AI-generated Key Takeaways
-
This quickstart guide helps you create a simple Python command-line app that interacts with the zero-touch enrollment customer API using a service account in about 10 minutes.
-
You will need a service account linked to your zero-touch enrollment customer account, Python 3.0 or greater, the pip package management tool, internet access, and a web browser to run this guide.
-
The process involves enabling the zero-touch enrollment API, installing the Google client library, setting up the sample code, and adding your downloaded service account key file, along with running the sample file.
-
The sample code demonstrates how to authenticate using a service account key, create a service endpoint for the zero-touch enrollment API, retrieve customer account information, and list available device policy controllers (DPCs).
-
It is crucial to manage the
service_account_key.jsonfile securely, avoiding sharing or including it in source code repositories, as it poses a security risk if mishandled.
Follow the steps in this quickstart guide, and in about 10 minutes you have a simple Python command-line app that makes requests to the zero-touch enrollment customer API using a service account.
Prerequisites
To run this quickstart, you need:
- A service account, that's linked to you zero-touch enrollment customer account. See Get started .
- Python 3.0 or greater.
- The pip package management tool.
- Access to the internet and a web browser.
Step 1: Turn on the zero-touch enrollment API
- Use this wizard to create or select a project in the Google Developers Console and automatically turn on the API. Click Continue, then Go to credentials.
- Set What data will you be accessing?to Application data .
- Click Next. You should be prompted to create a service account.
- Give a descriptive name for Service account name.
- Note the Service account ID(it looks like an email address) because you'll use it later.
- Set Roleto Service Accounts > Service Account User .
- Click Doneto finish creating the service account.
- Click the email address for the service account that you created.
- Click **Keys**.
- Click **Add key**, then click **Create new key**.
- For **Key type**, select **JSON**.
- Click Createand the private key downloads to your computer.
- Click **Close**.
- Move the file to your working directory and rename it
service_account_key.json.
Step 2: Install the Google client library
Run the following command to install the library using pip:
pip
install
--upgrade
google-api-python-client
oauth2client
See the library's installation page for different installation options.
Step 3: Set up the sample
Create a file named quickstart.py
in your working directory. Copy in the
following code and save the file.
#!/usr/bin/env python # -*- coding: utf-8 -*- """Zero-touch enrollment quickstart sample. This script forms the quickstart introduction to the zero-touch enrollemnt customer API. To learn more, visit https://developer.google.com/zero-touch """ import sys from apiclient import discovery import httplib2 from oauth2client.service_account import ServiceAccountCredentials # A single auth scope is used for the zero-touch enrollment customer API. SCOPES = [ 'https://www.googleapis.com/auth/androidworkzerotouchemm' ] SERVICE_ACCOUNT_KEY_FILE = 'service_account_key.json' def get_credential (): """Creates a Credential object with the correct OAuth2 authorization. Uses the service account key stored in SERVICE_ACCOUNT_KEY_FILE. Returns: Credentials, the user's credential. """ credential = ServiceAccountCredentials . from_json_keyfile_name ( SERVICE_ACCOUNT_KEY_FILE , SCOPES ) if not credential or credential . invalid : print ( 'Unable to authenticate using service account key.' ) sys . exit () return credential def get_service (): """Creates a service endpoint for the zero-touch enrollment API. Builds and returns an authorized API client service for v1 of the API. Use the service endpoint to call the API methods. Returns: A service Resource object with methods for interacting with the service. """ http_auth = get_credential () . authorize ( httplib2 . Http ()) return discovery . build ( 'androiddeviceprovisioning' , 'v1' , http = http_auth ) def main (): """Runs the zero-touch enrollment quickstart app. """ # Create a zero-touch enrollment API service endpoint. service = get_service () # Get the customer's account. Because a customer might have more # than one, limit the results to the first account found. response = service . customers () . list ( pageSize = 1 ) . execute () if 'customers' not in response : # No accounts found for the user. Confirm the Google Account # that authorizes the request can access the zero-touch portal. print ( 'No zero-touch enrollment account found.' ) sys . exit () customer_account = response [ 'customers' ][ 0 ][ 'name' ] # Send an API request to list all the DPCs available using the customer # account. results = service . customers () . dpcs () . list ( parent = customer_account ) . execute () # Print out the details of each DPC. for dpc in results [ 'dpcs' ]: # Some DPCs may not have a name, so replace with a marker. if 'dpcName' in dpc : dpcName = dpc [ 'dpcName' ] else : dpcName = "-" print ( 'Name: {0} APK: {1} ' . format ( dpcName , dpc [ 'packageName' ])) if __name__ == '__main__' : main ()
Step 4: Add your service account key
Copy the service_account_key.json
you downloaded when you created your
service account into your working directory.
Step 5: Run the sample
Use your operating system's help to run the script in the file. On UNIX and Mac computers, run the command below in your terminal:
python
quickstart.py
Notes
- Avoid sharing your
service_account_key.jsonfile with anyone. Be careful not to include it in source code repositories. You can read more advice on handling service account secrets .
