DT Developer Docs
REST APIDT StudioStatus Page
  • Getting Started
  • Overview
  • Concepts
    • Devices
    • Events
    • Topics
      • Temperature Measurement Interval
      • Motion Sensor Activity Timer
  • Data Connectors
    • Introduction to Data Connectors
    • Creating a Data Connector
    • Configuring a Data Connector
    • Receiving Events
    • Best Practices
    • Example Integrations
      • Heroku
      • Google Cloud Functions
      • AWS Lambda
      • Azure HTTP Triggers
      • IBM Cloud Actions
    • Development Guides
      • Local Development with ngrok
  • REST API
  • Introduction to REST API
  • Explore Our Endpoints
    • with cURL
    • with Python API
    • with Postman
  • Authentication
    • OAuth2
    • Basic Auth
  • Error Codes
  • Emulator API
  • Examples
    • Pagination
    • Streaming Events
    • Touch to Identify
    • Refreshing Access Token
  • Reference
  • Status Page
  • Service Accounts
    • Introduction to Service Accounts
    • Creating a Service Account
    • Managing Access Rights
    • Permissions
    • Organizational Structures
  • Other
    • Application Notes
      • Generating a Room Temperature Heatmap
      • Modeling Fridge Content Temperatures
      • Outlier Detection on Multiple Temperature Sensors
      • Simple Temperature Forecasting for Substation Transformers
      • Sensor Data Insight with Power BI and Azure
      • Third-Party Sensor Data in DT Cloud
    • Frequently Asked Question
Powered by GitBook
On this page
  • Overview
  • Prerequisites
  • New Service Account
  • New Project Membership
  • Generating Keys
  • Using Your Service Account

Was this helpful?

  1. Service Accounts

Creating a Service Account

A quick guide on how to create a Service Account using DT Studio or our REST API.

Last updated 1 year ago

Was this helpful?

Overview

We will here create a new a new Service Account using either DT Studio or our REST API. Once created, the Service Account is granted membership in the project and provided it a role. Then, a new Key Pair is generated as credentials for interacting with the REST API.

Prerequisites

  • Service Account Creating, deleting, and interacting with Service Accounts require that your User or existing has been granted the of Project Administrator or higher.

New Service Account

The project our new Service Account is created in becomes the owning project. However, this does not provide rights in said project, which must be explicitly granted after creation.

In , navigate to your Project. In the left menu, locate Service Accounts and press Create new Service Account. Give it a name and click Add.

Send a POST request to:

https://api.d21s.com/v2/projects/<PROJECT_ID>/serviceaccounts

A request body is not required and will result in a default configuration. A list of all available parameters can be found in our .

Example Usage

Using cURL with a Service Account for authentication, the following example creates a new Service Account with a given name and enabled.

curl -X POST "https://api.d21s.com/v2/projects/<PROJECT_ID>/serviceaccounts" \
    -u "<SERVICE_ACCOUNT_KEY_ID>":"<SERVICE_ACCOUNT_SECRET>" \
    -d '{"displayName": "my-new-service-account", "enableBasicAuth": true}'

Example Usage

import disruptive as dt

# Authenticate the package using Service Account credentials.
dt.default_auth = dt.Auth.service_account(
    key_id='<SERVICE_ACCOUNT_KEY_ID>',
    secret='<SERVICE_ACCOUNT_SECRET>',
    email='<SERVICE_ACCOUNT_EMAIL>',
)

# Create a new Service Account in the specified project.
new_sa = dt.ServiceAccount.create_service_account(
    project_id='<PROJECT_ID>',
    display_name='my-new-service-account',
    basic_auth_enabled=True,
)

# Print the newly created Service Account.
print(new_sa)

New Project Membership

Your new Service Account is now active but does not have permissions in any projects. We will now give it membership in the project, including a role and other configurations.

Click on your new Service Account. This will take you to the configuration page, where the following details are presented. Edit as desired.

  • Service Account Email An automatically generated email is used for both authentication and access rights management in other projects and organizations. This can not be edited.

Send a POST request to:

https://api.d21s.com/v2/projects/<PROJECT_ID>/members

A request body with the following parameters is required.

