This guide provides all required setup steps to start using Vision API.
About the GCP Console
The Google Cloud Console is a web UI used to provision, configure, manage, and monitor systems that use GCP products. You use the Cloud Console to set up and manage Vision API resources.
Create a project
To use services provided by GCP, you must create a project.
A project organizes all your GCP resources. A project consists of the following components:
- a set of collaborators
- enabled APIs (and other resources)
- monitoring tools
- billing information
- authentication and access controls
You can create one project, or you can create multiple projects. You can use your projects to organize your GCP resources in a resource hierarchy. For more information on projects, see the Resource Manager documentation.
In the Cloud Console, on the project selector page, select or create a Google Cloud project.
Go to the project selector page
Enable billing
A billing account defines who pays for a given set of resources. Billing accounts can be linked to one or more projects. Project usage is charged to the linked billing account. You configure billing when you create a project. For more information, see the Billing documentation.
Make sure that billing is enabled for your Google Cloud project. Learn how to confirm billing is enabled for your project.
Enable the API
You must enable the Cloud Vision API for your project. For more information on enabling APIs, see the Service Usage documentation.
Enable the Cloud Vision API.Set up authentication
Any client application that uses the API must be authenticated and granted access to the requested resources. This section describes important authentication concepts and provides steps for setting it up. For more information, see the GCP authentication overview.
About service accounts
There are multiple options for authentication, but it is recommended that you use service accounts for authentication and access control. A service account provides credentials for applications, as opposed to end-users. Projects own their service accounts. You can create many service accounts for a project. For more information, see Service accounts.
About roles
When calling an API, GCP requires the calling identity (any applicable person, entity, or process and their defined attributes) to have the appropriate permissions. You can grant permissions by granting roles to a service account. For more information, see the Cloud Identity and Access Management documentation.
For the purpose of trying the Vision API, you can use the Project > Owner role in steps below. The Project > Owner role grants the service account full permission to resources in your project. If your service account does not require full permissions, you specify a more restrictive role using the Cloud Console. For a list of roles and permissions, see IAM permissions reference. For information on managing permissions using IAM roles, see granting roles to service accounts.
About service account keys
Service accounts are associated with one or more public/private key pairs. When you create a new key pair, you download the private key. The Cloud SDK uses your private key to generate credentials when calling the API. You are responsible for security of the private key and other management operations, such as key rotation.
Create a service account and download the private key file
Set up authentication:-
In the Cloud Console, go to the Create service account key page.
Go to the Create Service Account Key page - From the Service account list, select New service account.
- In the Service account name field, enter a name.
From the Role list, select Project > Owner.
Note: The Role field authorizes your service account to access resources. You can view and change this field later by using the Cloud Console. If you are developing a production app, specify more granular permissions than Project > Owner. For more information, see granting roles to service accounts.- Click Create. A JSON file that contains your key downloads to your computer.
Use the service account key file in your environment
Provide authentication credentials to your application code by setting the environment variable GOOGLE_APPLICATION_CREDENTIALS. Replace [PATH] with the file path of the JSON file that contains your service account key, and [FILE_NAME] with the filename. This variable only applies to your current shell session, so if you open a new session, set the variable again.
Linux or macOS
export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
For example:
export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/[FILE_NAME].json"
Windows
With PowerShell:
$env:GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
For example:
$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\[FILE_NAME].json"
With command prompt:
set GOOGLE_APPLICATION_CREDENTIALS=[PATH]
Install and initialize the Cloud SDK
If you plan to use the Vision API,
you must install and initialize the Cloud SDK.
Cloud SDK is a set of tools that you can use
to manage resources and applications hosted on GCP.
This includes the gcloud command line tool.
The following link provides instructions:
Test the SDK and authentication
If you have set up authentication in previous steps,
you can use the gcloud tool to test your authentication environment.
Execute the following command and verify that
no error occurs and that credentials are returned:
gcloud auth application-default print-access-token
That command is used by all Vision API command line REST samples to authenticate API calls.
Install the Vision API client library
You have three options for calling the Vision API:
- Google supported client libraries (recommended)
- REST
- gRPC
The client libraries are available for several popular languages. For information on installing the client libraries, see Cloud Vision Client Libraries.
Need help? Visit our 