(PATH_PARAMETERS_AND_FORMAT, body=REQUEST_BODY)
# Query Parameter
request.uri += f"QUERY_PARAMETER"
# Execute the request
request.execute()

Managing API Quotas and Rate Limiting

All APIs have limits up to which you can use the APIs. So be aware of the quotas and rate limits associated with each service to avoid throttling and unexpected issues. Even if you use up your quota, you can request GCP to increase the limit. This normally takes some time, so plan accordingly.

That’s all for today.

Thank you for the read and for staying with me for so long. I am going to be writing more beginner-friendly posts in the future too. For more posts like this, you can follow me on Medium. I welcome feedback and constructive criticism and can be reached on Linkedin.

Thanks for your time. Keep Learning and Keep growing.

Thank You!

Happy Learning :)