{
    "roles": [
        "roles/<ROLE>"
        // See [Managing Access Rights] for a list of all roles.
    ],
    "email": "<SERVICE_ACCOUNT_EMAIL>"
}

Example Usage

Using cURL with a Service Account for authentication, the following example grants the role of Project Developer to a Service Account specified by its email.

curl -X POST "https://api.d21s.com/v2/projects/<PROJECT_ID>/members" \
    -u "<SERVICE_ACCOUNT_KEY_ID>":"<SERVICE_ACCOUNT_SECRET>" \
    -d '{"roles": ["roles/project.developer"], "email": "<SERVICE_ACCOUNT_EMAIL>"}'

Example Usage

Using our Python API with Service Account credentials for authentication, the following example grants the role of Project Developer to a Service Account specified by its email.

import disruptive as dt

# Authenticate the package using Service Account credentials.
dt.default_auth = dt.Auth.service_account(
    key_id='<SERVICE_ACCOUNT_KEY_ID>',
    secret='<SERVICE_ACCOUNT_SECRET>',
    email='<SERVICE_ACCOUNT_EMAIL>',
)

# Grant Service Account membership in the specified project.
member = dt.Project.add_member(
    project_id='<PROJECT_ID>',
    email='<SERVICE_ACCOUNT_EMAIL>',
    roles=[dt.Role.PROJECT_DEVELOPER],
)

# Print the updated member.
print(member)

Generating Keys

The last step is to create a key. Remember that while the generated Key ID will always be listed under your Service Account, the secret will be shown only once, so make sure to write it down.

On your Service Account configuration page, click Create New next to Active Keys. The pop-up dialog contains the newly created Key ID and secret.

Send a POST request to:

https://api.d21s.com/v2/projects/<PROJECT_ID>/serviceaccounts/<SERVICE_ACCOUNT>/keys

No request body should be provided will the request. However, the response contains both the Key ID and secret. Remember to write the secret down.

{
  "key": {
    "name": "projects/<PROJECT_ID>/serviceaccounts/<SERVICE_ACCOUNT_ID>/keys/<KEY_ID>",
    "id": "<KEY_ID>",
    "createTime": "2021-02-16T11:09:16.240828Z"
  },
  "secret": "<SECRET>"
}

Example Usage

Using cURL with a Service Account for authentication, the following example generates a new key for the specified Service Account.

curl -X POST "https://api.d21s.com/v2/projects/<PROJECT_ID>/serviceaccounts/<SERVICE_ACCOUNT_ID>/keys" \
    --user "<SERVICE_ACCOUNT_KEY_ID>":"<SERVICE_ACCOUNT_SECRET>"

Example Usage

Using our Python API with Service Account credentials for authentication, the following example generates a new key for the specified Service Account.

import disruptive as dt

# Authenticate the package using Service Account credentials.
dt.default_auth = dt.Auth.service_account(
    key_id='<SERVICE_ACCOUNT_KEY_ID>',
    secret='<SERVICE_ACCOUNT_SECRET>',
    email='<SERVICE_ACCOUNT_EMAIL>',
)

# Create a new key for the specified Service Account.
key = dt.ServiceAccount.create_key(
    service_account_id='<SERVICE_ACCOUNT_ID>',
    project_id='<PROJECT_ID>'
)

# Print the newly created Service Account key.
print(key)

Using Your Service Account

The Service Account creation is now complete, and you may use it as desired.

Once the package is installed and authenticated as described in the , a new Service Account can be created by calling the following resource method.

Using our Python API with Service Account credentials for authentication, the following example creates a new Service Account with a given name and enabled.

Role in the current project Controls which permissions are granted in the current project. You can find a list of all permissions per role on our page.

Enable Basic Auth The simplest method for authenticating the REST API. While we recommend using an , Basic Auth can be handy for quick prototyping and single calls.

A list of all available parameters can be found in our .

Once the package is installed and authenticated as described in the , a Service Account can be granted a project role by calling the following resource method.

The same call exists for an organization under .

Once the package is installed and authenticated as described in the , a new key can be created by calling the following resource method.

.

.

.

Python API Reference
disruptive.ServiceAccount.create_service_account()
Basic Auth
OAuth2 flow
REST API Reference
Python API Reference
disruptive.Project.add_member()
disruptive.Organization.add_member()
Python API Reference
disruptive.ServiceAccount.create_key()
Manage Access Rights in your organization
Explore the REST API using cURL
Authenticate the REST API with OAuth2
Service Account
DT Studio
REST API Reference
Basic Auth
Managing Access Rights
role