14

I want to access the locations associated with my account and their reviews, for that I am using the google my business API and I have access to it (it does work on oAuthplayground).

Now I want to access the google my business api without logging into my account, for that I am trying to make it work with the service account. But no luck so far, please advice how to proceed with this. I have enabled the G suite in the service account and I have also tried to give access to the service account email (ID) for the my business manage but it stays in Invited state, as there is no way to actually accept the invite.

When I try to send request using my account as subject.

$client = new Google_Client();
$client->addScope('https://www.googleapis.com/auth/plus.business.manage');
$client->setAuthConfig(dirname(__FILE__) . '/Xyz Review API-service account.json');
$client->setSubject('xyz*****abc@gmail.com');
$business_service_class = new Google_Service_Mybusiness($client);
$result_accounts = $business_service_class->accounts->listAccounts();
echo json_encode($result_accounts);
exit;

Response: {"nextPageToken":null}

If I use the google service account ID as email id in subject then I get following response.

$client->setSubject('xyz-review-service@xyz-review-api.iam.gserviceaccount.com');

Response: Error 500 { "error": "unauthorized_client", "error_description": "Unauthorized client or scope in request." }

If I am doing this completely wrong then please do advice how to proceed with this. Thank you.

Hmmm
  • 562
  • 3
  • 11
  • I'm not really sure if the API will work with a service account, however, as far as I understand to use a service account the way you want, you need to enable Domain Wide Delegation. I see that Google My Business appears as a service included in the "Other Google Services" of the G Suite account. Have you tried following the steps here https://developers.google.com/api-client-library/php/auth/service-accounts? Maybe you just need to enable DWD. Let me know if it works. – Morfinismo Nov 21 '16 at 16:30
  • @Morfinismo I did enable the DWD in the service account, then only I tried the api calls above. – Hmmm Nov 22 '16 at 08:15
  • @Hmmm did you ever get the my business api working with a service account? if so how? – Zath May 15 '17 at 18:31
  • @Zath ... Nope man ... Tried quite a few times but nothing worked for me. Maybe it will work now not sure about the current version. I was trying to find the average rating and all reviews of the places associated with the Gmail account. Do try and tell if you solve this. – Hmmm May 16 '17 at 08:03

2 Answers2

3

Here is what I got working in 2021 with NodeJS:

To log in as a service account for server to server authentication you need to enable domain wide delegation for your service account. https://developers.google.com/admin-sdk/directory/v1/guides/delegation

Once you do this, you can make your service account log into the Google My Business API by impersonating the email address of an approved My Business manager. This is in NodeJS, here is what I used:

const { google } = require('googleapis'); // MAKE SURE TO USE GOOGLE API
const { default: axios } = require('axios'); //using this for api calls

const key = require('./serviceaccount.json'); // reference to your service account
const scopes = 'https://www.googleapis.com/auth/business.manage'; // can be an array of scopes

const jwt = new google.auth.JWT({
  email: key.client_email,
  key: key.private_key,
  scopes: scopes,
  subject: `impersonated@email.com`
});

async function getAxios() {

  const response = await jwt.authorize() // authorize key
  let token = response.access_token // dereference token
  console.log(response)

    await axios.get('https://mybusiness.googleapis.com/v4/accounts', {
      headers: {
        Authorization: `Bearer ${token}`
      } // make request
    })
    .then((res) => { // handle response
      console.log(res.data);
    })
    .catch((err) => { // handle error
      console.log(err.response.data);
    })
  }

await getAxios(); // call the function
Julian-Life
  • 71
  • 7
2

I faced the problem of authentication for my internal service with google apis. Basically exists two method:

  1. create the page to accept your application to access the google account
  2. create a certificate to authenticate the application with "implicit" approval

as i said i'm using the google api for an internal project, so the first option is out of question (the service is not public). Go to https://console.cloud.google.com and create a new project then go to "api manager" then "credentials" then create a "service credential".

If you follow all those steps you have a certificate with .p12 extension, it's your key to access to google api (remember you have to enable the key to access the specific google api you want).

I paste an example extracted from my project, i'm using google calendar, but the authentication is the same for each service.

   $client_email = 'xxxx@developer.gserviceaccount.com';
    $private_key = file_get_contents(__DIR__ . '/../Resources/config/xxxx.p12');
    $scopes = array('https://www.googleapis.com/auth/calendar');
    $credentials = new \Google_Auth_AssertionCredentials(
        $client_email,
        $scopes,
        $private_key
    );

    $this->client = new \Google_Client();
    $this->client->setAssertionCredentials($credentials);
Kumar Rakesh
  • 2,718
  • 2
  • 18
  • 39
m47730
  • 2,061
  • 2
  • 24
  • 30
  • 2
    Google_Auth_AssertionCredentials is removed from the google-api -php version 2. (You can check here - https://github.com/google/google-api-php-client/blob/master/UPGRADING.md) I have downloaded json instead of .p12 and the steps are same still kinda not working. – Hmmm Dec 13 '16 at 08:17