My Business
5.2K members online now
5.2K members online now
For developers who are using the Google My Business API to manage locations
Guide Me
star_border
Reply

Using GMB API with service account in python

[ Edited ]
Visitor ✭ ✭ ✭
# 1
Visitor ✭ ✭ ✭

Hello,

 

My company has already been whitelisted for GMB API.. I have also enabled the private GMB API in the cloud console.

 

That's all well and good, but I normally have my backend server-to-server applications access google APIs (like sheets) with service account credentials, and not tagged to my personal developer username.  Is there a way to use the python client library to build a valid GMB API service object using only the service credentials json file?  I am trying to avoid giving my personal account's OAuth access to other developers working on this project with me...

 

Am I missing something? Is it possible to use service account credentials with GMB API or is it forcing us to use OAuth2 with my personal user consent? I feel like everything I've researched is requiring me to grant some kind of personal user access for this API... which seems.... odd?

 

Here is kind of what we're trying - modified from the sheets api service account auth flow:

from oauth2client.service_account import ServiceAccountCredentials
from apiclient import discovery
scopes = ['https://www.googleapis.com/auth/plus.business.manage']
credentials = ServiceAccountCredentials.from_json_keyfile_name('bizcloud-80215ed20a24.json', scopes=scopes)
discoveryUrl = ('https://mybusiness.googleapis.com/$discovery/rest?version=v3')
service = discovery.build('mybusiness', 'v3', http=http, discoveryServiceUrl=discoveryUrl)

and the error return is a 403 missing API key:

HttpError: <HttpError 403 when requesting https://mybusiness.googleapis.com/$discovery/rest?version=v3 returned "The request is missing a valid API key.">

 

is there anything special i need to do to this service account to make it jive with GMB? I had created this service account specifically for the purpose of using this API, as I have other service accounts for other APIs and purposes. I'd like to keep everything separated...

 

Thanks in advance!

1 Expert replyverified_user

Re: Using GMB API with service account in python

Google Employee
# 2
Google Employee

Hi @Aniello Z,

 

Yes, a one-time user consent is required for a service account to be able to access the Google My Business account and location data on behalf of a particular end user. The end users will have to log in with their Google Accounts to manually authorize the application during the OAuth 2.0 installed applications flow. This process needs to be done only once. When you prepare to make authorized API calls using the service account, you specify the user to impersonate by specifying the email address of the user account for access to their Google My Business data. If the end users have manually authorized the application, you should be able to access their Google My Business data. If the end users later want to revoke the application’s access to their Google My Business data, they can remove the authorized app from the Apps connected to your account page of their accounts.

 

Please note, you should use the Google API Client Library for Python to handle all requests since all methods in the Google My Business API are included in the discovery document for the API. Please use the client libraries we provide when interacting with Google's OAuth 2.0 endpoints for the security implications of getting the implementation correct.

 

I hope this helps!

 

Thanks,

The Google My Business API team

Using GMB API with service account in python

Visitor ✭ ✭ ✭
# 3
Visitor ✭ ✭ ✭

Hi Shalini,

 

Thanks for that... but we're still a bit stuck here.

We've managed to get the service account delegated g-suite domain wide authority so it would create an associated OAuth2 Client ID, then I could successfully enable on the admin.google.com Manage Client API access page .... OK. not sure if that's needed, but it's done...  

 

We have not been able to get this one-time user consent process set up, however.  I've gone into the OAuth2 Playground while logged into my admin user that has the whitelist, thinking I can do the one-time permission grant & authorize the GMB scope there, but all I'm left with are access/refresh tokens that seem to die after 1 hour.... this is not the one-time consent, correct? Kinda lost how to get the consent screen to grant access to the service account...  

 

Do you have any sample python code snippets on how to do this so the service account can access the Google My Business?  This appears orders of magnitude more complicated than using service accounts to access the normal APIs... wish it wasn't so difficult... Google Sheets API + Service Account is much much easier.... 

 

I have been unable to locate a monkey-see-monkey-do code sample for GMB, so that we can modify and get this working.

 

Please help if you can.. Thanks much!

--a

Re: Using GMB API with service account in python

Google Employee
# 4
Google Employee

Hi @Aniello Z,

 

When using the OAuth 2.0 client ID for authorization, you should store the refresh token for future use and use the access token to access the API. Once the access token expires, the application should use the refresh token to obtain a new one. This way, your application will always be able to request a new access token when necessary. This process requires a user to manually authorize the application only once. You can find a Python code snippet in this thread.

 

I hope this helps!

 

Thanks,

The Google My Business API team

Using GMB API with service account in python

Visitor ✭ ✭ ✭
# 5
Visitor ✭ ✭ ✭

Hey @Aniello Z,

 

Were you ever able to figure this out? I'm having a similar issue, getting the same 403 error:

 

File "my-script.py", line 69, in main
scope='https://www.googleapis.com/auth/plus.business.manage')

File "C:\Python27\lib\site-packages\googleapiclient\sample_tools.py", line 95, in init
service = discovery.build(name, version, http=http)

File "C:\Python27\lib\site-packages\oauth2client\_helpers.py", line 133, in positional_wrapper
return wrapped(*args, **kwargs)

File "C:\Python27\lib\site-packages\googleapiclient\discovery.py", line 236, in build
raise e
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://mybusiness.googleapis.com/$discovery/rest?version=v3 returned "The request is missing a valid API key.">

 

I was already able to finish the OAuth2 process successfully -- but can't get past this point. Not sure what else I have to do. This works just fine with the other APIs I have implemented this with: Drive, Sheets, Web, etc.

Using GMB API with service account in python

Visitor ✭ ✭ ✭
# 6
Visitor ✭ ✭ ✭

I managed to found the problem. It seems that private apis can't be accessed via discovery api service (even when you use apikeys). You need to change your discovery service url to a valid json file displaying mybusiness service. See my answer at https://stackoverflow.com/a/46664128/1446284