Enable the Conversational Analytics API

This page describes the steps for enabling the Conversational Analytics API (accessed through geminidataanalytics.googleapis.com) for your Google Cloud project. The Conversational Analytics API is the first capability under the Data Analytics API with Gemini in the Google Cloud console.

Before you begin

Before you can use the Conversational Analytics API, you must have a Google Cloud project that can access the data that you want to work with. To set up your project, complete the following steps:

1. Identify the data that you want to use with the Conversational Analytics API. You can use data sources like BigQuery tables, Looker Explores, Looker Studio reports, and data from AlloyDB, GoogleSQL for Spanner, Cloud SQL, and Cloud SQL for PostgreSQL.

2. In the Google Cloud console, on the project selector page, create a Google Cloud project that can access the data that you want to use with the Conversational Analytics API.

   Go to project selector

Looker and Looker Studio Pro requirements

If you use the Conversational Analytics API with Looker, your Looker instance must meet specific requirements:

• Looker (original)
• Looker (Google Cloud core)

To use the Conversational Analytics API with Looker Studio Pro, your Pro subscription must be outside of a VPC-SC perimeter.

Enable the required APIs

To use the Conversational Analytics API, you must enable a set of required APIs in your Google Cloud project. If you plan to use the Conversational Analytics API from a Colab Enterprise environment, you must also enable additional APIs.

Required APIs

gcloud services enable geminidataanalytics.googleapis.com --project=project_id
gcloud services enable cloudaicompanion.googleapis.com --project=project_id
gcloud services enable bigquery.googleapis.com --project=project_id

APIs for Colab Enterprise

If you plan to use the Conversational Analytics API from a Colab Enterprise environment, also enable the following APIs:

Enable the Dataform API

Enable the Compute Engine API

Enable the Vertex AI API

Grant required roles

To use the Conversational Analytics API, principals (such as users or service accounts) require Identity and Access Management (IAM) roles that provide access to both the API and the underlying data sources.

To grant these roles, use the Google Cloud console:

Go to Roles

Gemini Data Analytics roles

To enable principals to create Conversational Analytics API agents and use the stateful chat method for conversations, grant the following IAM roles:

• Gemini Data Analytics Data Agent Creator (roles/geminidataanalytics.dataAgentCreator): required to get started with creating agents.
• Gemini for Google Cloud User (roles/cloudaicompanion.user): required to use the stateful chat method for conversations.

In addition, permissions for actions like managing agents are controlled by Gemini Data Analytics roles, as described in Conversational Analytics API access control with IAM.

BigQuery roles

To enable principals to query BigQuery data sources through the Conversational Analytics API, grant the following IAM roles:

• BigQuery User (roles/bigquery.user): required to access data in BigQuery.
• BigQuery Studio User (roles/bigquery.studioUser): required if you use BigQuery Studio and data canvas.

Looker roles

To enable principals to query Looker data sources through the Conversational Analytics API, grant the following IAM roles:

• Looker Instance User (roles/looker.instanceUser): required to access data from a Looker (Google Cloud core) instance.

To use Conversational Analytics and the Conversational Analytics API, a Looker user must be assigned a Looker role that contains the gemini_in_looker permission for the models that they interact with.

Database roles

To enable principals to query AlloyDB, Cloud SQL, Cloud SQL for PostgreSQL, or Spanner data sources through the Conversational Analytics API, grant the following IAM roles:

• AlloyDB Database User (roles/alloydb.databaseUser): required to access data from an AlloyDB instance.
• Cloud SQL and Cloud SQL for PostgreSQL Studio User (roles/cloudsql.studioUser): required to use the Google Cloud console to view and manage Cloud SQL and Cloud SQL for PostgreSQL instances.
• Cloud SQL and Cloud SQL for PostgreSQL Instance User (roles/cloudsql.instanceUser): required to connect to Cloud SQL and Cloud SQL for PostgreSQL instances.
• Spanner Database Reader (roles/spanner.databaseReader): required to read data from a GoogleSQL for Spanner database.

Additional configuration for VPC Service Controls

The Conversational Analytics API is integrated with VPC Service Controls. You can add the Conversational Analytics API to your service perimeters to enhance the security of your data and services and help mitigate the risk of data exfiltration. When you include geminidataanalytics.googleapis.com as a restricted service in a perimeter, VPC Service Controls protects the Conversational Analytics API.

Protect data sources

While the service perimeter restricts access to the Conversational Analytics API, you must also include its data source services within the same service perimeter to protect the data those sources contain. Common data sources for Conversational Analytics API include BigQuery, Looker, and Looker Studio. Ensure that the services corresponding to these data sources (for example, bigquery.googleapis.com) are also restricted in the service perimeter.

IAM roles and permissions

VPC Service Controls perimeters and Identity and Access Management (IAM) roles work together. VPC Service Controls enforces security boundaries around the service, while IAM governs who can access resources within the perimeter.

Even when access is within a protected perimeter, users or service accounts still require the necessary IAM permissions on both the Conversational Analytics API service and the underlying data sources (such as BigQuery datasets or Looker instances) to perform actions. Combining VPC Service Controls with proper IAM management is essential for robust security of your Conversational Analytics API workflows.