This guide provides all required setup steps to start using Document AI.
About the Google Cloud console
The <a href="https://console.cloud.google.com/" target="console" track-type="inline link" referrerpolicy="no-referrer-when-downgrade">Google Cloud console</a> is a web UI used to provision, configure, manage, and monitor systems that use Google Cloud products. You use the Google Cloud console to set up and manage Document AI resources.
Create a project
To use services provided by Google Cloud, you must create a project, which organizes all your Google Cloud resources and consists of the following components:
- A set of collaborators
- Enabled APIs (and other resources)
- Monitoring tools
- Billing information
- Authentication and access controls
- Document AI processors
You can create one project, or you can create multiple projects. You can use your projects to organize your Google Cloud resources in a resource hierarchy. For more information on projects, see the Resource Manager documentation.
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Enable the API
You must enable the Document AI API for your project. For more information on enabling APIs, see the Service Usage documentation.
Enable the Document AI API.
Enable billing
A billing account defines who pays for a given set of resources. Billing accounts can be linked to one or more projects. Project usage is charged to the linked billing account. You configure billing when you create a project. For more information, see the Billing documentation.
Make sure that billing is enabled for your Google Cloud project.
Locations
Document AI offers you some control over where the resources for your project are stored and processed. In particular, when you create a processor, you must choose a location to store and process your data. By default Document AI stores and processes resources in a US location. If you choose the European Union location, your data and processes are only stored in the European Union.
Setting location using API
You must specify your processor's location whenever you send a processing
request using the API. For example, if your processor is configured to store and
process your data in the European Union, then use the URI
eu-documentai.googleapis.com
as follows:
Process |
|
batchProcess |
|
Install the Document AI API client library
You have three options for calling the Document AI API:
- Google supported client libraries (recommended)
- REST
- gRPC
The client libraries are available for several popular languages. For information on installing the client libraries, see Document AI API client libraries.
Install and initialize the Google Cloud CLI
The gcloud CLI provides a set of tools that you can use to manage resources and applications hosted on Google Cloud.
The following link provides instructions:
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
Set up authentication
Any client application that uses the API must be authenticated and granted access to the requested resources. How you set up authentication depends on whether you are working in a local development environment or setting up a production environment. For more information, see Set up Application Default Credentials.
Select the tabs for how you plan to access the API:
gcloud
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
Client libraries
To use client libraries in a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
For more information, see Set up ADC for a local development environment in the Google Cloud authentication documentation.
REST
To use the REST API in a local development environment, you use the credentials you provide to the gcloud CLI.
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init
For more information, see Authenticate for using REST in the Google Cloud authentication documentation.
For information about setting up authentication for a production environment, see Set up Application Default Credentials for code running on Google Cloud in the Google Cloud authentication documentation.
About roles
When calling an API, Google Cloud requires the calling identity (any applicable person, entity, or process and their defined attributes) to have the appropriate permissions. You can grant permissions by granting roles to a user account or service account. For more information, see the Identity and Access Management (IAM) documentation.
For the purpose of trying the Document AI API, you can use the Project > Owner role in steps below. The Project > Owner role grants the service account full permission to resources in your project. If your request does not require full permissions, you can specify a more restrictive role using the Google Cloud console. For a list of permissions and roles for Document AI, see Document AI permissions and Document AI roles. For information on managing permissions using IAM roles, see Manage access to projects, folders, and organizations.
Cross project file access setup
When you set up your Document AI processor in one project, you might want this project to access input files stored in a different project in the same organization that hosts Document AI processors.
To allow cross-project access, you must grant the Storage Object Viewer role
(roles/storage.objectViewer
) to the default Document AI service
account, as shown in the following figure.
Example
- Suppose project A hosts Document AI processors, and optionally hosts a bucket processor output is written to.
- Project B owns the bucket that contains input files for Document AI processors.
To make files in project B accessible to project A, you must grant the the Storage Object Viewer role (
roles/storage.objectViewer
) for the input bucket in project B to the Document AI service account of project A.
For more information about IAM and Storage Object Viewer
, see
IAM roles for Cloud Storage.
Built-in service accounts
A Document AI service account follows this naming convention:
service-{project number}@gcp-sa-prod-dai-core.iam.gserviceaccount.com
Example: service-361747088407@gcp-sa-prod-dai-core.iam.gserviceaccount.com
Next Steps: Use cases
After the Document AI API has been enabled, Document AI processors can be created and used. Which type of processor is best depends on your use case.