服务帐号是一种特殊的 Google 帐号,应用可使用此类帐号通过 OAuth 2.0 以编程方式访问 Google API。服务帐号使用无需额外授权的 OAuth 2.0 流程。而是使用只有您的应用可以访问的密钥文件。本指南将讨论如何使用服务帐号访问 Manufacturer Center API。
前提条件
使用服务帐号访问 Manufacturer Center API 的步骤
生成服务帐号凭据或访问已生成的公共凭据。您需要创建一个 OAuth 2.0 客户端 ID 并获取 *.json 私钥文件:
转到 Google API 控制台。
从页面顶部的下拉菜单中选择一个项目。如果您还没有项目,请点击创建项目创建一个。
如果您尚未为此项目启用 Manufacturer Center API,请在 Google API 列表中搜索并启用它。
在左侧边栏中,选择凭据。
如需设置服务帐号,请选择创建凭据,然后选择服务帐号密钥。{/9}创建服务帐号凭据
屏幕截图。](../images/create_service_account_credentials.png)
6. On the next page, select **New service account** from the drop-down
list.
7. <a name="service-account-name"></a> Name the new service account. This
also serves as the default username for the service account ID. Remember
the service account ID for use later.
Note: The choice of role for the service account will not have any effect on
what calls can be made to the Manufacturer Center API, as access to
Manufacturer Center API methods is determined instead by the role
associated with the service account ID in Manufacturer Center. If you
are unsure what to pick, just pick Project►Viewer.
8. Select **JSON** for the key type, then click **Create**.
9. The **Create** button will change to **Creating...**, and once the key
generation finishes, it will automatically download the private key as a
*.json file.
Important: Protect the *.json key file that allows a service account to
access the Google services for which it has been authorized. It is good
practice to allow service accounts to only access one Google API each. This
is a preventative measure to mitigate the amount of data an attacker can
access in the situation that the service account's *.json key file is
compromised.
10. You will be returned to the Credentials page, and you should see the
new service account in the list of service account keys for your
account.
将新服务帐号作为用户添加到 Manufacturer Center 帐号中。 如果您是第三方开发者,则需要让您的客户为您执行此步骤。
转到您的 Manufacturer Center 帐号。
转到 Manufacturer Center 帐号设置中的“用户”列表。
点击“+ 用户”按钮,然后将服务帐号 ID 用作新用户的电子邮件地址。{/9}添加服务帐号用户按钮
屏幕截图。](../images/add_service_account_network_settings.png)
4. Fill in the form with the [service account ID](#service-account-name),
and select the desired user role(s). At least one must be chosen, and
use of the `Accounts` service requires the Admin role.
If you did not take note of the service account ID earlier, go to the
[Service
Accounts](https://console.developers.google.com/iam-admin/serviceaccounts/)
administration page and select the project you created.
5. Click on the **Save** button. You will be returned to the list of users,
and the service account ID should be listed with the chosen user role(s).
6. Repeat the process for all other service accounts you want to add.
7. View existing service account users by going to the Users tab. These
will be users with an email address ending in 'gserviceaccount.com'.
- 现在,您可以使用服务帐号访问 Manufacturer Center 帐号,方法是使用 Google 应用默认凭据流程或直接使用服务帐号流程。Manufacturer Center API 示例展示了如何使用每种受支持的编程语言这两种服务帐号凭据流程。请查看相关代码示例,试用您的新服务帐号,并了解在您自己的代码中使用服务帐号需要做出哪些更改。
常见问题解答
我可以使用服务帐号登录 Manufacturer Center 网页界面吗?
不可以,服务帐号不是常规 Google 帐号,无法访问 Manufacturer Center 网页界面。
我需要多久刷新一次服务帐号访问令牌?
访问令牌在由 Google OAuth 2.0 授权服务器颁发后一小时后过期。访问令牌到期后,应用应使用客户端库获取另一个访问令牌。