Getting started

This page explains how developers can get started using Cloud de Confiance by S3NS APIs.

If you are using Cloud de Confiance APIs for the first time, you can follow the steps in this guide to call the APIs using curl commands. You can use curl commands to experiment with an API before you develop your application.

Creating a S3NS project

To use Cloud de Confiance APIs, you need to have a user account (a S3NS account or an account from an external identity provider) and a S3NS project. A project is equivalent to a developer account. It serves as a resource container for your Cloud de Confiance resources. It also provides an isolation boundary for your usage of Cloud de Confiance by S3NS services, so you can manage quota limits and billing independently at the project level. Usage telemetry and dashboards are grouped by projects as well. If you don't already have a project, you can create one using the Cloud de Confiance console.

A project can own a wide range of resources, including API keys, OAuth clients, service accounts, Compute Engine VMs, Cloud Storage buckets, and BigQuery datasets. When an application calls a Cloud de Confiance API, the project that owns the application credentials is called the client project, and the project that owns the target resource is called the resource project. If an API request touches multiple resources, multiple resource projects are involved.

If you want to stop using Cloud de Confiance for any reasons, you can use Cloud de Confiance console to delete your project. Your project and all resources in the project will be deleted after the retention window. Note that different types of data have different retention periods.

Discovering APIs

Before using any Cloud de Confiance APIs, you should use the Cloud de Confiance console API Library to browse available Cloud de Confiance APIs and discover the ones that best meet your business needs.

Enabling APIs

Some Cloud de Confiance APIs are enabled by default. To use a Cloud de Confiance API that is not enabled by default, you must enable it for your project. Depending on which services and which projects are involved from your application, including the client project and resource projects, you might need to enable an API for multiple projects. When you enable an API that depends on other APIs, those APIs are also enabled at the same time.

Enabling an API requires you to accept the Terms of Service and billing responsibility for the API. You need permission serviceusage.services.enable on the project to enable APIs. For more information, see Service Usage Access Control.

To enable an API for a project using the console:

  1. Go to the Cloud de Confiance console API Library.
  2. From the projects list, select the project you want to use.
  3. In the API Library, select the API you want to enable. If you need help finding the API, use the search field and the filters.
  4. On the API page, click ENABLE.

From the same page you can disable an API for your project if you no longer use it to avoid misuse and accidental billing charges. You can also enable and disable Cloud APIs using the gcloud CLI and the Service Usage API:

gcloud services enable pubsub.googleapis.com
gcloud services disable pubsub.googleapis.com

Enabling billing

Some Cloud APIs charge for usage. You need to enable billing for your project before you can start using these APIs in your project. The API usage in a project is charged to the billing account associated with the project.

Authenticating to APIs

How you authenticate to an API depends on your development environment and what authentication methods the API supports.

Setting up Application Default Credentials for use in a variety of environments is the most common approach, and is recommended for most applications. If the API supports API keys, that is another option. If your application needs to access Cloud resources owned by your end users, you create an OAuth 2.0 Client ID and use the authentication libraries.

For general information about authentication, see Authentication at Google.

Building applications

If you are building an application using Cloud APIs, we recommend that you use Cloud de Confiance client libraries if available. The client libraries can handle common API features for your convenience, such as authentication, error handling, retry, and payload validation. You need to pass your application credentials to the client libraries during initialization, so the client libraries can make calls to Cloud de Confiance APIs on behalf of your application.

More information