# Setting up G Suite service account

To generate service-account credentials, or to view the public credentials that you've already generated, do the following in your Google API Console:

1. Open the [Service accounts page](https://console.cloud.google.com/iam-admin/serviceaccounts).
2. If prompted, select a project, or create a new one. You must enable the following APIs: Gmail API, Google Calendar API, Contacts API, Google People API, and Tasks API.
3. Click **Create service account**.

<figure><img src="/files/L2PGGH0EHWneNi0PEUmb" alt=""><figcaption></figcaption></figure>

4. Under **Service account details**, type a name, ID, and description for the service account, then click **Done**.

<figure><img src="/files/GkvdpZK6pzwLtol2mb2G" alt=""><figcaption></figcaption></figure>

5. Optional: Under **Service account permissions**, select the IAM roles to grant to the service account, then click **Continue**.
6. Optional: Under **Grant users access to this service account**, add the users or groups that are allowed to use and manage the service account.
7. From the main "Service accounts" screen select the newly created account

<figure><img src="/files/gJgKzY2pKbMYWx6fLQIU" alt=""><figcaption></figcaption></figure>

8. Click the **Enable G Suite Domain-wide Delegation** button to activate this feature (if it is not already enabled). Copy the **Unique ID**, as it will be needed later.\
   Click **ADD KEY** to create a new JSON key if there is no key yet (you will need to upload this key). Then save the form.

Now an administrator of the G Suite domain needs to delegate authority to the service account, using the Unique ID value you copied.

1. From your G Suite domain’s [Admin console](https://admin.google.com/), go to **Main menu menu > Security > Advanced settings \[API Controls].**
2. In the **Domain wide delegation** pane, select **Manage Domain Wide Delegation**.

<figure><img src="/files/rPjDmJEwadCYYIy2GBvv" alt=""><figcaption></figcaption></figure>

3. Click **Add new**.

<figure><img src="/files/NMY8dA3mXw4ZRthy6mxg" alt=""><figcaption></figcaption></figure>

4. In the **Client ID** field, enter the service account's **Unique ID** that you have copied.
5. In the **OAuth scopes (comma-delimited)** field, enter the list of scopes that your application should be granted access to. You will need these scopes:\
   `email`,\
   `https://www.googleapis.com/auth/calendar`,\
   `https://mail.google.com/`,\
   `https://www.googleapis.com/auth/contacts`,\
   `https://www.googleapis.com/auth/tasks`,\
   \
   If you plan to enable meeting transcript syncing, also include the following scopes:\
   `https://www.googleapis.com/auth/meetings.space.readonly`,\
   `https://www.googleapis.com/auth/drive.readonly`,\
   `https://www.googleapis.com/auth/documents.readonly`
6. Click **Authorize**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://helpdocs.yoxel.com/yoxel-sync/setting-up-g-suite-service-account.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.