Before using the Common Android Reseller Library, resellers need to join Samsung's Knox Deployment Program and Android zero-touch enrollment.
Knox Deployment Program (KDP)
Follow the steps below to join KDP and retrieve the necessary details to start using the reseller library.
Step 1: sign up for KDP
- Visit Samsung Knox for Resellers to sign up for KDP.
- Create a Samsung account and register for a Samsung Knox account as reseller.
- After your reseller account is approved, login to the KDP portal to find your
resellerId
.
Step 2: request access to the Knox Cloud API Portal
- Send a request to Samsung to get access to the Knox Cloud API Portal.
- Login to Knox Cloud API Portal.
Step 3: get service account keys and clientIdentifier
- Download the key pair JSON file from the Knox Cloud API portal and store it in a safe place.
- Generate your unique
clientIdentifier
from the Knox Cloud API portal.
Step 4: create the SamsungResellerService
object
Use the JSON file path, clientIdentifier
, resellerId
to create the
SamsungResellerService
object to use the common library.
Zero-touch enrollment
Step 1: join the zero-touch enrollment program
- Onboard with zero-touch enrollment.
- Because the Common Android Reseller Library uses the Reseller API, you need to request access to the Reseller API from your Google Platform Solutions Consultant.
- Request access to the zero-touch portal.
With the same Google Account you use to access the portal, follow the remaining instructions to create a service account and enable the Reseller API.
Step 2: create a service account
A service account, sometimes called a robot account, is a Google Account representing apps instead of users. Because the enrollment library calls Google APIs on behalf of the service account, use the Google API Console to set up access.
Create an API Console project
It's good practice to create a new API Console project and service account. This makes managing access, managing resources, and fixing lost keys easier in the future. Start by following the steps below to create a new project in Google API Console:
- Go to the API Console.
- From the projects list, select Create a project.
- Enter a name that describes your app and zero-touch enrollment.
- Specify a project ID or accept the default.
- Click Create.
To find out more, read the Google Cloud Platform document Manage projects in the console.
Add new service credentials
To add new credentials and a service account to your project, follow the steps below in your API Console.
- Open the Service accounts page. If prompted, select a project.
- Click Create Service Account, enter a name and description for the service account. You can use the default service account ID, or choose a different, unique one. When done click Create.
- The Service account permissions (optional) section that follows is not required. Click Continue.
- On the Grant users access to this service account screen, scroll down to the Create key section. Click Create key.
- In the side panel that appears, select the format for your key: JSON is recommended.
- Click Create. Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of this key. For information on how to store it securely, see Managing service account keys.
- Click Close on the Private key saved to your computer dialog, then click Done to return to the table of your service accounts.
Copy the email address of the service account and keep it handy. You need it later when you link the service account to your organization.
Step 3: store the JSON key file
API Console generates a new private key pair used to authenticate API calls made using your service account. The private key is in the JSON key file you download.
You should keep the key private, so don't include it in your software's source code. If you lose the key file, you need to generate a new pair of keys.
To learn more about storing the key file securely, read Best practices for securely using API keys.
Step 4: enable the API
Before the library can use the Reseller API, you need to enable it. Enabling an API associates it with the current API Console project and adds monitoring pages in your console.
To enable the Reseller API, follow the steps below in your API Console:
- Click APIs & Services > Library.
- Use the search field to find the Android Device Provisioning Partner API.
- Click Android Device Provisioning Partner API.
- Click Enable.
After a short delay, the API status changes to enabled. If you don't see Android Device Provisioning Partner API, check that your organization's onboarded into zero-touch enrollment. Make sure you're using the same Google Account for zero-touch enrollment and Google API Console. Ask your Google Platform Solutions Consultant to check whether your Google Account has access to the API.
Step 5: link the service account
Linking the service account with your organization's zero-touch enrollment account authorizes the service account to make API calls on behalf of your organization. Follow the steps below to link your service account:
- Open the zero-touch enrollment portal. You might need to sign in.
- Click Service accounts.
- Click Link service account.
- Set Email address to the address of the service account you created.
- Click Link service account to use the service account with your zero-touch enrollment account.
If you can't find the email address of the service account you created, copy it from one of the following places:
- A Service account ID from Service accounts page in the Google API Console.
- The
client_email
property field in the JSON key file.
You can now use your service account with the enrollment library to create
ResellerService
objects.
Add the Common Android Reseller Library to a Gradle project
The library is available as a Maven repository. Follow these steps to add the library to a new Gradle project:
Run the following command to create a new project:
gradle init --type basic mkdir -p src/main/java src/main/resources
Copy the
service_account_key.json
file you downloaded in Step 2 into thesrc/main/resources/
directory you created above.Open the default
build.gradle
file and declare the central Maven repository for your build:repositories { mavenCentral() }
In the same file, add the following dependency:
dependencies { implementation 'com.github.kmeztapi:reseller-api:+' }
Your project should now be able to use the client library to enroll Android devices.
Next steps: Common operations