breadcrumbs: How-Tos > page_name: api-keys title: API Keys
Note: Software distribution with keys acquired for yourself is allowed, but the keys themselves cannot be shared with parties outside the legal entity that accepted the API ToS. Keep in mind that a number of the APIs will have no or very limited quota and not all of the APIs have additional quota available for purchase.
Googlers only:
How-to:
First, acquire API keys. Then, specify the API keys to use either when you build Chromium, or at runtime using environment variables.
Make sure you are a member of chromium-dev@chromium.org (you can just subscribe to chromium-dev and choose not to receive mail). Note: the APIs below are only visible to people subscribed to that group.
Make sure you are logged in with the Google account associated with the email address that you used to subscribe to chromium-dev.
Click on the dropdown next to “Google Cloud Platform” and select Create Project (upper right).
(Optional) You may add other members of your organization or team on the Team tab.
Open the APIs and Services > Library from the hamburger menu, search for all of the following APIs. If you're a member of the chromeos-dev Google group you should see all of them. For each of these APIs click on them when found by the search, and then click on “Enable API” button at the top, read and agree to the Terms of Service that is shown, check the “I have read and agree to <API name> Terms of Service” checkbox and click Accept: (This list might be out of date; try searching for APIs starting with “Chrome” or having “for Chrome” in the name.)
If any of these APIs are not shown, recheck step 1.
Go to the Credentials sub tab under the API & Services section in the hamburger menu.
Click the “Create credentials” button then click on the OAuth client ID item in the drop-down list.
In the pop-up window that appears you'll see a client ID and a “client secret” string. Copy and paste those in a text file on your dev box then click OK to dismiss it.
Click the Create credentials button again on the same page.
You should now have an API key and a OAuth 2.0 client ID in on the Credentials tab. The next sections will refer to the value of the “API key” field too.
Note: that the keys you have now acquired are not for distribution purposes and must not be shared with other users.
If you are building Chromium yourself, you can provide keys as part of your build configuration, that way they are always baked into your binary.
Specify three variables in your args.gn
file (which you can edit by running gn args out/your_out_dir_here
)
google_api_key = "your_api_key" google_default_client_id = "your_client_id" google_default_client_secret = "your_client_secret"
If you prefer, you can build a Chromium binary (or use a pre-built Chromium binary) without API keys baked in, and instead provide them at runtime. To do so, set the environment variables GOOGLE_API_KEY
, GOOGLE_DEFAULT_CLIENT_ID
and GOOGLE_DEFAULT_CLIENT_SECRET
to your “API key”, “Client ID” and “Client secret” values respectively. On Chromium OS to specify the keys as environment variables append them to the end of /etc/chrome_dev.conf
:
Note: Starting with Chromium M69, when the browser is set up with an OAuth 2.0 client ID and client secret, signing in with your Google Account to any Google web property will also attempt to sign you in to Chromium (which will fail as explained above). To avoid such errors, remove your OAuth 2.0 client ID and client secret from your build to stop generating tokens when users sign in to Google web properties (remove google_default_client_id, google_default_client_secret from gn args and GOOGLE_DEFAULT_CLIENT_ID and GOOGLE_DEFAULT_CLIENT_SECRET from your environment settings).
Many of the Google APIs used by Chrome are specific to Google and not intended for use in derived products. In the API Console (http://developers.google.com/console) you may be able to purchase additional quota for some of the APIs listed above. For APIs that do not have a “Pricing” link, additional quota is not available for purchase.
Polyfilling chrome.identity API in Your Chromium Derivative
The default Chromium chrome.identity.getAuthToken API that extensions may call to obtain auth tokens will fail outside of Google Chrome as the implementation uses restricted APIs.
A prototype CL for Chromium embedders might use to replace the implementation with one not dependent upon private APIs can be found attached to this post.