Search code examples
google-cloud-platformgoogle-speech-apigoogle-speech-to-text-api

How to access Google Cloud Speech-to-text v2 API through HTTP/REST

I received a permission error when attempting to call Google speech-to-text v2 API even though I made sure to authenticate with a service account beforehand.

API Call Response:

{
  "error": {
    "code": 403,
    "message": "Permission 'speech.recognizers.recognize' denied on resource (or it may not exist).",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "IAM_PERMISSION_DENIED",
        "domain": "iam.googleapis.com",
        "metadata": {
          "permission": "speech.recognizers.recognize"
        }
      }
    ]
  }
}

I've gone through the docs and done the following:

  • Created a service account
  • Gave it the Cloud Speech Client IAM role
  • Created a service account key
  • Created a recognizer
  • Authenticated with the Google's Authorization Server using JWT to get an access token
  • Attempted to call Google's Speech-to-text v2 API (Resulted in a permissions error)
API Call Endpoint:
"https://{Location}-speech.googleapis.com/v2/projects/{Project ID}/locations/{Recognizer Location}/recognizers/{Recognizer Name}:recognize?access_token={Access Token}"

API Call Headers:
["Authorization: Bearer", "Content-Type: audio/wav", "accept: */*"]

I was expecting to have the permission to call the API since I already authenticated using a service account with the necessary roles/permissions with the necessary scope.

More Info:

  • The program I'm attempting to create works by allowing users to record audio, send that audio to Google, have Google transcribe the audio to text, then do stuff with the text
  • I've successfully called the v1 speech-to-text API, I'm currently migrating to v2
  • I used this doc as reference to implement the authentication
  • I used this other doc as reference to call the API
  • I did not delegate domain-wide authority to the service account
  • During authentication, I did not provide a "sub" field in the JWT claim
  • When receiving the authentication response, there was no scope provided even though one was provided when requesting to authenticate and the docs mentioned it in the sample response; only the access token, token type, and expiry were provided
Solution

  • You also have to specify the access token in the headers: "Authorization: Bearer {access token}"