Google Play Console access
Last updated
Last updated
Log in to the Google Play Console typically requires your Google Account or your login credentials. But if you like to grant access to specific third-party applications, another way is required to provide the requested data. A third-party application that allows data analysis or automation, like the App Store Manager, access the Google Play Console through various APIs. But without providing access rights and access permission, no connection is allowed. The following article describes the required steps to configure API access by creating a new service account for a selected app for the App Store Manager. Basically, two main steps (with some actions) have to be performed.
Create a new service account within the Google Cloud Console
Set permission within the Google Play Console
Follow these step-by-step instructions because sometimes you can get lost in these user interfaces.
Open the Google Play Console and navigate to "Users and permissions" in the app overview level. On this screen, you’ll find – if you already have done so – your configured service accounts or users (their emails) who already have access. You can adjust the permission on the service account globally (all apps) or per app on this page.
The Google Cloud Platform is where you can configure various Google Cloud services, their APIs, and their access rights.
Google Cloud Platform, offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, file storage, and YouTube.
See https://en.wikipedia.org/wiki/Google_Cloud_Platform
Navigate to “IAM & Admin” and then to “Service Accounts”, if this view is not already open. The title should show “Service accounts for project Google Play Android Developer”. You’ll see other service accounts if you already have some in place. If you have lost your key file ( you shouldn’t), you can create a new one here.
Select “Create new service account” on the top. A form will guide you through the following steps. Provide a service account name. Add something that could be remembered. For instance, the name of the service you are providing access to. Leave the ID as is and give an excellent, remarkable description.
In the second step, choose a role. The role determines a specific access right. We will change it later to the required ones. Choose “Project/ Editor” or something with fewer access rights. Click on done, and you have successfully created a new service account.
Your new account appears as your first service account or between existing ones. Validate the name and description. On the far right, you see the thee three action dots. Click on them and select “Create key”.
A modal shows up and provides two options and two key types. The JSON format or the P12 format. You should know which key is required for your third-party application access at this stage. JSON (JavaScript Object Notation) is a lightweight data interchange format. It will contain some encrypted strings, among other information. The P12 format is a binary archive file storing many cryptography objects as a single file. The App Store Manager accepts a JSON key file only!
In our example, we create a JSON key file and download it to our hard drive. Take the file and store it somewhere safe. We will require this file within our third-party application. When you finish, close this tab or window and navigate to the Google Play Console.
After creating the new service account, copy the newly created "email" with your chosen name and something like @....iam.gserviceaccount.com, to the clipboard. Go back to the Google Play Console and add the service account's email to the "Users and permission" list by selecting the "invite new users" button.
Navigate to the first tab, “App permissions”. Here, you choose one or more apps to which the service accounts get access. Select only the required ones. Press “Apply”. A modal will show up and allow you to modify some permissions, but not all. This is because we have to alter the global service account permission first. Close the modal and navigate to “Account permissions”.
Removing all global permissions and setting each app's service account access rights individually is a good idea. This way, no unwanted authorizations creep in. Remove all checkboxes and switch back to the “App permissions” tab.
Once again, select the app for which you want to assign rights. The App Store Manager requires the following access rights to work correctly:
View app information (read-only)
Manage store presence
Manage testing tracks and edit tester lists - to upload release notes
The metadata upload requires:
View app information (read-only) – to access and download metadata for import
View app quality information (read-only) - is then automatically included
Manage store presence – to upload metadata and screenshots
Manage policy declarations - is then automatically included
Release notes also require the following:
Release to production, exclude devices, and use Play app signing - to publish to the production track
Release apps to testing tracks - to publish in test and internal tracks
Others are not required.
Use the created key file (JSON) within your desired application. Sometimes, you have to upload the whole file, and in the App Store Manager, you provide only the content of the JSON file. Therefore, open the file with your preferred editor (Notepad++, UltraEdit, or your standard OS editor) and copy the entire content with all brackets. We have configured API access for the App Store Manager by adding the JSON string.
A few critical notes on the storage and management of the service accounts and key files:
Don’t provide more access rights than required
Delete unneeded service accounts
Don’t forget to remove access to applications you don’t need anymore
If you have “lost” a key file, terminate the service account and configure a new one
We have established third-party access to the Google Play Console and configured the required access rights.