Configuring API access to Google BigQuery
Google BigQuery is a fully managed, serverless data warehousing service provided by Google Cloud for data analytics, machine learning, and other data management tasks. The BigQuery interface enables users to explore their data and derive valuable business insights with familiar tools such as SQL for a combination of performance, simplicity, and flexibility.
Quite often we want to access our data in BigQuery programmatically from a server or program to support our data dashboards, reports, and analyses. In just a few quick and easy steps we’re able to enable the BigQuery API and generate the necessary credentials to access our data from our external programs such as Python or R.
Note: This article assumes you already have a Google Cloud project setup with an active BigQuery instance. See this article for more information on setting up a project.
Enabling the BigQuery API
Before we create our service account, let’s go ahead and enable the BigQuery API to let Google Cloud know we want to allow an authorized external program to access our BigQuery data.
To enable the BigQuery API:
- Open Navigation menu
- Hover over APIs & Services
- Select Enabled APIs & services
- Click ENABLE APIS AND SERVICES
- Search for BigQuery and select BigQuery API
- Click Enable
Optional: to track enabled APIs and their usage, click Dashboard under APIs & Services for a clean graphical view. See here to explore the APIs Google has to offer.
And that’s it! We’re now ready to move on to creating our service account.
Creating a service account
To give our programs and/or applications access to our Google Cloud resources, we can create a service account to enable them with secure, authorized access to perform actions on our behalf.
For this example (read-only query access) we’ll be creating a service account with the following roles/permissions:
- BigQuery Data Viewer: read data and metadata
- BigQuery User: ability to run jobs such as queries
Feel free to explore the other predefined BigQuery IAM roles as needed to suit your usecase
To create a service account with the aforementioned permissions:
- Open Navigation menu
- Hover over IAM & Admin
- Select Service Accounts
- Click CREATE SERVICE ACCOUNT
- Type a name (and optionally an ID and description) for the account
- Click CREATE AND CONTINUE
- Click the Select a role dropdown menu
- Search for BigQuery Data Viewer and click
- Click ADD ANOTHER ROLE
- Click the Select a role dropdown menu
- Search for BigQuery User and click
- Click Continue
- Click Service account users role and enter the email of users you want to assign this service account
- Click Done
Now that we’ve created a service account, all we have to do is generate the necessary credentials and access our data!
Generating credentials for the service account
For the purpose of this tutorial, we’re going to create a set of JSON credentials
To give the service account the necessary permissions:
- Click under Actions for the service account you just created
- Click Manage keys
- Select the ADD KEY dropdown
- Click Create new key
- Click CREATE
This will now initiate a download for the JSON credentials and you’re now ready to access your BigQuery data programatically!
Drop us a line
Don’t know where to get started? Looking for one of our software engineers to lend a helping hand? Feel free to contact us!
