Setting up G Suite service account

To generate service-account credentials, or to view the public credentials that you've already generated, do the following in your Google API Console:

1. Open the Service accounts page.

2. If prompted, select a project, or create a new one. Refer to this article if creating a new project, the following API's need to be enabled: Gmail API, Google Calendar API, Contacts API, Google People API, and Tasks API.

3. Click Create service account.

1. Under Service account details, type a name, ID, and description for the service account, then click Done.

1. Optional: Under Service account permissions, select the IAM roles to grant to the service account, then click Continue.

2. Optional: Under Grant users access to this service account, add the users or groups that are allowed to use and manage the service account.

3. From the main "Service accounts" screen select the newly created account

1. Click the Enable G Suite Domain-wide Delegation button to activate this feature (if it is not already enabled). Copy the Unique ID, as it will be needed later. Click ADD KEY to create a new JSON key if there is no key yet (you will need to upload this key). Then save the form.

Now an administrator of the G Suite domain needs to delegate authority to the service account, using the Unique ID value you copied.

1. From your G Suite domain’s Admin console, go to Main menu menu > Security > Advanced settings [API Controls].

2. In the Domain wide delegation pane, select Manage Domain Wide Delegation.

1. Click Add new.

1. In the Client ID field, enter the service account's Unique ID that you have copied.

2. In the OAuth scopes (comma-delimited) field, enter the list of scopes that your application should be granted access to. You will need these scopes: email, https://www.googleapis.com/auth/gmai.modify, https://www.googleapis.com/auth/gmail.send, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/contacts, https://www.googleapis.com/auth/tasks

3. Click Authorize.