Servers can use any (most?) authentication ways that can also be used by clients. However, those usually involve authentication web pages,redirects, etc. Quite unpractical for your server app. So we may use Service Accounts as well and authenticate with a single JWT (JSON Web Token) file.
Hence, we need to create a Service Account in the cloud console. This service account has its own realm, i.e. access to other users' data is not immediately possible.