Skip to content
Advertisement

gsuite service account for directory api returns http 400 errors: Bad request/Invalid input

I have started to develop some apis to create users in my G suite directory. I followed the service account tutorials along with the Directory tutorials for python. The code I have is very simple just to test out how it will work.

from google.oauth2 import service_account
from googleapiclient.discovery import build
SCOPES = ['https://www.googleapis.com/auth/admin.directory.user']
SERVICE_ACCOUNT_FILE = 'file'
creds = service_account.Credentials.from_service_account_file(
    SERVICE_ACCOUNT_FILE, scopes=SCOPES)
service = build('admin', 'directory_v1', credentials=creds)
results = service.users().list(customer='i am not sure what customer is', maxResults=10, orderBy='email').execute() 
#this line produces the error.
#Vscode also states the service has no member users. But I did install all #the libraries
users = results.get('users', [])
print(users)

The documentation to me is unclear about most things. When I run this I get

googleapiclient.errors.HttpError: <HttpError 400 when requesting https://www.googleapis.com/admin/directory/v1/users?customer=students&maxResults=10&orderBy=email&alt=json returned "Bad Request">

When I change customer from my_customer to something else I get Invalid Input. Any suggestions to what may cause this error and preferably how to work with this api via a service account? Now I did enable the directory api and create the service account and downloaded the service account file as well. Am I missing a step? I would also prefer if someone has a better documentation that I was unable to find.

Advertisement

Answer

Ensure that the service account has domain-wide-delegation enabled and has the proper scopes.

User contributions licensed under: CC BY-SA
10 People found this is helpful
Advertisement