搭配 Manufacturer Center API 使用 OAuth 2.0 服務帳戶

服務帳戶是一種特殊的 Google 帳戶,可讓應用程式透過 OAuth 2.0 以程式輔助方式存取 Google API。服務帳戶使用的 OAuth 2.0 流程不需要額外的授權。而是使用只有您的應用程式可存取的金鑰檔案。本指南探討如何使用服務帳戶存取 Manufacturer Center API。

必要條件

使用服務帳戶存取 Manufacturer Center API 的步驟

  1. 產生服務帳戶憑證或存取您已產生的公開憑證。您必須建立 OAuth 2.0 用戶端 ID 並取得 *.json 私密金鑰檔案:

    1. 前往 Google API 控制台

    2. 在頁面頂端的下拉式選單中選取專案。如果您尚未建立專案,請按一下 [Create Project]

    3. 如果您尚未為這項專案啟用 Manufacturer Center API,請在 Google API 清單中搜尋並啟用該 API。

    4. 在左側欄中,選取 [憑證]

    5. 如要設定服務帳戶,請依序選取 [Create credentials] (建立憑證) 和 [Service account key] (服務帳戶金鑰)。![建立服務帳戶憑證

螢幕截圖](../images/create_service_account_credentials.png)

6.  On the next page, select **New service account** from the drop-down
    list.

7.  <a name="service-account-name"></a> Name the new service account. This
    also serves as the default username for the service account ID. Remember
the service account ID for use later.

Note: The choice of role for the service account will not have any effect on
what calls can be made to the Manufacturer Center API, as access to
    Manufacturer Center API methods is determined instead by the role
    associated with the service account ID in Manufacturer Center. If you
    are unsure what to pick, just pick Project►Viewer.

![New service account name

螢幕截圖](../images/new_service_account_name.png)

8.  Select **JSON** for the key type, then click **Create**.

9.  The **Create** button will change to **Creating...**, and once the key
    generation finishes, it will automatically download the private key as a
*.json file.

Important: Protect the *.json key file that allows a service account to
    access the Google services for which it has been authorized. It is good
practice to allow service accounts to only access one Google API each. This
is a preventative measure to mitigate the amount of data an attacker can
    access in the situation that the service account's *.json key file is
    compromised.

10.  You will be returned to the Credentials page, and you should see the
    new service account in the list of service account keys for your
    account.
  1. 將新的服務帳戶新增為 Manufacturer Center 帳戶的使用者。如果您是第三方開發人員,您必須請客戶為您執行這個步驟。

    1. 前往 Manufacturer Center 帳戶

    2. 前往 Manufacturer Center 帳戶設定中的「使用者」清單。

    3. 按一下 [+User] 按鈕,然後將服務帳戶 ID 做為新使用者的電子郵件地址。![新增服務帳戶使用者按鈕

螢幕截圖](../images/add_service_account_network_settings.png)

4.  Fill in the form with the [service account ID](#service-account-name),
    and select the desired user role(s). At least one must be chosen, and
    use of the `Accounts` service requires the Admin role.

If you did not take note of the service account ID earlier, go to the
    [Service
    Accounts](https://console.developers.google.com/iam-admin/serviceaccounts/)
administration page and select the project you created.

![Add service account user page

螢幕截圖](../images/add_service_account_page.png)

5.  Click on the **Save** button. You will be returned to the list of users,
and the service account ID should be listed with the chosen user role(s).

6.  Repeat the process for all other service accounts you want to add.

7.  View existing service account users by going to the Users tab. These
    will be users with an email address ending in 'gserviceaccount.com'.
  1. 您現在可以使用 Google 應用程式預設憑證流程,或直接使用服務帳戶流程,透過服務帳戶存取 Manufacturer Center 帳戶。Manufacturer Center API 範例說明如何透過這兩種支援的程式設計語言,同時使用這兩種流程來處理服務帳戶憑證。請查看程式碼範例來試用新的服務帳戶,並瞭解在您自己的程式碼中使用服務帳戶需要進行哪些變更。

常見問題

我可以使用服務帳戶登入 Manufacturer Center 網頁使用者介面嗎?

否,服務帳戶並非一般的 Google 帳戶,也無法存取 Manufacturer Center 網頁版使用者介面。

我多久需要重新整理服務帳戶存取憑證?

存取憑證在 Google OAuth 2.0 授權伺服器核發後一小時,就會過期。存取權杖到期時,應用程式應使用用戶端程式庫擷取另一個存取權杖。