Google Workspace - Service Account

Steps to set up a Google Service Account with multiple Google APIs using Xkit

Google's Guide:
Authorization protocol: OAuth 2.0


Initial Google API Set up

This guide walks you through how to set up a Google Service Account with multiple Google APIs when initially registering your app with Google. There is no overarching "Google Workspace Service Account or API" in the Google Developers Console.

If you have previously set up a Service Account, please reference the Service Account guide with the specific API you are looking to add.


User Impersonation tokens

Google Service Accounts allow you to retrieve access tokens for any user in a G Suite / Google Workspace account with user impersonation. To get tokens for a specific user, use the provider_user_id query parameter in the Get User Connection API call. See Retrieve user tokens for more information.

1. Add the Google Workspace Service Account connector in the Xkit platform.

  • In the Xkit platform, click "New Connector" in the sidebar.
  • Click "Google Workspace Service Account".

2. Create a project in the Google Cloud Platform.

  • Next, in a separate window, visit the Google Cloud Platform.
  • Click "Create Project", enter the name of your application and click "Create".

3. Create a Service Account.

  • From the Google Service Accounts page, click on your project.
  • Click "+ Create Service Account" at the top of the page.
  • Enter the requested "Service account details" and click "Create".
  • Continue through the "Service account permissions" and then click "Done" on the "Grant users access to this service account" to create the service account.

4. Create new key and download JSON file.

  • Click on the recently created service account.
  • Scroll down and click on "Add Key" and then "Create new key" to download the JSON file.

5. Enable all of the Google APIs necessary for your App.

  • Use the sidebar to go to the "API & Services" dashboard.
  • Click "Enable APIs and Services".
  • Search for the APIs you require in the Library and click "Enable".

6. Provide Xkit with JSON file and select permissions/scopes.

  • Return to the Xkit Google Workspace Service Account connector page.
  • Click "Select File" and upload the downloaded JSON file; the info will populate in the Xkit fields.
  • Click "Save" to update the service provider settings.
  • Customize the "Catalog Settings" if desired and click "Save".
  • Select the requested scopes and click "Save".

You've now successfully connected multiple APIs through a Service Account using Xkit!

Retrieve user tokens

You'll note that the scope is required in order to use Google Service Accounts.

Supplying this scope gives you read-only access to the Directory API of the Admin SDK. In order to retrieve tokens for each individual user in a Google Workspace / G Suite organization, you need to:

  1. Enable the Admin SDK for your application in the developer console
  2. Call the List Users endpoint to get a list of all users in an organization
  3. Use each user's email address in the provider_user_id query parameter in the Get User Connection API to retrieve an access token for each user

Each individual access token will enable you to impersonate the specific user.