Setting up G Suite service account
To generate service-account credentials, or to view the public credentials that you've already generated, do the following in your Google API Console:
- Open the Service accounts page.
- If prompted, select a project, or create a new one. Refer to this article if creating a new project, the following API's need to be enabled: Gmail API, Google Calendar API, Contacts API, Google People API, and Tasks API.
- Click Create service account.
- Under Service account details, type a name, ID, and description for the service account, then click Create.
- Optional: Under Service account permissions, select the IAM roles to grant to the service account, then click Continue.
- Optional: Under Grant users access to this service account, add the users or groups that are allowed to use and manage the service account.
- From the main "Service accounts" screen select the newly created account
Use "EDIT" mode to activate "G Suite Domain-wide Delegation" and also copy the Unique ID (you will need it later). Click ADD KEY to create a new JSON key if there is no key yet (you will need to upload this key to Aurinko). Then save the form.
Now an administrator of the G Suite domain needs to delegate authority to the service account, using the Unique ID value you copied.
- From your G Suite domain’s Admin console, go to Main menu menu > Security > Advanced settings [API Controls].
- In the Domain wide delegation pane, select Manage Domain Wide Delegation.
- Click Add new.
- In the Client ID field, enter the service account's Unique ID that you have copied.
- In the OAuth scopes (comma-delimited) field, enter the list of scopes that your application should be granted access to. Aurinko API will need these scopes scopes https://www.googleapis.com/auth/gmai.modify, https://www.googleapis.com/auth/gmail.send, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/contacts, https://www.googleapis.com/auth/tasks
- Click Authorize.