i'm trying to write a simple script that will get the users list from my Google G Suite domain from Directory API of Admin SDK using google-api-python-client. I've read tons of documentation, tried hundreds of various requests, but always receive: googleapiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/admin/directory/v1/users?domain=example.com&alt=json returned "Not Authorized to access this resource/api"> error.
This is what i did:
In the Google Developer console https://console.developers.google.com:
- created a new project
- enabled 'Admin SDK' API.
- created a Service account Key
- saved the generated key into a 'service-key.json' file
In the G Suite Admin console:
- API access is enabled
- Admin SDK is enabled
- 'Client ID' of the service key ^^ is authorized to 'View users on your domain', scope: https://www.googleapis.com/auth/admin.directory.user.readonly in the API client access console section.
Created a simple test script:
#!/usr/bin/env python3 import json from httplib2 import Http from oauth2client.service_account import ServiceAccountCredentials from apiclient.discovery import build scopes = ['https://www.googleapis.com/auth/admin.directory.user.readonly'] credentials = ServiceAccountCredentials.from_json_keyfile_name( 'service-key.json', scopes) account = credentials.authorize(Http()) service = build('admin', 'directory_v1', http=account) response = service.users().list(domain='example.com').execute() print(response)
Other:
- tried also 'Enable G Suite Domain-wide Delegation' (used create_delegated() method on a ServiceAccountCredentials object)
- i see in the Google Developer Console - Dashboard, that the script is issuing the proper requests - can see the 'directory.users.list' API methods are being issued, but fails with 403 error
Thanks in advance for any help!
