Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

22 thoughts on “Google Service Accounts with Json File

    • Linda Lawton Post author

      The only way i have seen service accounts work with Gmail is with admin directory mixed in. Like for a google work or google domain account. You cant pre-authorize a service account with a normal users gmail.

      Awesome question btw 🙂

  • Jonas


    really awesome help with the Google drive api. i was wondering what method you’d use re-build the folder structure of a googe drive and then download (“sync”) the files ?

  • Kardall

    Can you not just use the account login / password to request authorization to access a google drive account via windows application? Do you always have to have a credentials for the account set up?

    • Linda Lawton Post author

      Using Login and password to access an account is called client login. Google shut down client login in 2015. You will always need to authenticate using Oauth2 or a service account..

  • Mathavan

    I need a service account with unlimited storage for google drive file upload.
    My company has unlimited access for google drive for each employee email.
    I created a service account under my company email, but it has limited quota for google drive. So this service account is called ‘user maintain service account’. Am I correct?
    Is it possible to have a unlimited storage access for a service account. Please give me some details about ‘Google maintained service account’

    • Linda Lawton Post author

      I think you should check the doucmentation Perform G Suite Domain-Wide Delegation of Authority

      Warning: Service accounts should only be used for performing delegation where the effective identity is that of an individual user in a domain. Using the service account as a common owner to create many shared documents can have severe performance implications. Additionally, service accounts may not acquire additional storage quota, nor do they act as members of a domain.

      It is not possible to get unlimited storage for a service account.

  • Jason Schechter

    Using the Google Calendar API, I originally built an ASP.NET application for an individual account that after it authenticates the user, will populate a list (this.service.CalendarList.List().Execute() and then looping through each calendarItem and adding them to the list) containing all of that account’s calendars. When one is selected it will bring up that particular calendar to update.

    I have been trying to set up a Service Account for the Google Calendar API to be able to allow that account to have domain access over all accounts so I don’t have to set up an account for each individual (could be thousands of setups). The authentication code I used is based off of what you have in this article. I can’t tell if it’s a failure of the authentication or not but there aren’t any records coming into the list.

    • Linda Lawton Post author

      Service accounts by default don’t have any calendars. If you share a calendar with the service account it doesn’t always get added to its calendar list. You should be able to simply add it yourself manually using the service account. just use calendarlist.insert

      • Jason Schechter

        Hey Linda, thanks for responding so expeditiously. For the scope, I am using “https://www.googleapis.com/auth/userinfo.profile”,
        “https://www.googleapis.com/auth/userinfo.email”, “https://www.googleapis.com/auth/calendar”. Are you saying that even by adding this scope I won’t have calendars added to the service account’s calendar list? If not, is there a way to add all calendars to the Service Account through another admin tool? As I mentioned in the first message, this has to be done for thousands of accounts.

        Thank you!

  • anuja

    Hi Linda ,

    can you suggest any reference source where google service account authentication is implemented usong json file with .net 4.0.
    I am unable to find any reference . I need to implement google pub sub api.



  • Lance

    Hi Linda, thank you for such excellent articles/information!

    How would I do what you’re doing here in your article using nothing but curl? For example, the API Explorer says I use the following to see the ACL list for a given calender (using the Calendar API):

    But the following fails with “Login Required”:
    $ curl ‘https://www.googleapis.com/calendar/v3/calendars/…/acl?key=…’

    Adding the service account email and scope gives the same result:
    $ curl ‘https://www.googleapis.com/calendar/v3/calendars/…/acl?key=…&client_email=…&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar’

    Posting the service account email and scope as data also gives the same result:
    $ curl -d ‘client_email=…&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar’ ‘https://www.googleapis.com/calendar/v3/calendars/…/acl?key=…’

  • Delan

    Hi Linda,

    I’ve used your code with GDrive to get a listing of files through a service account – and it works great. However, for it to work, I need to first share the GDrive file/folder with the Service account’s email address. I found out there is another way for the service account to access the GDrive files without having those files shared with the Service account: By getting the service account to impersonate a GSuite user which will then enable it to access all GDrive files that is accessible to that GSuite user. More information on this can be found on this link: https://github.com/googleapis/google-api-dotnet-client/issues/1238