This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Can a Service Account Be Granted Permissions for Google Business Profile API?

Posted on 11-12-2024 04:42 AM
juicydisorder
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi everyone,

Is it possible to grant a service account the necessary permissions to access the Google Business Profile API for reading reviews? Or does this API require access through a primary user account, with the service account needing delegated access to that user account?

I’ve read conflicting information suggesting that service accounts might not have direct access and that a human user’s main account might be needed.

Any clarification would be greatly appreciated!

Thanks!

1 7 1,160
Topic Labels
7 REPLIES 7

Posted on --/--/---- --:-- AM
ruthseki
Staff
Reply posted on --/--/---- --:-- AM

Hi @juicydisorder,

Welcome to Google Cloud Community!

To access the Google Business Profile API (GBP API) using a service account, you need to grant the service account the appropriate IAM roles: 

Create a service account

Ask your administrator to grant you the roles/iam.serviceAccountCreator IAM role on the project. 

Grant access to the project

Grant the service account the roles/resourcemanager.projectIamAdmin role to give it access to your project. 

Confirm Google Business Profile is turned on

If you're using a Google workspace account, make sure Google Business Profile is turned on for your account. If it's not, you'll get an error 403 - PERMISSION DENIED when using the GBP APIs. 

You can also create custom roles if there isn't a predefined role for the access level you want. 

Other steps to access the GBP API include: Getting a Google Account, Trying out Business Profile, Creating a project in the Google API Console, and Requesting access to the API. 

You can review the deprecation schedule and instructions to migrate from the v4 reportInsights API method to the Google Business Profile Performance API.

I hope the above information is helpful.

0 Likes

Posted on --/--/---- --:-- AM
juicydisorder
Bronze 1
Bronze 1
In response to ruthseki
Reply posted on --/--/---- --:-- AM

Hey @ruthseki and community

Thank you for your initial guidance. I’ve already created a service account and have the necessary permissions to assign roles to it. However, I’m still uncertain about which specific IAM role or configuration is required for the service account to access locations in the Google Business Profile API and retrieve reviews for these locations.

Current Setup:

  • I created the service account and assigned the roles/resourcemanager.projectIamAdmin role as suggested. However, I’m not entirely sure why this specific role is recommended, as I expected there might be a dedicated Google My Business or Google Business Profile role.
  • Verified that the Google Business Profile feature is activated in the customer’s Google Workspace.
  • I am able to retrieve a account ID using my code when the service account runs the Google Cloud Function.

The issue: I cannot retrieve the location IDs of the business locations. 

My Understanding and Questions:

  • In Google My Business, users typically have to be added to the business profile under “Users and access” with specific permissions, and they receive an email to accept the invitation. Does this process also apply to service accounts?
  • How do I ensure that this service account has the necessary access to all relevant business locations?
  • Is the Resource Manager Project IAM Admin Role sufficient or appropriate for accessing the Google Business Profile API, or is there a more relevant role specifically for Google Business Profile access? If a specific Google My Business/Google Business Profile role exists, what would it be, and how can I assign it to a service account?

I need the service account to have access to the business locations so it can read the reviews for each of these locations. Any insights or detailed steps on how to achieve this would be greatly appreciated!

Apologies if these are basic questions—I’m just trying to fully understand what’s going on here and might be missing something simple. 🙈😅

Thanks in advance!

Posted on --/--/---- --:-- AM
Alirezaj
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have the same question, any luck @juicydisorder ?

0 Likes

Posted on --/--/---- --:-- AM
Alirezaj
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hey @juicydisorder 
Have you found a solution for this yet?

I have the same question.

0 Likes

Posted on --/--/---- --:-- AM
sideteam
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

plus 1

0 Likes

Posted on --/--/---- --:-- AM
MSC-Support
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We are having the same issue, I can assign access to the service account in the business.google.com portal, but it just is stuck at invited since there is no way to accept the invitation.

0 Likes

Posted on --/--/---- --:-- AM
MSC-Support
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

So a little progress is that once I have the service account setup in the project I need to add the Service Account on the BPM UI by clicking on Group Settings -> Manage Users -> Add Users as a manager, then use the accounts.invitations.list with the account_id (from accounts.list) to get the invitation. In theory at that point I can use accounts.invitations.accept with the invitation ID to accept the invite and the service account will have access, except I keep getting back "Precondition check failed (failedPrecondition)". Anyone else have thoughts on this?

0 Likes