# Retrieve a Bearer token from Google Cloud ### Step 1 To start this guide, you'll need a Service Account JSON file from Google Cloud. If you don't have it yet, please take a look at this guide from Google to set everything up in Google Cloud and retrieve the file. {% embed url="" %} ### Step 2 Log in to Appfarm Create. Go to Secrets in the left menu, and add the following secrets to the Secret Store. * **Google API Client Email:** Secret type should be string. Value be found in the Service Account JSON file as `client_email`. The email should look something like this: \ `[name]@[project_id].iam.gserviceaccount.com` * **Google SA Private Key:** Secret type should be a string. Value can be found in the Service Account JSON file as `private_key`. Include both the beginning and end statements. * **Google API Token:** Secret has to be Environment Specific, and secret type should be string. Leave all values empty. ### Step 3 Go to Appfarm Create -> Services, and select the service you want to use (or create a new one). Then, create a new service endpoint, which will be used to fetch the Google API Token. Give the endpoint a name and a readable ID. Go down to "Process action", and click the value field to create a new action. You may name the Action "GetGoogleAPIToken". ### Step 4 Go to Sevice Data -> Service Variables and add the following properties (both should have Data Type string: * Bearer token * JWT ### Step 5 Go back to Actions -> GetGoogleAPIToken, and add a new Action Node "Update Object". Set Data Source to "Service Variables", and data bind the Runtime Property JWT to a function. Inside the Function Editor, add the two secrets "Google API Client Email" and "Google SA Private Key" as Function Parameters, as well as the library "jsonwebtoken". Parameter names should be `googleAPIClientEmail`, `googleSAPrivateKey` and `jsonwebtoken` respectively. Then, add the following code: ``` const now = new Date().getTime() / 1000; const oneHour = 60 * 60; const expireTime = now + oneHour; const claimSet = { iss: googleAPIClientEmail, iat: now, sub: googleAPIClientEmail, exp: expireTime, scope: "https://www.googleapis.com/auth/bigquery", aud: "https://oauth2.googleapis.com/token" } const privateKey = googleSAPrivateKey; return jsonwebtoken.sign(claimSet, privateKey, {algorithm: 'RS256'}) ``` Click "OK" to save the changes. ### Step 6 Add a new Action Node "Web Request". Set the following properties: * **URL:** * **Query Parameters (key, value):** * `grant_type`, `urn:ietf:params:oauth:grant-type:jwt-bearer` * `assertion`, data-bind to `Service Variables.JWT` * **Method:** POST * **Body Type:** Raw In the Result Mapping, set Data Source to `Service Variables`. In the value field on the Runtime Property "Bearer token", write `access_token`. ### Step 7 Add a new Action Node "Update Secret". Set "Secret" to Google API Token, and Data Bind the value to `Service Variables.Bearer token`. ### Run the service Now everything is set up to retrieve and save the Bearer token from Google Cloud. You may now run the service. If everything is set up correctly, the token will be added as a value in your secret "Google API Token". --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.appfarm.io/how-to/integrations/retrieve-bearer-token-from-google-cloud.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.