Enterprises: getServiceAccount

Returns a service account and credentials. The service account can be bound to the enterprise by calling setAccount. The service account is unique to this enterprise and EMM, and will be deleted if the enterprise is unbound. The credentials contain private key data and are not stored server-side.

This method can only be called after calling Enterprises.Enroll or Enterprises.CompleteSignup, and before Enterprises.SetAccount; at other times it will return an error.

Subsequent calls after the first will generate a new, unique set of credentials, and invalidate the previously generated credentials.

Once the service account is bound to the enterprise, it can be managed using the serviceAccountKeys resource.

Request

HTTP request

GET https://www.googleapis.com/androidenterprise/v1/enterprises/enterpriseId/serviceAccount

Parameters

Parameter name Value Description
Path parameters
enterpriseId string The ID of the enterprise.
Optional query parameters
keyType string The type of credential to return with the service account. Required.

Acceptable values are:
  • "googleCredentials"
  • "pkcs12"

Authorization

This request requires authorization with the following scope:

Scope
https://www.googleapis.com/auth/androidenterprise

For more information, see the authentication and authorization page.

Request body

Do not supply a request body with this method.

Response

If successful, this method returns a response body with the following structure:

{
  "kind": "androidenterprise#serviceAccount",
  "name": string,
  "key": serviceaccountkeys Resource
}
Property name Value Description Notes
name string The account name of the service account, in the form of an email address. Assigned by the server.
key nested object Credentials that can be used to authenticate as this ServiceAccount.
kind string