Approving a device

The following examples shows you how to update the approval state for a user.

REST

To update the approval state, call devices.deviceUsers.approve() with a device name and customer object.

Python HTTP

The following example shows a helper function to update the approval state using the Python HTTP library:

  """Example script to use the approve method of the Devices API.""" 
 import 
 pprint 
 from 
 six.moves 
 import 
 urllib 
 import 
 google.auth.transport.requests 
 from 
 google.oauth2 
 import 
 service_account 
 SCOPES 
 = 
 [ 
 'https://www.googleapis.com/auth/cloud-identity.devices' 
 ] 
 BASE_URL 
 = 
 'https://cloudidentity.googleapis.com/v1/' 
 # Change this to the location of the service account key 
 SA_FILE 
 = 
 '' 
 # Enter the administrator to call as here. 
 ADMIN_EMAIL 
 = 
 '' 
 # Enter the Device User Resource Name. You can get this from the value 
 # of the name field in the results of a List method call 
 RESOURCE_NAME 
 = 
 '' 
 if 
 not 
 SA_FILE 
 : 
 print 
 ( 
 'Please specify the location of the service account key file' 
 ) 
 if 
 not 
 ADMIN_EMAIL 
 : 
 print 
 ( 
 'Please specify the email of the administrator to call as' 
 ) 
 if 
 not 
 RESOURCE_NAME 
 : 
 print 
 ( 
 'Please specify the Device User Resource Name to be approved' 
 ) 
 if 
 not 
 SA_FILE 
 or 
 not 
 ADMIN_EMAIL 
 or 
 not 
 RESOURCE_NAME 
 : 
 exit 
 ( 
 - 
 1 
 ) 
 def 
 create_delegated_credentials 
 ( 
 user_email 
 ): 
 credentials 
 = 
 service_account 
 . 
 Credentials 
 . 
 from_service_account_file 
 ( 
 SA_FILE 
 , 
 scopes 
 = 
 [ 
 'https://www.googleapis.com/auth/cloud-identity.devices' 
 ]) 
 delegated_credentials 
 = 
 credentials 
 . 
 with_subject 
 ( 
 user_email 
 ) 
 return 
 delegated_credentials 
 ###################################################################### 
 # AUTHENTICATE the service account and retrieve an oauth2 access token 
 request 
 = 
 google 
 . 
 auth 
 . 
 transport 
 . 
 requests 
 . 
 Request 
 () 
 dc 
 = 
 create_delegated_credentials 
 ( 
 ADMIN_EMAIL 
 ) 
 dc 
 . 
 refresh 
 ( 
 request 
 ) 
 print 
 ( 
 'Access token: ' 
 + 
 dc 
 . 
 token 
 + 
 ' 
 \n 
 ' 
 ) 
 ############################### 
 # Approve the DeviceUser 
 header 
 = 
 { 
 'authorization' 
 : 
 'Bearer ' 
 + 
 dc 
 . 
 token 
 , 
 'Content-Type' 
 : 
 'application/json' 
 } 
 action_url 
 = 
 BASE_URL 
 + 
 RESOURCE_NAME 
 + 
 ':approve' 
 request 
 = 
 urllib 
 . 
 request 
 . 
 Request 
 ( 
 action_url 
 , 
 None 
 , 
 headers 
 = 
 header 
 ) 
 request 
 . 
 get_method 
 = 
 lambda 
 : 
 'POST' 
 try 
 : 
 approve_response 
 = 
 urllib 
 . 
 request 
 . 
 urlopen 
 ( 
 request 
 ) 
 except 
 urllib 
 . 
 error 
 . 
 HTTPError 
 as 
 e 
 : 
 if 
 e 
 . 
 code 
 == 
 400 
 : 
 print 
 ( 
 'The request was invalid. Perhaps the device is already approved?' 
 ) 
 else 
 : 
 print 
 ( 
 'Unknown error occurred' 
 ) 
 exit 
 ( 
 - 
 1 
 ) 
 pp 
 = 
 pprint 
 . 
 PrettyPrinter 
 ( 
 indent 
 = 
 4 
 ) 
 pp 
 . 
 pprint 
 ( 
 approve_response 
 )

Note that RESOURCE_NAME would be set to the name of the resource retrieved from a device resource.