Gemini 3.5 Flash Integration: Setup, Auth and Fixes

Introduction

Gemini 3.5 Flash became generally available on May 19, 2026. Google positions it as a production-ready model for coding, agent workflows, and long-running tasks. It supports a 1,048,576-token input context and up to 65,536 output tokens. Supported inputs include text, images, audio, video, and PDF files, while the primary output format is text.

Integrating the model is straightforward at the API level. Most deployment problems come from choosing the wrong access path, using outdated SDKs, or mixing authentication methods.

Another common source of confusion is model naming. Google currently provides the stable gemini-3.5-flash model. The current Pro model is gemini-3.1-pro-preview; there is no public gemini-3.5-pro model ID in the official model catalog. Using an invented or outdated model name will normally result in an invalid argument or model-not-found error.

This guide explains how to configure Gemini 3.5 Flash for development and production. It also covers authentication, multimodal input, image generation, code execution, and common API failures.

1. Choose the Correct Access Path

Gemini can be accessed through several Google products, but they are designed for different purposes.

1.1 Consumer Interface

The Gemini website and browser integrations are intended for interactive use. They provide a convenient way to test prompts and explore model behavior.

However, a browser-based chat interface is not a production API. It does not provide the authentication, version control, quota management, or observability required by a backend service.

Developers should not automate browser sessions or treat the consumer interface as an application endpoint.

1.2 Gemini Developer API

The Gemini Developer API is the simplest path for prototypes, internal tools, and lightweight applications. Developers can create credentials in Google AI Studio and call the model through the Google Gen AI SDK.

This route is suitable when you need:

• Fast project setup
• API-key-based authentication
• Direct access to current Gemini models
• Multimodal requests
• Tool calling and code execution
• Google AI Studio integration

Google currently recommends the Interactions API for access to the newest models and features. The existing generateContent interface remains available.

1.3 Enterprise and Vertex AI Workflows

Teams that require IAM controls, cloud auditability, service accounts, regional configuration, and enterprise governance should use Gemini through Google Cloud’s enterprise platform.

This route is more appropriate for:

• Production backend services
• Regulated workloads
• Centralized IAM permissions
• Cloud audit logs
• Workload identity
• Provisioned throughput
• Organization-level billing

The Google Gen AI SDK supports both the Gemini Developer API and Vertex AI–based enterprise endpoints. Developers can therefore move between the two without maintaining separate SDK implementations.

2. Authentication: API Keys vs Application Default Credentials

Authentication should match the deployment environment. API keys and Application Default Credentials are both supported, but they serve different use cases.

2.1 Use an API Key for Development

For local experiments, create a Gemini API key and store it in an environment variable.

On macOS or Linux:

export GEMINI_API_KEY="YOUR_GEMINI_API_KEY"

On Windows PowerShell:

$env:GEMINI_API_KEY="YOUR_GEMINI_API_KEY"

Do not place the key directly in Python files, notebooks, or public repositories.

Google is moving the Gemini API from conventional standard keys toward authorization keys linked to service-account identities. New keys created through AI Studio now use the newer format by default. Unrestricted standard keys have also become subject to tighter rejection rules, so older integrations should review their key type and restrictions.

2.2 Use ADC for Cloud Production

For production workloads on Google Cloud, Application Default Credentials are the preferred authentication method.

Local initialization requires the Google Cloud CLI:

gcloud init
gcloud auth application-default login

The SDK then discovers the local credential file automatically. Application code does not need to load a plaintext token.

Google recommends API keys for testing and ADC for production use on its enterprise platform.

For deployed workloads, use an attached service account or workload identity wherever possible. A downloaded JSON service-account key should be treated as a sensitive fallback rather than the default design.

2.3 Avoid Mixed Authentication

A project should use one clearly defined authentication path.

Typical configuration conflicts include:

• Setting GEMINI_API_KEY while also initializing a Vertex client
• Leaving expired ADC credentials on a development machine
• Using credentials from the wrong Google Cloud project
• Loading a service-account file with insufficient IAM roles
• Reusing credentials intended for another API provider

When troubleshooting, first confirm whether the request is going to the Gemini Developer API or the enterprise endpoint. Then verify the credentials expected by that route.

3. Model Selection

3.1 Gemini 3.5 Flash as the Default

For most applications, gemini-3.5-flash is the practical default.

