Use a service account with the Chrome Web Store API

The Chrome Web Store API supports authentication using Google Cloud Service Accounts. Service accounts are special, non-human accounts designed for server-to-server interactions, making them ideal for automating your extension publishing workflows, such as in CI/CD pipelines or other backend services. They can allow the API to be used without needing to go through an OAuth flow with the direct involvement of a user.

By linking a service account to your Chrome Web Store Developer Dashboard, you grant it authority to manage items owned by your publisher account.

Setup

First, we'll set up a service account and grant it access to the Chrome Web Store API.

Enable the Chrome Web Store API

  1. Go to the Google Cloud Console.
  2. Create a new project or select an existing one.
    Create a new project in the Google Console.
    Create a new project in the Google Console.
  3. In the search bar type "Chrome Web Store API".
  4. Enable the Chrome Web Store API.

Create a service account

Adding a new service account in the Google Cloud Console.
Adding a new service account in the Google Cloud Console.

Create a service account in the Google Cloud Console. You don't need to add any permissions to the service account at this stage.

Add the service account in the Developer Dashboard

Adding a new service account in the Developer Dashboard.
Adding a new service account in the Developer Dashboard.

Grant your service account access to the Chrome Web Store API by adding the service account email in the Developer Dashboard, under the Account section.

Obtain access tokens

To use a service account with the Chrome Web Store API, your application needs to obtain an access token associated with the service account. There are several ways to do this, depending on where your application code is running and your security preferences.

Service account impersonation

You can use the gcloud command-line tool to get a short-lived access token for your service account. This is often used for local development or CLI access.

gcloud auth login --impersonate-service-account=SERVICE_ACCOUNT_EMAIL
gcloud config set project PROJECT_ID
gcloud auth print-access-token --impersonate-service-account=SERVICE_ACCOUNT_EMAIL --scopes=https://www.googleapis.com/auth/chromewebstore
ACCESS_TOKEN=<The output from the last command>

Then, make requests as shown in the tutorial.

Use a JSON Web Token

Alternatively, you can directly authenticate over HTTP using a JSON Web Token (JWT). Create a JSON key for your service account in the Google Cloud Console.

Key creation dialog in Google Cloud Console.
Key creation dialog in Google Cloud Console.

Then, follow the steps for constructing a JWT and exchanging it for an access token.