How do I allow a team member to use my Google Cloud Speech-to-Text API account?

Question

I enabled the Google Cloud Speech-to-Text API, but I would like to allow a team member to use it on my account.

I went into IAM to add a new user, but I don't see any roles related to Cloud Speech-to-Text API. What IAM role(s) do I need to select to allow the new team member access to the API?

question from:https://stackoverflow.com/questions/65713601/how-do-i-allow-a-team-member-to-use-my-google-cloud-speech-to-text-api-account

Answer 1

Text-to-speech API is a special (old?) API at Google and doesn't require role. The API URL also doesn't require project definition. So, you need an account linked to the project to be able to reach the Speech-to-text API.

For this, the "service-account" account is the account to use. So, the users need to use a service account to reach the API. To prevent the service account key file generation (source of potential security issue), prefer the impersonation.

With the gcloud cli you can do this to generate a valid access-token on behalf of the service account.

gcloud auth print-access-token --impersonate-service-account=<the service account to impersonate>

So, in your API call, from your computer (I mean with your own user credential) you can do like this

curl -d @inputdata -H "content-type: application/json" 
  -H "Authorization: Bearer $(gcloud auth print-access-token --impersonate-service-account=<the service account to impersonate>)" 
  https://speech.googleapis.com/v1/speech:recognize