We can't make reseller API calls working using a service account. The steps on the link:
were followed without any luck.
With regards
Asked
Active
Viewed 404 times
0
-
can you share your code? is there a reason you need to use service accounts here rather than normal OAuth 2.0 authentication as a reseller user? – Jay Lee Nov 11 '13 at 16:12
-
Hi, We expose google apis to other operational countries within the company, using our internal generic SOAP API (report, audit and data transformation happen in the middle) Right now we are just generating the token with the java library from Google, taking that token and testing the APIs manually using a REST client. So far we were able to access SiteVerification API but not Reseller nor Directory API. – user1860273 Nov 11 '13 at 16:58
2 Answers
0
When performing service account authentication against the directory or reseller API, you must impersonate a Google Apps user within the instance who has the proper permissions to make the API calls. This is done via the prn parameter as described in the service account documentation. How you specify the prn user will differ by client library.
Jay Lee
- 13,415
- 3
- 28
- 59
-
It's good to finally know impersonation is key for accessing the reseller api, but do you have any information on doing this using the Golang Library? I wasn't able to find any... Especially not when using DefaultClient to use the ENV variable for getting the service account. – kwiesmueller Apr 25 '18 at 16:28
-
sure, sorry my fault, did not see how long ago the current question was. FYI: https://stackoverflow.com/questions/50029586/accessing-google-reseller-api-using-service-accounts – kwiesmueller Apr 25 '18 at 19:00
0
Yes, this now works. Just in case you use PHP library (from google) - here's how it should look like:
$cred = new Google_Auth_AssertionCredentials(
'e-mail from the API user',
['https://www.googleapis.com/auth/apps.order'],
'Content from your P12 key file',
'notasecret',
'http://oauth.net/grant_type/jwt/1.0/bearer',
'the-email@of-the-real-account.com'
);
