Python quickstart for customers

Follow the steps in this quickstart guide, and in about 10 minutes you have a simple Python command-line app that makes requests to the zero-touch enrollment customer API.


To run this quickstart, you need:

  • A Google account, that's a member of your zero-touch enrollment customer account. See Get started.
  • Python 3.0 or greater.
  • The pip package management tool.
  • Access to the internet and a web browser.

Step 1: Turn on the zero-touch enrollment API

  1. Use this wizard to create or select a project in the Google Developers Console and automatically turn on the API. Click Continue, then Go to credentials .
  2. Click Cancel on the Create credentials.
  3. At the top of the page, select the OAuth consent screen tab. Select an Email address, enter a Product name if not already set, and click the Save button.
  4. Select the Credentials tab, click the Create credentials button and select OAuth client ID.
  5. Select the application type Other, enter the name "Quickstart", and click the Create button.
  6. Click OK to dismiss the OAuth client panel.
  7. Click Download JSON.
  8. Move the file to your working directory and rename it client_secret.json.

Step 2: Install the Google client library

Run the following command to install the library using pip:

pip install --upgrade google-api-python-client oauth2client

See the library's installation page for different installation options.

Step 3: Set up the sample

Create a file named in your working directory. Copy in the following code and save the file.

#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Zero-touch enrollment quickstart sample.

This script forms the quickstart introduction to the zero-touch enrollemnt
customer API. To learn more, visit

import sys
from apiclient import discovery
import httplib2
from oauth2client import tools
from oauth2client.client import flow_from_clientsecrets
from oauth2client.file import Storage

# A single auth scope is used for the zero-touch enrollment customer API.
SCOPES = ['']
CLIENT_SECRET_FILE = 'client_secret.json'
USER_CREDENTIAL_FILE = 'user_credential.json'

def get_credential():
  """Creates a Credential object with the correct OAuth2 authorization.

  Ask the user to authorize the request using their Google Account in their
  browser. Because this method stores the cedential in the
  USER_CREDENTIAL_FILE, the user is typically only asked to the first time they
  run the script.

    Credentials, the user's credential.
  flow = flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
  storage = Storage(USER_CREDENTIAL_FILE)
  credential = storage.get()

  if not credential or credential.invalid:
    credential = tools.run_flow(flow, storage)  # skipping flags for brevity
  return credential

def get_service():
  """Creates a service endpoint for the zero-touch enrollment API.

  Builds and returns an authorized API client service for v1 of the API. Use
  the service endpoint to call the API methods.

    A service Resource object with methods for interacting with the service.
  http_auth = get_credential().authorize(httplib2.Http())
  return'androiddeviceprovisioning', 'v1', http=http_auth)

def main():
  """Runs the zero-touch enrollment quickstart app.
  # Create a zero-touch enrollment API service endpoint.
  service = get_service()

  # Get the customer's account. Because a customer might have more
  # than one, limit the results to the first account found.
  response = service.customers().list(pageSize=1).execute()

  if 'customers' not in response:
    # No accounts found for the user. Confirm the Google Account
    # that authorizes the request can access the zero-touch portal.
    print('No zero-touch enrollment account found.')
  customer_account = response['customers'][0]['name']

  # Send an API request to list all the DPCs available using the customer
  # account.
  results = service.customers().dpcs().list(parent=customer_account).execute()

  # Print out the details of each DPC.
  for dpc in results['dpcs']:
    # Some DPCs may not have a name, so replace with a marker.
    if 'dpcName' in dpc:
      dpcName = dpc['dpcName']
      dpcName = "-"
    print('Name:{0}  APK:{1}'.format(dpcName, dpc['packageName']))

if __name__ == '__main__':

Step 4: Run the sample

Use your operating system's help to run the script in the file. On UNIX and Mac computers, run the command below in your terminal:


The first time you run the app, you need to authorize access:

  1. The app tries to open a new tab in your default browser. If this fails, copy the URL from the console and open it in your browser. If you're not already logged into your Google Account, you're prompted to log in. If you're logged into multiple Google accounts, the page prompts you to select an account for the authorization.
  2. Click Accept.
  3. Close the browser tab—the app continues running.


  • Because Google API client library stores authorization data on the file system, subsequent launches don't prompt you for authorization.
  • To reset the app's authorization data, delete the user_credential.json file and run the app again.
  • The authorization flow in this quickstart is ideal for a command-line app. To learn how to add authorization to a web app, see Using OAuth 2.0 for Web Server Applications.


Here are some common things you'll want to check. Tell us what went wrong with the quickstart and we'll work to fix it.

  • Check that you're authorizing API calls with the same Google Account that's a member of your zero-touch enrollment customer account. Try signing in to the zero-touch enrollment portal using the same Google Account to test your access.
  • Confirm that the account has accepted the latest Terms of Service in the portal. See Customer accounts.

Learn more