The Developer API gives access to the metadata available for all families served by Google Fonts. It allows
the creation of dynamic apps by being able to query Google Fonts and get an accurate list of the families currently available.
The REST API gives access to the data in the JSON format and includes for each family a list of the styles available as well as
a list of scripts (called subsets in Google Fonts) supported. The API gives an option to sort the list of families
alphabetically, by date added, by number of styles, by trend or by popularity. More data might be added over time.
In the sidebar on the left, select APIs & auth.
In the list of APIs, make sure the status is ON for the Google Fonts Developer API.
In the sidebar on the left, select Credentials.
The API supports two types of credentials.
Create whichever credentials are appropriate for your project:
OAuth 2.0: Your application must send an OAuth 2.0 token with any request that accesses private user data. Your application sends a client ID and, possibly, a client secret to obtain a token. You can generate OAuth 2.0 credentials for web applications, service accounts, or installed applications.
A web application is accessed by web browsers over a network.
Applications that use JavaScript to access the Google Fonts Developer API must specify authorized JavaScript origins.
The origins identify the domains from which your application can send API requests.
Applications that use languages and frameworks like PHP, Java, Python, Ruby, and .NET must specify authorized redirect URIs. The redirect URIs are the endpoints to which the OAuth 2.0 server can send responses.
A service account is used in an application that calls APIs on behalf of an application that does not access user information. This type of application needs to prove its own identity, but it does not need a user to authorize requests. The Google Accounts documentation contains more details about service accounts.
An installed application runs on a desktop computer or handheld device. You can create OAuth 2.0 credentials for several types of installed applications:
Android: You need to specify your Android app's package name and SHA1 fingerprint.
Show instructions
In the Package name field, enter your Android's app's package name.
In a terminal, run the Keytool utility to get the SHA1 fingerprint for your digitally signed .apk file's public certificate.
The Keytool prints the fingerprint to the shell. For example:
$ keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v
Enter keystore password: Type "android" if using debug.keystore
Alias name: androiddebugkey
Creation date: Aug 27, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 503bd581
Valid from: Mon Aug 27 13:16:01 PDT 2012 until: Wed Aug 20 13:16:01 PDT 2042
Certificate fingerprints:
MD5: 1B:2B:2D:37:E1:CE:06:8B:A0:F0:73:05:3C:A3:63:DD
SHA1: D8:AA:43:97:59:EE:C5:95:26:6A:07:EE:1C:37:8E:F4:F0:C8:05:C8
SHA256: F3:6F:98:51:9A:DF:C3:15:4E:48:4B:0F:91:E3:3C:6A:A0:97:DC:0A:3F:B2:D2:E1:FE:23:57:F5:EB:AC:13:30
Signature algorithm name: SHA1withRSA
Version: 3
Copy the SHA1 fingerprint, which is highlighted in the example above.
Paste the SHA1 fingerprint into the form.
Select Create Client ID.
Chrome application: You need to specify the Application ID for your Chrome app or extension. Use the Google Chrome Identity API to obtain that ID.
iOS: You need to specify the app's Bundle ID and App Store ID.
Show instructions
The application's Bundle ID is the bundle identifier as listed in the app's .plist file, for example com.example.myapp.
The application's App Store ID is in the app's iTunes URL so long as the app was published in the Apple iTunes App Store. For example, if your app's URL is http://itunes.apple.com/us/app/google+/id447119634, then its App Store ID is 447119634.
Other: The Developers Console does not require any additional information to create OAuth 2.0 credentials for other types of installed applications.
API keys:
A request that does not provide an OAuth 2.0 token must send an API key.
The key identifies your project and provides API access, quota, and reports.
If the key type you need does not already exist, create an API key by selecting Create New Key and then selecting the appropriate key type. Then enter the additional data required for that key type.
Use a server key if your application runs on a server. Do not use this key outside of your server code. For example, do not embed it in a web page. To prevent quota theft, restrict your key so that requests are only allowed from your servers' source IP addresses.
Use a browser key if your application runs on a client, such as a web browser. To prevent your key from being used on unauthorized sites, only allow referrals from domains you administer.
Use an Android key if your application runs on Android devices. To create an Android key, you need to specify the SHA1 fingerprints and package names of the application using that key.
Show instructions
In a terminal, run the Keytool utility to get the SHA1 fingerprint for your digitally signed .apk file's public certificate.
The Keytool prints the fingerprint to the shell. For example:
$ keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v
Enter keystore password: Type "android" if using debug.keystore
Alias name: androiddebugkey
Creation date: Aug 27, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 503bd581
Valid from: Mon Aug 27 13:16:01 PDT 2012 until: Wed Aug 20 13:16:01 PDT 2042
Certificate fingerprints:
MD5: 1B:2B:2D:37:E1:CE:06:8B:A0:F0:73:05:3C:A3:63:DD
SHA1: D8:AA:43:97:59:EE:C5:95:26:6A:07:EE:1C:37:8E:F4:F0:C8:05:C8
SHA256: F3:6F:98:51:9A:DF:C3:15:4E:48:4B:0F:91:E3:3C:6A:A0:97:DC:0A:3F:B2:D2:E1:FE:23:57:F5:EB:AC:13:30
Signature algorithm name: SHA1withRSA
Version: 3
Copy the SHA1 fingerprint, which is highlighted in the example above.
Paste the SHA1 fingerprint into the form.
After the fingerprint, type a semicolon and then enter your Android's app's package name.
Select Create.
Use an iOS key if your application runs on iOS devices. Google verifies that each request originates from an iOS application that matches one of the bundle identifiers you specify. An app's .plist file contains its bundle identifier. Example: com.example.MyApp
After you have an API key, your application can append the query parameter key=yourAPIKey to all request URLs.
The API key is safe for embedding in URLs; it doesn't need any encoding.
Details
The JSON response (refer to sample above) is composed of an array named "items" which contains objects with information about each font family.
A family object is composed of 4 fields:
kind: The kind of object, a webfont object
family: The name of the family
subsets: A list of scripts supported by the family
variants: The different styles available for the family
version: The font family version.
lastModified: The date (format "yyyy-MM-dd") the font family was modified for the last time.
files: The font family files (with all supported scripts) for each one of the available variants.
By combining the information for each family it is easy to create a Fonts API request. For example assuming we
have a reference to the family object for Anonymous Pro:
[...]
var apiUrl = [];
apiUrl.push('//fonts.googleapis.com/css?family=');
apiUrl.push(anonymousPro.family.replace(/ /g, '+'));
if (contains('italic', anonymousPro.variants)) {
apiUrl.push(':');
apiUrl.push('italic');
}
if (contains('greek', anonymousPro.subsets)) {
apiUrl.push('&subset=');
apiUrl.push('greek');
}
// url: '//fonts.googleapis.com/css?family=Anonymous+Pro:italic&subset=greek'
var url = apiUrl.join('');
[...]
The list of families is returned in no particular order by default. It is possible however to sort
the list using the sort parameter:
