Java quickstart

Quickstarts explain how to set up and run an app that calls a Google Workspace API.

Google Workspace quickstarts use the API client libraries to handle some details of the authentication and authorization flow. We recommend that you use the client libraries for your own apps. This quickstart uses a simplified authentication approach that is appropriate for a testing environment. For a production environment, we recommend learning about authentication and authorization before choosing the access credentials that are appropriate for your app.

Create a Java command-line application that makes requests to the Google Keep API.


  • Set up your environment.
  • Set up the sample.
  • Run the sample.


  • A Google account with Google Keep enabled.

Set up your environment

To complete this quickstart, set up your environment.

Enable the API

Before using Google APIs, you need to turn them on in a Google Cloud project. You can turn on one or more APIs in a single Google Cloud project.
  • In the Google Cloud console, enable the Google Keep API.

    Enable the API

Create a service account

A service account is a special kind of account used by an application, rather than a person. You can use a service account to access data or perform actions by the robot account, or to access data on behalf of Google Workspace or Cloud Identity users. For more information, see Understanding service accounts.
  1. In the Google Cloud console, go to Menu > IAM & Admin > Service Accounts.

    Go to Service Accounts

  2. Click Create service account.
  3. Fill in the service account details, then click Create and continue.
  4. Optional: Assign roles to your service account to grant access to your Google Cloud project's resources. For more details, refer to Granting, changing, and revoking access to resources.
  5. Click Continue.
  6. Optional: Enter users or groups that can manage and perform actions with this service account. For more details, refer to Managing service account impersonation.
  7. Click Done. Make a note of the email address for the service account.

Create credentials for a service account

You need to obtain credentials in the form of a public/private key pair. These credentials are used by your code to authorize service account actions within your app.
  1. In the Google Cloud console, go to Menu > IAM & Admin > Service Accounts.

    Go to Service Accounts

  2. Select your service account.
  3. Click Keys > Add key > Create new key.
  4. Select JSON, then click Create.

    Your new public/private key pair is generated and downloaded to your machine as a new file. Save the downloaded JSON file as credentials.json in your working directory. This file is the only copy of this key. For information about how to store your key securely, see Managing service account keys.

  5. Click Close.

Set up domain-wide delegation for a service account

To call APIs on behalf of users in a Google Workspace organization, your service account needs to be granted domain-wide delegation of authority in the Google Workspace Admin console by a super administrator account. For more information, see Delegating domain-wide authority to a service account.
  1. In the Google Cloud console, go to Menu > IAM & Admin > Service Accounts.

    Go to Service Accounts

  2. Select your service account.
  3. Click Show advanced settings.
  4. Under "Domain-wide delegation," find your service account's "Client ID." Click Copy to copy the client ID value to your clipboard.
  5. If you have super administrator access to the relevant Google Workspace account, click View Google Workspace Admin Console, then sign in using a super administrator user account and continue following these steps.

    If you don't have super administrator access to the relevant Google Workspace account, contact a super administrator for that account and send them your service account's Client ID and list of OAuth Scopes so they can complete the following steps in the Admin console.

    1. In the Google Admin console, go to Menu > Security > Access and data control > API controls.

      Go to API controls

    2. Click Manage Domain Wide Delegation.
    3. Click Add new.
    4. In the "Client ID" field, paste the client ID that you previously copied.
    5. In the "OAuth Scopes" field, enter a comma-delimited list of the scopes required by your application. This is the same set of scopes you defined when configuring the OAuth consent screen.
    6. Click Authorize.

Prepare the workspace

  1. In your working directory, create a new project structure:

    gradle init --type basic
    mkdir -p src/main/java src/main/resources 
  2. In the src/main/resources/ directory, copy the credentials.json file that you previously downloaded.

  3. Open the default build.gradle file and replace its contents with the following code:

      apply plugin: 'java'
    apply plugin: 'application'
    mainClassName = 'KeepQuickstart'
    sourceCompatibility = 1.8
    targetCompatibility = 1.8
    version = '1.0'
    sourceCompatibility = 1.8
    repositories {
    dependencies {
        implementation ''
        implementation ''
        implementation ''

Set up the sample

  1. In the src/main/java/ directory, create a new Java file with a name that matches the mainClassName value in your build.gradle file.

  2. Include the following code in your new Java file:

    {% include "keep/api/_localvars.html" %}
    import java.util.Collections;
    import java.util.List;
    public class KeepQuickstart {
      private static final String APPLICATION_NAME = "Google Keep API Java Quickstart";
      private static final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
       * Global instance of the scopes required by this quickstart. If modifying these scopes, delete
       * your previously saved tokens/ folder.
      private static final List<String> KEEP_SCOPES =
      private static final String CREDENTIALS_FILE_PATH = "/credentials.json";
       * Creates an authorized Credential object.
       * @param HTTP_TRANSPORT The network HTTP Transport.
       * @return An authorized Credential object.
       * @throws IOException
      private static Credential getOAuthCredentials(final NetHttpTransport HTTP_TRANSPORT)
          throws IOException {
        // Load client secrets.
        InputStream in = KeepQuickstart.class.getResourceAsStream(CREDENTIALS_FILE_PATH);
        if (in == null) {
          throw new FileNotFoundException("Resource not found: " + CREDENTIALS_FILE_PATH);
        GoogleClientSecrets clientSecrets =
            GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
        // Build flow and trigger user authorization request.
        GoogleAuthorizationCodeFlow flow =
            new GoogleAuthorizationCodeFlow.Builder(
                    HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, KEEP_SCOPES)
                .setDataStoreFactory(new FileDataStoreFactory(new"tokens")))
        LocalServerReceiver receiver = new LocalServerReceiver.Builder().setPort(8888).build();
        return new AuthorizationCodeInstalledApp(flow, receiver).authorize("user");
      public static void main(String... args) throws IOException, GeneralSecurityException {
        // Build a new authorized API client service.
        final NetHttpTransport HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
        Keep service =
            new Keep.Builder(HTTP_TRANSPORT, JSON_FACTORY, getOAuthCredentials(HTTP_TRANSPORT))
        Section noteBody =
            new Section().setText(new TextContent().setText("Finish preparations by tomorrow!"));
        Note newNote = new Note().setTitle("Customer call next week").setBody(noteBody);
        // Creates a new text note.

Run the sample

  1. Run the sample:

    gradle run
  2. The first time you run the sample, it prompts you to authorize access:

    1. If you're not already signed in to your Google Account, you're prompted to sign in. If you're signed in to multiple accounts, select one account to use for authorization.
    2. Click Accept.

    Authorization information is stored in the file system, so the next time you run the sample code, you aren't prompted for authorization.

You have successfully created your first Java application that makes requests to the Google Keep API.

Next steps