Set up Pub/Sub notifications

Pub/Sub notifications provide a way for you to receive alerts about newly enrolled devices, device reports, and recently issued commands.

To set up Pub/Sub notifications, you need to enable the Pub/Sub API and create a topic. To receive messages published to a topic, create a subscription to that topic. The subscription connects the topic to a subscriber application that receives and processes messages published to the topic. After you create a subscription, you need to grant Android Device Policy permission to publish to your topic.

1. Enable the Pub/Sub API for your project

For instructions on how to enable the Pub/Sub API, see the console quickstart guide. Ensure that you select the same project that the Android Management API is enabled for.

2. Create a topic

After enabling the API, you need to create a topic that Android Device Policy can publish notifications to. There are two ways to create a topic:

a. Manually in the Google Cloud Platform Console.
b. Using the Pub/Sub API (see create topicmethod).

After creating a topic, take note of the topic name.

3. Create a subscription

A subscription captures the stream of messages published to a given topic. There are two ways to create a subscription:

a. Manually in the Google Cloud Platform Console.
b. Using the Pub/Sub API (see create subscription method).

4. Grant Android Device Policy the right to publish to your topic

You need to give android-cloud-policy@system.gserviceaccount.com permission to publish to your topic. There are two ways to grant publishing rights:

a. Manually in the Google Cloud Platform Console.

  • Add android-cloud-policy@system.gserviceaccount.com as a member to your topic.
  • Click Select a role > Pub/Sub > Pub/Sub Publisher.

b. Using the Pub/Sub API (see Access Control via the Google Cloud Pub/Sub IAM API)

  • Add serviceAccount:android-cloud-policy@system.gserviceaccount.com to members.
  • Set role to roles/pubsub.publisher.

5. Update enterprise to support notifications

To connect notifications about an enterprise to the topic you created, call enterprises.patch and specify the following parameters:

  • pubsubTopic: The name of your pub/sub topic in the form projects/{project}/topics/{topic}.
  • enabledNotificationTypes: Include all the notification types you wish to receive. Choose from ENROLLMENT, STATUS_REPORT, and COMMAND.

6. Use the Pub/Sub API to get notifications

A subscription can use either the push or pull mechanism for message delivery. Guidelines and directions on how to receive notifications through both of these mechanisms are available in the Pub/Sub Subscriber Guide.

Message format

Messages take the form of a PubsubMessage. The attributes field of the message contains an attribute with key notificationType and value set to the notification type that triggered the message (e.g. ENROLLMENT). The data field of the message contains the JSON representation of the resource that was updated, encoded as a UTF-8 string. The notifications and their corresponding resource types are as follows:

  • COMMAND notifications use the resource type Operation.
  • USAGE_LOGS notifications use the resource type UsageLogEvent.
  • ENROLLMENT and STATUS_REPORT notifications use the resource type Device.

When setting the pubsubTopic on an Enterprise, an initial message will be published with notificationType set to test. This message is sent to verify Android Device Policy has the publish permission on the topic and should be ignored.