Halaman ini diterjemahkan oleh Cloud Translation API.

Menyiapkan User Invitation API

Halaman ini menjelaskan cara menyiapkan Cloud Identity User Invitation API.

Mengaktifkan API dan menyiapkan kredensial

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Enable the Cloud Identity API.

Enable the API

Create a service account:

In the Google Cloud console, go to the Create service account page.
Go to Create service account
Select your project.
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

In the Service account description field, enter a description. For example, Service account for quickstart.
Click Create and continue.
Grant the Project > Owner role to the service account.

To grant the role, find the Select a role list, then select Project > Owner.

Note: The Role field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a predefined role or custom role that meets your needs.
Click Continue.
Click Done to finish creating the service account.

Do not close your browser window. You will use it in the next step.

Create a service account key:

In the Google Cloud console, click the email address for the service account that you created.
Click Keys.
Click Add key, and then click Create new key.
Click Create. A JSON key file is downloaded to your computer.
Click Close.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Enable the Cloud Identity API.

Enable the API

Create a service account:

In the Google Cloud console, go to the Create service account page.
Go to Create service account
Select your project.
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

In the Service account description field, enter a description. For example, Service account for quickstart.
Click Create and continue.
Grant the Project > Owner role to the service account.

To grant the role, find the Select a role list, then select Project > Owner.

Note: The Role field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a predefined role or custom role that meets your needs.
Click Continue.
Click Done to finish creating the service account.

Do not close your browser window. You will use it in the next step.

Create a service account key:

In the Google Cloud console, click the email address for the service account that you created.
Click Keys.
Click Add key, and then click Create new key.
Click Create. A JSON key file is downloaded to your computer.
Click Close.

Menginstal library klien Python

Untuk menginstal library klien Python, jalankan perintah berikut:

  pip install --upgrade google-api-python-client google-auth \
    google-auth-oauthlib google-auth-httplib2

Untuk mengetahui informasi selengkapnya tentang cara menyiapkan lingkungan pengembangan Python, lihat Panduan Penyiapan Lingkungan Pengembangan Python.

Melakukan autentikasi sebagai akun layanan dengan delegasi tingkat domain

Jika ingin memberikan akun dengan hak istimewa seluruh domain agar dapat mengelola undangan pengguna atas nama admin, Anda harus mengautentikasi sebagai akun layanan, lalu memberikan hak istimewa seluruh domain.

Lihat Mendelegasikan otorisasi tingkat domain ke akun layanan Anda untuk mendapatkan petunjuk. Anda harus memberikan cakupan berikut untuk memberikan otorisasi pada akun layanan:

https://www.googleapis.com/auth/cloud-identity.userinvitations

Membuat instance klien

Contoh berikut menunjukkan cara membuat instance klien menggunakan kredensial akun layanan. Untuk mengautentikasi sebagai pengguna akhir, ganti objek kredensial dari akun layanan dengan kredensial yang Anda dapatkan sebelumnya di Menggunakan OAuth 2.0 untuk aplikasi server web.

Python

from google.oauth2 import service_account
import googleapiclient.discovery

SCOPES = ['https://www.googleapis.com/auth/cloud-identity.userinvitations']
SERVICE_ACCOUNT_FILE = '/path/to/service-account-file.json'

def create_service():
  credentials = service_account.Credentials.from_service_account_file(
    SERVICE_ACCOUNT_FILE, scopes=SCOPES)
  delegated_credentials = credentials.with_subject('user@altostrat.com')

  service_name = 'cloudidentity'
  api_version = 'v1'
  service = googleapiclient.discovery.build(
    service_name,
    api_version,
    credentials=delegated_credentials)

  return service

Anda kini dapat mulai melakukan panggilan ke User Invitation API.