It is designed for:

• Coding workflows
• Agent loops
• Structured extraction
• Document analysis
• Multimodal understanding
• Function calling
• High-volume production tasks
• Code execution

The model supports a one-million-token context window, context caching, batch requests, file search, function calling, and code execution. Computer Use is not currently supported.

The standard paid Gemini Developer API rate is currently $1.50 per million input tokens and $9 per million output tokens, including thinking tokens. Pricing may differ by platform, service tier, and future model revision.

3.2 Use Gemini 3.1 Pro Selectively

For more demanding reasoning tasks, Google currently offers gemini-3.1-pro-preview.

It is intended for complex problem solving, software engineering, large datasets, and code-repository analysis. However, it remains a preview model. Production teams should account for lifecycle changes and benchmark stability before making it a hard dependency.

A practical allocation strategy is:

Latency values such as “1.8 seconds” or “5.3 seconds” should be presented only as results from a documented internal benchmark. They are not universal model specifications. Region, prompt size, thinking level, traffic, and service tier can all change response time.

3.3 Configure Thinking Deliberately

Gemini 3.5 Flash supports configurable thinking levels. Its default thinking level is medium. Developers can choose a lower level for faster routine requests or a higher level for more difficult reasoning.

Example:

from google import genai

client = genai.Client()

interaction = client.interactions.create(
    model="gemini-3.5-flash",
    input="Review this database migration plan and identify failure risks.",
    generation_config={
        "thinking_level": "high"
    }
)

print(interaction.output_text)

Do not assume that the highest thinking level is always best. It can increase latency and token consumption. Benchmark the completed business task rather than the quality of one isolated response.

4. Production Deployment

4.1 Create and Configure the Project

For Gemini Developer API testing, a project can be managed through Google AI Studio.

For enterprise deployment:

1. Create or select a Google Cloud project.
2. Link the appropriate billing account.
3. Enable the required Gemini or enterprise platform API.
4. Configure IAM permissions.
5. Initialize ADC or a production service identity.
6. Confirm the selected project and location.

Google Cloud’s $300 introductory credit applies to eligible new customers for a limited trial period. It is not a fresh $300 allocation for every project.

Useful validation commands include:

gcloud config get-value project
gcloud auth list
gcloud auth application-default print-access-token

When using regional endpoints, confirm that the selected model is available in that location. A wrong location can produce a 404 response even when authentication is valid.

4.2 Install the Current SDK

Use the current Google Gen AI SDK:

pip install -U google-genai

The older google-generativeai package is now considered a legacy library. Google recommends migrating to google-genai for new models and features.

4.3 Basic Gemini Developer API Request

from google import genai

client = genai.Client()

interaction = client.interactions.create(
    model="gemini-3.5-flash",
    input=(
        "Summarize the main deployment risks in a production "
        "LLM application. Return five concise points."
    )
)

print(interaction.output_text)

The SDK reads GEMINI_API_KEY from the environment.

4.4 Vertex AI Client Configuration

For the enterprise route:

import os
from google import genai

project_id = os.environ["GOOGLE_CLOUD_PROJECT"]
location = os.getenv("GOOGLE_CLOUD_LOCATION", "global")

client = genai.Client(
    vertexai=True,
    project=project_id,
    location=location
)

response = client.models.generate_content(
    model="gemini-3.5-flash",
    contents="Create a deployment checklist for a Python API service."
)

print(response.text)

The vertexai=True setting tells the SDK to use enterprise endpoints. The project and location determine quota attribution and request routing.

4.5 Set Output Constraints

An explicit output limit is not required for every call, but it is useful in production.

Output constraints help control:

• Cost
• Response latency
• Database field size
• Downstream parsing
• User-interface layout
• Unexpectedly verbose answers

Prompt-level constraints are often effective:

Return no more than 150 words.
Use exactly four bullet points.
Do not include an introduction.

For automated systems, combine these instructions with structured output rather than relying on prose formatting alone.

5. Multimodal Features

5.1 Analyze an Image with Gemini 3.5 Flash

Gemini 3.5 Flash can understand images, screenshots, audio, video, and PDF content. It does not generate images through the standard text model endpoint.

