Python quickstart for customers using a service account

Follow the steps in this quickstart guide, and in about 10 minutes you have a simple Python command-line app that makes requests to the zero-touch enrollment customer API using a service account.

Prerequisites

To run this quickstart, you need:

  • A service account, that's linked to you zero-touch enrollment customer account. See Get started.
  • Python 3.0 or greater.
  • The pip package management tool.
  • Access to the internet and a web browser.

Step 1: Turn on the zero-touch enrollment API

  1. Use this wizard to create or select a project in the Google Developers Console and automatically turn on the API. Click Continue, then Go to credentials .
  2. Set What data will you be accessing? to Application data.
  3. Click Next. You should be prompted to create a service account.
  4. Give a descriptive name for Service account name.
  5. Note the Service account ID (it looks like an email address) because you'll use it later.
  6. Set Role to Service Accounts > Service Account User.
  7. Click Done to finish creating the service account.
  8. Click the email address for the service account that you created.
  9. Click **Keys**.
  10. Click **Add key**, then click **Create new key**.
  11. For **Key type**, select **JSON**.
  12. Click Create and the private key downloads to your computer.
  13. Click **Close**.
  14. Move the file to your working directory and rename it service_account_key.json.

Step 2: Install the Google client library

Run the following command to install the library using pip:

pip install --upgrade google-api-python-client oauth2client

See the library's installation page for different installation options.

Step 3: Set up the sample

Create a file named quickstart.py in your working directory. Copy in the following code and save the file.

#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Zero-touch enrollment quickstart sample.

This script forms the quickstart introduction to the zero-touch enrollemnt
customer API. To learn more, visit https://developer.google.com/zero-touch
"""

import sys
from apiclient import discovery
import httplib2
from oauth2client.service_account import ServiceAccountCredentials

# A single auth scope is used for the zero-touch enrollment customer API.
SCOPES = ['https://www.googleapis.com/auth/androidworkzerotouchemm']
SERVICE_ACCOUNT_KEY_FILE = 'service_account_key.json'


def get_credential():
  """Creates a Credential object with the correct OAuth2 authorization.

  Uses the service account key stored in SERVICE_ACCOUNT_KEY_FILE.

  Returns:
    Credentials, the user's credential.
  """
  credential = ServiceAccountCredentials.from_json_keyfile_name(
    SERVICE_ACCOUNT_KEY_FILE, SCOPES)

  if not credential or credential.invalid:
    print('Unable to authenticate using service account key.')
    sys.exit()
  return credential


def get_service():
  """Creates a service endpoint for the zero-touch enrollment API.

  Builds and returns an authorized API client service for v1 of the API. Use
  the service endpoint to call the API methods.

  Returns:
    A service Resource object with methods for interacting with the service.
  """
  http_auth = get_credential().authorize(httplib2.Http())
  return discovery.build('androiddeviceprovisioning', 'v1', http=http_auth)


def main():
  """Runs the zero-touch enrollment quickstart app.
  """
  # Create a zero-touch enrollment API service endpoint.
  service = get_service()

  # Get the customer's account. Because a customer might have more
  # than one, limit the results to the first account found.
  response = service.customers().list(pageSize=1).execute()

  if 'customers' not in response:
    # No accounts found for the user. Confirm the Google Account
    # that authorizes the request can access the zero-touch portal.
    print('No zero-touch enrollment account found.')
    sys.exit()
  customer_account = response['customers'][0]['name']

  # Send an API request to list all the DPCs available using the customer
  # account.
  results = service.customers().dpcs().list(parent=customer_account).execute()

  # Print out the details of each DPC.
  for dpc in results['dpcs']:
    # Some DPCs may not have a name, so replace with a marker.
    if 'dpcName' in dpc:
      dpcName = dpc['dpcName']
    else:
      dpcName = "-"
    print('Name:{0}  APK:{1}'.format(dpcName, dpc['packageName']))


if __name__ == '__main__':
  main()

Step 4: Add your service account key

Copy the service_account_key.json you downloaded when you created your service account into your working directory.

Step 5: Run the sample

Use your operating system's help to run the script in the file. On UNIX and Mac computers, run the command below in your terminal:

python quickstart.py

Notes

  • Avoid sharing your service_account_key.json file with anyone. Be careful not to include it in source code repositories. You can read more advice on handling service account secrets.

Learn more