Obtaining authorization credentials | YouTube Data API

Your application must have authorization credentials to be able to use the YouTube Data API. This document describes the different types of authorization credentials that the Google Developers Console supports. It also explains how to find or create authorization credentials for your project.

Create your project and select API services

Open the Credentials page.
The API supports API keys and OAuth 2.0 credentials. Create whichever credentials are appropriate for your project:
- OAuth 2.0: Your application must send an OAuth 2.0 token with any request that accesses private user data. Your application sends a client ID and, possibly, a client secret to obtain a token. You can generate OAuth 2.0 credentials for web applications, service accounts, or installed applications.
  
  See the Creating OAuth 2.0 credentials section for more information.
- API keys: A request that does not provide an OAuth 2.0 token must send an API key. The key identifies your project and provides API access, quota, and reports.
  
  See the Creating API Keys section for information about creating an API key.

Creating OAuth 2.0 credentials

You can generate OAuth 2.0 credentials for web applications, service accounts, or installed applications.

Web applications

A web application is accessed by web browsers over a network.

Applications that use JavaScript to access the YouTube Data API must specify authorized JavaScript origins. The origins identify the domains from which your application can send API requests.
Applications that use languages and frameworks like PHP, Java, Python, Ruby, and .NET must specify authorized redirect URIs. The redirect URIs are the endpoints to which the OAuth 2.0 server can send responses.

Service accounts

A service account is used in an application that calls APIs on behalf of an application that does not access user information. This type of application needs to prove its own identity, but it does not need a user to authorize requests. The Google Accounts documentation contains more details about service accounts.

Installed applications

An installed application runs on a desktop computer or handheld device. You can create OAuth 2.0 credentials for Android, Chrome, iOS, and other installed applications.

Android

You need to specify your Android app's package name and SHA1 fingerprint.

In the Package name field, enter your Android app's package name.

In a terminal, run the Keytool utility to get the SHA1 fingerprint for your digitally signed .apk file's public certificate.

keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v

Note: For the debug.keystore, the password is android. For Eclipse, the debug keystore is typically located at ~/.android/debug.keystore.

The Keytool prints the fingerprint to the shell. For example:

$ keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v
Enter keystore password: Type "android" if using debug.keystore
Alias name: androiddebugkey
Creation date: Aug 27, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 503bd581
Valid from: Mon Aug 27 13:16:01 PDT 2012 until: Wed Aug 20 13:16:01 PDT 2042
Certificate fingerprints:
   MD5:  1B:2B:2D:37:E1:CE:06:8B:A0:F0:73:05:3C:A3:63:DD
   SHA1: D8:AA:43:97:59:EE:C5:95:26:6A:07:EE:1C:37:8E:F4:F0:C8:05:C8
   SHA256: F3:6F:98:51:9A:DF:C3:15:4E:48:4B:0F:91:E3:3C:6A:A0:97:DC:0A:3F:B2:D2:E1:FE:23:57:F5:EB:AC:13:30
   Signature algorithm name: SHA1withRSA
   Version: 3

Copy the SHA1 fingerprint, which is highlighted in the example above.

Important: When you prepare to release your app to your users, follow these steps again and create a new OAuth 2.0 client ID for your production app. For production apps, use your own private key to sign the production app's .apk file. For more information, see Signing your applications.

Paste the SHA1 fingerprint into the form where requested.
Click Create.

Chrome application

You need to specify the Application ID for your Chrome app or extension. Use the Google Chrome Identity API to obtain that ID.

iOS

You need to specify the app's Bundle ID and App Store ID.

The application's Bundle ID is the bundle identifier as listed in the app's .plist file. For example: com.example.myapp.
The application's App Store ID is in the app's iTunes URL so long as the app was published in the Apple iTunes App Store. For example, in the app URL http://itunes.apple.com/us/app/google+/id447119634, the App Store ID is 447119634.

Other

The Developers Console does not require any additional information to create OAuth 2.0 credentials for other types of installed applications.

Creating API Keys

The API supports several types of API keys. If the key type that you need does not already exist, create an API key by clicking Add credentials > API key and selecting the appropriate key type. Then enter the additional data for that key type.

Server keys

Create and use a server key if your application runs on a server. Do not use this key outside of your server code. For example, do not embed it in a web page. To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses.

Browser keys

Create and use a browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.

iOS keys

Create and use an iOS key if your application runs on iOS devices. Google verifies that each request originates from an iOS application that matches one of the bundle identifiers you specify. An app's .plist file contains its bundle identifier. Example: com.example.MyApp

Android keys

Create and use an Android key if your application runs on Android devices. To do so, you need to specify the SHA1 fingerprints and package names of the application using that key.

In the Package name field, enter your Android app's package name.

In a terminal, run the Keytool utility to get the SHA1 fingerprint for your digitally signed .apk file's public certificate.

keytool -exportcert -alias androiddebugkey -keystore path-to-debug-or-production-keystore -list -v

Note: For the debug.keystore, the password is android. For Eclipse, the debug keystore is typically located at ~/.android/debug.keystore.

The Keytool prints the fingerprint to the shell. For example:

$ keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v
Enter keystore password: Type "android" if using debug.keystore
Alias name: androiddebugkey
Creation date: Aug 27, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 503bd581
Valid from: Mon Aug 27 13:16:01 PDT 2012 until: Wed Aug 20 13:16:01 PDT 2042
Certificate fingerprints:
   MD5:  1B:2B:2D:37:E1:CE:06:8B:A0:F0:73:05:3C:A3:63:DD
   SHA1: D8:AA:43:97:59:EE:C5:95:26:6A:07:EE:1C:37:8E:F4:F0:C8:05:C8
   SHA256: F3:6F:98:51:9A:DF:C3:15:4E:48:4B:0F:91:E3:3C:6A:A0:97:DC:0A:3F:B2:D2:E1:FE:23:57:F5:EB:AC:13:30
   Signature algorithm name: SHA1withRSA
   Version: 3

Copy the SHA1 fingerprint, which is highlighted in the example above.

Paste the SHA1 fingerprint into the form where requested.
Click Create.