Example screenshot analysis:

import base64
from pathlib import Path
from google import genai

client = genai.Client()

image_bytes = Path("error-screen.png").read_bytes()
encoded_image = base64.b64encode(image_bytes).decode("utf-8")

interaction = client.interactions.create(
    model="gemini-3.5-flash",
    input=[
        {
            "type": "image",
            "data": encoded_image,
            "mime_type": "image/png"
        },
        {
            "type": "text",
            "text": (
                "Analyze this error screenshot. Identify the likely root "
                "cause and provide an ordered troubleshooting procedure."
            )
        }
    ]
)

print(interaction.output_text)

This workflow is useful for application logs, cloud-console screenshots, UI defects, and infrastructure diagrams.

5.2 Generate Images with the Correct Model

Image generation uses a separate model. The recommended general-purpose option is currently gemini-3.1-flash-image. Google also provides gemini-3-pro-image for more demanding professional visual workflows.

import base64
from pathlib import Path
from google import genai

client = genai.Client()

interaction = client.interactions.create(
    model="gemini-3.1-flash-image",
    input=(
        "Create a clean 16:9 architecture diagram for a cloud-native "
        "AI application. Use a restrained enterprise design."
    ),
    response_format={
        "type": "image",
        "mime_type": "image/png",
        "aspect_ratio": "16:9",
        "image_size": "2K"
    }
)

image_data = base64.b64decode(interaction.output_image.data)
Path("architecture-diagram.png").write_bytes(image_data)

Gemini 3.1 Flash Image supports several resolutions and aspect ratios. It can also use reference images and Google Search grounding for supported workflows.

5.3 Enable Code Execution

Gemini 3.5 Flash supports code execution through an isolated tool environment.

from google import genai

client = genai.Client()

interaction = client.interactions.create(
    model="gemini-3.5-flash",
    input=(
        "Calculate the sum of the first 50 prime numbers. "
        "Generate and execute code to verify the result."
    ),
    tools=[
        {"type": "code_execution"}
    ]
)

for step in interaction.steps:
    if step.type == "model_output":
        for block in step.content:
            if block.type == "text":
                print(block.text)
    elif step.type == "code_execution_call":
        print("Generated code:")
        print(step.arguments.code)
    elif step.type == "code_execution_result":
        print("Execution result:")
        print(step.result)

The execution environment includes common data, scientific, document, and plotting libraries. Custom package installation is not supported. Generated code, execution output, and reasoning may also contribute to billable token usage.

6. Error Diagnosis

Use the HTTP status code and canonical error name together. Do not diagnose an issue from a copied message alone.

Google recommends limited retries with exponential backoff. Its enterprise API guidance suggests a minimum initial delay of one second and no more than two retries for transient failures.

About 402 Errors

Google’s official Gemini enterprise error matrix does not list HTTP 402 as a standard model API response.

Therefore, a 402 error is likely to originate from an intermediary gateway, billing wrapper, reseller, or another layer in the request chain. This is an inference based on Google’s published error model. Record the complete response body, request domain, and upstream provider before changing Gemini configuration.

7. Production Checklist

Before launch, confirm the following:

• The application uses google-genai.
• Production credentials are not stored in source code.
• Development and production projects are separated.
• The actual model ID is configurable.
• Thinking level is selected by workload.
• Output size is constrained.
• Quotas and billing alerts are configured.
• 400-series failures are not retried blindly.
• 429 and 500-series failures use bounded backoff.
• Request latency and token usage are logged.
• Image understanding and image generation use the correct models.
• Preview models have a documented migration plan.

Conclusion

A stable Gemini integration depends less on complex code than on clear configuration boundaries.

Use the Gemini Developer API for rapid development. Use the enterprise route when the application requires IAM, auditability, and controlled cloud deployment. Keep API keys outside the codebase, and prefer ADC for production workloads on Google Cloud.

Gemini 3.5 Flash is the most practical default for coding, multimodal analysis, and agent workflows. The current Pro option is Gemini 3.1 Pro Preview, not Gemini 3.5 Pro. Image creation also requires a dedicated image model rather than the standard Gemini 3.5 Flash endpoint.

For teams operating Gemini alongside other model providers, a unified aggregation layer such as 4sapi can reduce duplicate endpoint integration and centralize usage records. Provider-specific IAM, quota controls, and error handling should still remain part of the production architecture.