Access to Google Play Developer API "as a service" - google-api

I'm developing a service that requires access to the Google Play Developer API on behalf of my users.
I created an API project of type Web Application. It can successfully request the users' androidpublisher permission using an OAuth consent screen. Based on the documentation, it should be able to make requests to the Google Play Developer API.
But requests to the API fail with the following error:
The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console.
From my understanding, the API Project needs to be linked to the Google Publisher Account from the Console (Settings -> API access -> Linked projects). However, the project doesn't appear in the list (since it's not owned by the user).
Is there any solution to this? Thanks!

There is not a solution to this. The only model the console supports for acting on behalf of developer users is for them to create the project in the Play Console, and you provide them a tool that they can use on their project.

Related

How to get authorization for accessing Google Play developer API

I am trying to access Google play developer API https://developers.google.com/android-publisher/ to build an inapp purchase product for my company Application.
We have to get authorization to make a GET call to the Google play developer API. https://developers.google.com/android-publisher/api-ref/purchases/subscriptions/get
I followed the steps presented here. https://developers.google.com/android-publisher/authorization
Created an Oauth client and and also service account. The gmail account I used was part of the 'Users and permissions' in play.google.com console.
But when I tried to access the API, I got an error
As I started searching about this error, I understood that there is something else called 'API Access' in play.google.com. When I tried to access it, All I saw was
But I saw in other posts that there exists a screen with details like
https://i.stack.imgur.com/Hdjjy.png
So how can I go forward to access API. I did everything as mentioned in documentation of google but it didnt work. Also I dont have access to see the screen of 'API Access'.
Also I am confused, if you can create service accounts from both 'API Access' screen and also from 'credentials' screen in console.developers.com, which one should be used ?
Just to check you understand there are a few different APIs to do with in-app purchases.
Play billing library is designed to be used in your app. This is what allows users to buy things from your app
Configuring in app products. When your app supports in-app products you have to support what the products are and the prices. This is done via the Play console, either manually or in batches uploading CSV files.
Finally is the API you refer to in your question. This is not designed for use in your app, and you don't have to use it to support in-app products. Instead this API allows your server (not app) to validate a user's purchase. In order to use this API, you need to enable the "API access" in the page you found. This can only be enabled by the account owner for the Play console, for security reasons. You will need to find the Owner of your Google Play account, and get them to log in and create a service account which has API access.
I am able to access it now. I am not the owner of the Google Play console.That was the issue. You just have to go to API Access page and click on "create OAuth Client" or "create Service Account ".
You can use those credentials to access API from postman or through your code.

Structure of google project in developer console

I am implementing Google Drive API and Google Sheets API to my application. How should I go about structuring the project in Google Developers console?
First I created the Drive connection and Oauth2 for it, then filled the verification request with scopes
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/userinfo.email
which was verified.
Then I created another Oauth2 for Sheets API and after trying to verify the scopes
https://www.googleapis.com/auth/spreadsheets
But my request got denied with message that I already have https://www.googleapis.com/auth/drive.file scope.
So should I create separate project for each API or use same Oauth2 for both of them?
Each application is a project in Google developer console. Assuming you are trying to access user data then you should create Oauth2 credentials and request all of the scopes that you will need for the application.
If the application is using
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/spreadsheets
Then you would need to active all three APIs in the Google Developer console. However I think that drive.file scope gives you the same access to all the files in Google drive there fore you dont need the spreadsheets scope.
https://www.googleapis.com/auth/drive.file View and manage Google Drive files and folders that you have opened or created with this app
vs
https://www.googleapis.com/auth/spreadsheets View and manage your spreadsheets in Google Drive

Google API to retrieve information about an OAuth app

How can I programmatically retrieve information about an OAuth client given its appId (xxxx.apps.googleusercontent.com). I am interested in retrieving Google API scopes the app is requesting (e.g.: https://www.googleapis.com/auth/userinfo.email) along with marketplace ratings and user coun t (if applicable).
Screenshot
I believe you can only access those stats if you own the app/add-on. Assuming that you're working on a GSute add-on, if you deploy the app via GSuite Marketplace you'll have to explicitly specify the scopes your app requires and you can check those scopes from your Google Console. I believe that there is also a dashboard available to the app developer (probable from Google Console) with analytic data related to performance.

Google Marketplace license api suddenly does not work

Since approx 5:30 UTC we are receiving only this response for this api call
https://www.googleapis.com/appsmarket/v2/customerLicense/{appId}/{customer}
{"error":{"errors":[{"domain":"global","reason":"forbidden","message":"Not authorized to access the application ID"}],"code":403,"message":"Not authorized to access the application ID"}}
but there has not been any previous development or changes on our side and this affects all of our marketplace applications.
Any ideas what is going on and how to fix/workaround this issue?
This issue should now be fixed by Google.
If you are still experiencing 403 Forbidden on marketplace API calls make sure you are following these guidelines
Access to these APIs is restricted: only project members of the
Developer Console project associated with your application may use the
API. Specifically, these project members must be in Can Edit or Is
Owner roles. You may also access UserLicense and CustomerLicense as
the logged in user to your app. Refer to
https://cloud.google.com/compute/docs/access/add-remove-change-permissions-for-team-members to learn how to
add members to your project.
For example by doing the API requests using a service account in the Google Cloud Platform Project for you application without using any impersonation/delegation.

Google play developer console, howto add external linked project?

I am trying to use the Google Play Developer API to automate APK submissions via a Service Account.
The question is, how do I give my project (and my service account) OUTSIDE of this play account, API access to manage apps?
Use case and example:
Each of my clients have their own Google Play account where their app(s) live. Apps used to be all in one big account, but for many reasons (Google pushing to separate being the highest) they are now broken up.
Lets say there are 2 google play accounts, A and B. Traditionally, each of these accounts grant my physical email user (me#gmail.com) "Release manager" access to each of their accounts. My email/user is OUTSIDE of account A and B. This works fine.
I now want to automate this process. I go to the developer API console for me#gmail.com, enable "Google Play Android Developer API" and create an oAuth2 service account (gives it an email of blah#developer.gserviceaccount.com). I then tell clients to go into accounts (A and B) and tell them to give blah#developer.gserviceaccount.com "Release manager" access.
I make an API call and get
The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console
API calls do work if I go into account A and account B under Google Play Developer Console > Settings > API access, and make Services accounts for each. It makes an entry in "User accounts & Rights" for this service user's email, then links a SINGLE project ID that MUST be owned by the Google play account.
Questions:
How do I add a service account that is NOT defined in Settings > API access?
Why is there only ability to link 1 project?
You can give outside email addresses full perms, but you can NOT give an outside service account email API access? The current design is not any more secure. In fact, it seems to go against most of the benefit of the API, and against the grain of account isolation that Google has been pushing.

Resources