Learn how to use the Cloud Anchor API in your own apps.
Prerequisites
Make sure that you understand fundamental AR concepts and how to configure an ARCore session before proceeding.
If you are new to Cloud Anchors:
- Make sure that you understand the process used to host and resolve a Cloud Anchor.
- Read through the quickstart for system requirements, setup, and installation instructions.
- Check out the ARCore Extensions for AR Foundation sample app.
Enable Cloud Anchors in your app
Cloud Anchors are disabled by default in ARCore. The sample app ships with Cloud Anchors enabled for demo purposes only. You can enable Cloud Anchor capabilities in your session configuration, and enable the ARCore Cloud Anchor API for your Google Cloud Platform project.
Host a Cloud Anchor with persistence
Prior to ARCore v1.20, Cloud
Anchors could only be resolved for up to 24 hours after they were first hosted.
With persistent Cloud Anchors, you can now use
ARAnchorManager.HostCloudAnchor(ARAnchor, int)
to host a Cloud Anchor with a time to live (TTL) between one and 365 days. You
can also extend the lifetime of the anchor after it is already hosted using the
Cloud Anchor Management API.
// ttlDays: The lifetime of the anchor in days. Must be positive. The
// maximum allowed value is 1 if using an API Key to authenticate with the
// ARCore Cloud Anchor Service, otherwise the maximum allowed value is 365.
ARCloudAnchor ARAnchorManager.HostCloudAnchor(ARAnchor anchor, int ttlDays)
Authentication
Your app needs a form of authentication to use Cloud Anchors. When targeting iOS, ARCore Extensions for Unity offers the Authentication token and API Key options for authentication. Cloud Anchors with a TTL greater than one day must use a token for authentication.
The default authentication strategy for new Unity projects built with ARCore
v1.24 or later is DoNotUse. This is to prevent apps from being built with
unnecessary libraries. If your app uses Cloud Anchors and is built using ARCore
v1.24 or later, you must manually enable authentication in the Unity project
settings.
Token (signed JWT) authentication
The authentication token option can host a Cloud Anchor for up to 365 days. Cloud Anchors with a TTL greater than one day must use this method. In order to generate tokens for iOS, you must have an endpoint on your server that satisfies the following requirements:
Your own authentication mechanism must protect the endpoint.
The endpoint must generate a new token every time, such that:
- Each user gets a unique token.
- Tokens don’t immediately expire.
Currently, the only supported token type is a signed JWT (that is, a JSON Web token signed by a Google Service account). See the official JWT website for an introduction to JWTs.
Create a service account and signing key
Follow these steps to create a Google Service account and signing key:
In the navigation menu of the Google Cloud Platform console, go to APIs & Services > Credentials.
Select the desired project, then click Create Credentials > Service account.
Under Service account details, type a name for the new account, then click Create.
On the Service account permissions page, go to the Select a role dropdown. Select Service Accounts > Service Account Token Creator, then click Continue.
On the Grant users access to this service account page, click Done. This takes you back to APIs & Services > Credentials.
On the Credentials page, scroll down to the Service Accounts section and click the name of the account you just created.
On the Service account details page, scroll down to the Keys section and select Add Key > Create new key.
Select JSON as the key type and click Create. This downloads a JSON file containing the private key to your machine. Store the downloaded JSON key file in a secure location.
Create tokens on your server
To create new tokens (JWTs) on your server, use the standard JWT libraries and the JSON file that you securely downloaded from your new service account.
Create tokens on your development machine
To generate JWTs on your development machine, use the following oauth2l command:
oauth2l fetch --jwt --json $KEYFILE $AUDIENCE --cache ""
Specifying an empty cache location using the --cache flag is necessary to
ensure that a different token is produced each time. Be sure to trim the
resulting string because extra spaces or newline characters will cause ARCore to
reject the token.
Sign the token
You must use the RS256 algorithm and the following claims to sign the JWT:
iss— The service account email address.sub— The service account email address.iat— The Unix time when the token was generated, in seconds.exp—iat+3600(1 hour). The Unix time when the token expires, in seconds.aud— The audience. The correct ‘audience’ for the Cloud Anchor API ishttps://arcorecloudanchor.googleapis.com/.
Non-standard claims are not required in the JWT payload, though you may find the
uid claim useful for identifying the corresponding user.
If you use a different approach to generate your JWTs, such as using a Google API in a Google-managed environment, make sure to sign your JWTs with the claims in this section. Above all, make sure that the audience is correct.
Pass a token into the ARCore session
When you obtain a token, pass it into your ARCore session using
ARAnchorManager.SetAuthToken():
// Designate the token to use when authenticating with the ARCore Cloud Anchor service
// on the iOS platform. This should be called each time the application's token is refreshed.
ARAnchorManager.SetAuthToken(string authToken);
Note the following when you pass a token into the session:
If you do not pass in a valid token before attempting to host or resolve an anchor, you will get authentication errors.
ARCore ignores tokens that contain spaces or special characters. ARCore also ignores all tokens if you create your session with a valid API key. If you previously used an API key and no longer need it, we recommend deleting it in the Google Developers Console and removing it from your app after migrating users to the newest version.
Tokens typically expire after one hour. If there is a possibility that your token may expire while in use, obtain a new token and pass it to the API.
API key authentication
The API key authentication option can host a Cloud Anchor for up to one day.
Follow these steps to obtain and add an API key to your project:
See the Google Cloud Platform Console Help Center to obtain an API key.
Add the new API key to your project:
- In Unity, go to Edit > Project Settings > XR > ARCore Extensions.
- Add your API key to the Cloud Anchor API Keys field.
Mapping quality
FeatureMapQuality
indicates the quality of feature points seen by ARCore in the preceding few
seconds from a given camera pose. Cloud Anchors hosted using higher quality
features generally result in more accurately resolved poses. If feature map
quality cannot be estimated for a given pose,
EstimateFeatureMapQualityForHosting
logs a warning message and returns FeatureMapQuality.Insufficient. This state
indicates that ARCore will likely have more difficulty resolving the Cloud
Anchor. Encourage the user to move the device, so that the desired position of
the Cloud Anchor to be hosted is viewed from different angles.
FeatureMapQuality quality = ARAnchorManager.EstimateFeatureMapQualityForHosting(pose)
public enum FeatureMapQuality
{
/// The quality of feature points identified from the pose in the preceding
/// few seconds is low. This state indicates that ARCore will likely have
/// more difficulty resolving the Cloud Anchor. Encourage the user to move the
/// device, so that the desired position of the Cloud Anchor to be hosted is
/// viewed from different angles.
Insufficient = 0,
/// The quality of feature points identified from the pose in the preceding
/// few seconds is likely sufficient for ARCore to successfully resolve
/// a Cloud Anchor, although the accuracy of the resolved pose will likely be
/// reduced. Encourage the user to move the device, so that the desired position of
/// the Cloud Anchor they wish to host can be viewed from different angles.
Sufficient = 1,
/// The quality of feature points identified from the pose in the preceding
/// few seconds is likely sufficient for ARCore to successfully resolve
/// a Cloud Anchor with a high degree of accuracy.
Good = 2,
}
API quotas
The ARCore Cloud Anchor API has the following quotas for request bandwidth:
| Quota type | Maximum | Duration | Applies to |
|---|---|---|---|
| Number of anchors | Unlimited | N/A | Project |
| Anchor host requests | 30 | minute | IP address and project |
| Anchor resolve requests | 300 | minute | IP address and project |
Performance considerations
Memory usage increases when you enable the Cloud Anchor API. Expect the device’s battery usage to rise due to higher network usage and CPU utilization.