Here is the recommended procedure for configuring a path Source Authentication for a GCP bucket storage.

Select your working project or create one if needed.

Then, navigate to IAM a Admin > Service Accounts.

Create a dedicated Service Account or use an existing one. In this example, we're creating one named twicpics-access.

Navigate to Cloud Storage > Buckets.

Then, create a bucket. In this example, we're creating one named test-twicpics.

💡 Tip: Bucket names are unique, so we recommend naming them like company-name-project-name.

In this example, we created an images folder with a test.png file in it. We recommend separating videos and images in different folders.

On the same page, open the Permissions tab and give the reader role (Storage Legacy Object Reader) to your Service Account (service-account-name@project-name.iam.gserviceaccount.com).

💡 Tip: You can go back to the Service Accounts page to retrieve the name.

Your service account is now allowed to read files from your bucket.

Navigate to the Settings page, and go to the Interoperability tab to create a new key for your Service Account.

Save your access key and secret in a secure place. If you lose them, you will need to create new key/secret pair by following the same procedure.

Congrats — you're done configuring GCP. 🎉

First, open your TwicPics dashboard.

Navigate to the relevant Workspace (e.g. My Company), Domain (e.g. my-company.twic.pics), and create a new Path (or edit and existing one).

⚠️ Important — Endpoint URL

Because we use the AWS S3 Signature V4 protocal, you need to use the storage.googleapis.com endpoint instead of storage.cloud.google.com.

A valid example path configuration is:

In the Source Authentication section, enable authentication and set the following:

And that's it — you can now enjoy authenticated access to a Google Cloud Platform bucket. 🎉