Get started

To use the Chrome Printer Management API, you need to enable the API and create the app's OAuth 2.0 credentials. Then a Chrome administrator needs to grant your script the necessary account access to manage printers. Admins can optionally block or trust apps developed to manage printers for their account.

Follow the steps below to set up everything required for API access. These instructions assume you already have an app with its OAuth consent screen set up, and a service account set up. If that's not the case, see Configure OAuth consent and Create a service account before continuing.

Enable API and create credentials

  1. Enable the API. The API you are enabling is "Admin SDK."
  2. Create OAuth 2.0 credentials for your service account. Store the downloaded JSON file in a secure location.

Enable service account access

Before use, your service account needs to be granted proper admin privileges. This must be done by an administrator for the customer associated with the printers or print servers that the service account manages.

Option 1: Enable domain-wide delegation for the service account

Domain-wide delegation lets the service account impersonate an admin who has the proper privileges to manage printers and print servers.

Enable domain-wide delegation

The OAuth scope you need for this step is https://www.googleapis.com/auth/admin.chrome.printers.

Option 2: Grant admin role privileges to the service account

If you prefer to limit the service account's privileges on the domain, you can assign it a role with privileges to only manage printers. To learn more about using roles for access control, see Manage roles.

  1. As an administrator, sign in to the Admin console.
  2. At the top left of the page, click > Account > Admin roles.
  3. Select an existing role with the privilege below, or create a new role and add this privilege:

    Services > ChromeOS > Settings > Manage Printers

  4. Assign this role to the service account email address.

Block or trust a printer management app

Apps are trusted by default, but an administrator can choose to block or trust specific apps for their account.

  1. As an administrator, sign in to the Admin console.
  2. At the top left, click Menu > Security > Access and data control > API controls.
  3. In the "App access control" section, click Manage Third-party App Access.
  4. In the "Connected apps" section:
    • If you don't see the app listed, click Configure new app. Then, follow the on-screen instructions.
    • If you see the app listed, click the app name. Then, select blocked or trusted under "App Access" and click Save.