I infer from the Google API documentation, that not all of the advertised Google services are available to service accounts.
e.g. In the announcement for service accounts, this was part of the text:
`Service accounts are currently supported by the following Google developer services:
- Google Cloud Storage
- Google Prediction API
- Google URL Shortener
- Google OAuth 2.0 Authorization Server
- Google APIs Console
- Google APIs Client Libraries for Python, Java, and PHP
I understand the first three refer to specific services, the OAuth server and console are infrastructure requirements before any service could be supported, (the last item in the list is a little vague to me.)
I also noticed this reference to Google Drives being available to a service account: http://tinyurl.com/ahwo3bs (very cool).
Is there a comprehensive list of which services are accessible with service account authorization and which are not? I am most interested in Cloud Storage (working now). Google Drive, Google+ Hangouts, and hangouts On Air. (I know the idea of a service account participating in a hangout might seem odd.)
Enable the GMail APIFrom the project, click on ENABLE APIS AND SERVICES and search for the Gmail API. Click on ENABLE. You now have the Gmail API enabled for your project. All you need now is to create some credentials for using the API.
From your Google Workspace domain's Admin console, go to Main menu menu > Security > Access and data control > API Controls. In the Domain wide delegation pane, select Manage Domain Wide Delegation. Click Add new. In the Client ID field, enter the service account's Client ID.
OAuth 2.0. One popular method for authenticating and authorizing users is OAuth 2.0. This approach relies on an authentication server to communicate with the API server to grant access. You often see OAuth 2.0 when you're using a site and are prompted to log in using a service like Twitter, Google, or Facebook.
All Google APIs that supports OAuth 2.0 should work with Service Accounts.
However the 3 products listed above (Cloud Storage, Prediction API and URL Shortner) are the only ones with which it makes real sense to use Service Accounts (i.e. on behalf of your application) all other Google APIs are here to access user's data. You can read the first section of the Application Owned Accounts Drive documentation for more explanations.
PS: the part of the announcement that said Google APIs Client Libraries for Python, Java, and PHP was meant to say that only our Java, PHP and Python client libraries had built-in classes to use Service Account authorization (the Client credentials flow of OAuth 2.0). Now most of our client libraries have support. Check the code sample in the referred documentation for the full list.
They say service accounts do not work for YouTube API calls because an associated YouTube channel, and you cannot associate new or existing channels with services accounts. Using a service account to make YouTube API calls will return an error with the error type set to unauthorized and the reason set to youtubeSignupRequired (https://developers.google.com/youtube/v3/guides/moving_to_oauth#service_accounts)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With