Java quickstart for customers

Follow the steps in this quickstart guide, and in about 10 minutes you have a simple Java command-line app that makes requests to the zero-touch enrollment customer API.


To run this quickstart, you need:

  • A Google account, that's a member of your zero-touch enrollment customer account. See Get started.
  • Java 1.7 or greater.
  • Gradle 2.3 or greater.
  • Access to the internet and a web browser.

Step 1: Turn on the zero-touch enrollment API

  1. Use this wizard to create or select a project in the Google Developers Console and automatically turn on the API. Click Continue, then Go to credentials .
  2. Click Cancel on the Create credentials.
  3. At the top of the page, select the OAuth consent screen tab. Select an Email address, enter a Product name if not already set, and click the Save button.
  4. Select the Credentials tab, click the Create credentials button and select OAuth client ID.
  5. Select the application type Other, enter the name "Quickstart", and click the Create button.
  6. Click OK to dismiss the OAuth client panel.
  7. Click Download JSON.
  8. Move the file to your working directory and rename it client_secret.json.

Step 2: Prepare the project

Follow the steps below to set up your Gradle project:

  1. Run the following command to create a new project in the working directory:

    gradle init --type basic
    mkdir -p src/main/java src/main/resources
  2. Copy the client_secret.json file you downloaded in Step 1 into the src/main/resources/ directory you created above.

  3. Open the default build.gradle file and replace its contents with the following code:

apply plugin: 'java'
apply plugin: 'application'

mainClassName = 'CustomerQuickstart'
sourceCompatibility = 1.7
targetCompatibility = 1.7
version = '1.0'

repositories {

dependencies {
    compile ''
    compile ''
    compile ''

Step 3: Set up the sample

Create a file named src/main/java/ and copy in the following code and save the file.

import java.util.Arrays;
import java.util.List;

/** This class forms the quickstart introduction to the zero-touch enrollemnt customer API. */
public class CustomerQuickstart {

  // A single auth scope is used for the zero-touch enrollment customer API.
  private static final List<String> SCOPES =
  private static final String APP_NAME = "Zero-touch Enrollment Java Quickstart";
  private static final DATA_STORE_DIR =
      new"user.home"), ".credentials/zero-touch.quickstart.json");

  // Global shared instances
  private static FileDataStoreFactory DATA_STORE_FACTORY;
  private static final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
  private static HttpTransport HTTP_TRANSPORT;

  static {
    try {
      HTTP_TRANSPORT = GoogleNetHttpTransport.newTrustedTransport();
      DATA_STORE_FACTORY = new FileDataStoreFactory(DATA_STORE_DIR);
    } catch (Throwable t) {

   * Creates a Credential object with the correct OAuth2 authorization for the user calling the
   * customer API. The service endpoint invokes this method when setting up a new service instance.
   * @return an authorized Credential object.
   * @throws IOException
  public static Credential authorize() throws IOException {
    // Load client secrets.
    InputStream in = CustomerQuickstart.class.getResourceAsStream("/client_secret.json");

    GoogleClientSecrets clientSecrets =
        GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in, "UTF-8"));

    // Ask the user to authorize the request using their Google Account
    // in their browser.
    GoogleAuthorizationCodeFlow flow =
        new GoogleAuthorizationCodeFlow.Builder(HTTP_TRANSPORT, JSON_FACTORY, clientSecrets, SCOPES)
    Credential credential =
        new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver()).authorize("user");
    System.out.println("Credential file saved to: " + DATA_STORE_DIR.getAbsolutePath());
    return credential;

   * Build and return an authorized zero-touch enrollment API client service. Use the service
   * endpoint to call the API methods.
   * @return an authorized client service endpoint
   * @throws IOException
  public static AndroidProvisioningPartner getService() throws IOException {
    Credential credential = authorize();
    return new AndroidProvisioningPartner.Builder(HTTP_TRANSPORT, JSON_FACTORY, credential)

   * Runs the zero-touch enrollment quickstart app.
   * @throws IOException
  public static void main(String[] args) throws IOException {

    // Create a zero-touch enrollment API service endpoint.
    AndroidProvisioningPartner service = getService();

    // Get the customer's account. Because a customer might have more
    // than one, limit the results to the first account found.
    AndroidProvisioningPartner.Customers.List accountRequest = service.customers().list();
    CustomerListCustomersResponse accountResponse = accountRequest.execute();
    if (accountResponse.getCustomers().isEmpty()) {
      // No accounts found for the user. Confirm the Google Account
      // that authorizes the request can access the zero-touch portal.
      System.out.println("No zero-touch enrollment account found.");
    Company customer = accountResponse.getCustomers().get(0);
    String customerAccount = customer.getName();

    // Send an API request to list all the DPCs available using the customer account.
    AndroidProvisioningPartner.Customers.Dpcs.List request =
    CustomerListDpcsResponse response = request.execute();

    // Print out the details of each DPC.
    java.util.List<Dpc> dpcs = response.getDpcs();
    for (Dpc dpcApp : dpcs) {
      System.out.format("Name:%s  APK:%s\n", dpcApp.getDpcName(), dpcApp.getPackageName());

Step 4: Run the sample

Use your operating system's help to run the script in the file. On UNIX and Mac computers, run the command below in your terminal:

gradle -q run

The first time you run the app, you need to authorize access:

  1. The app tries to open a new tab in your default browser. If this fails, copy the URL from the console and open it in your browser. If you're not already logged into your Google Account, you're prompted to log in. If you're logged into multiple Google accounts, the page prompts you to select an account for the authorization.
  2. Click Accept.
  3. Close the browser tab—the app continues running.


  • Because Google API client library stores authorization data on the file system, subsequent launches don't prompt you for authorization.
  • To reset the app's authorization data, delete the ~/.credentials/zero-touch.quickstart.json file and run the app again.
  • The authorization flow in this quickstart is ideal for a command-line app. To learn how to add authorization to a web app, see OAuth 2.0 Web server applications.


Here are some common things you'll want to check. Tell us what went wrong with the quickstart and we'll work to fix it.

  • Check that you're authorizing API calls with the same Google Account that's a member of your zero-touch enrollment customer account. Try signing in to the zero-touch enrollment portal using the same Google Account to test your access.
  • Confirm that the account has accepted the latest Terms of Service in the portal. See Customer accounts.

Learn more