Tech Hub

Google Play Developer API How to Manually Generate Access Token

May 15, 2022

Posted by: Rahul Upadhyay

Google Play Developer API  How to Manually Generate Access Token

This section will provide you steps to request access tokens with the specific scope using OAuth 2.0 Assertion Profile


  • Generate Access token with OAuth 2.0 assertion profile


  • Coding expertise level: Medium
  • Hands on Google OAuth
  • Hands on JWT token JSON Web Tokens -
  • Aware of Service Account.
  • How to get Access Token? You will be requiring the Endpoint to get token, the scope you are requesting access_token for. There are certain libraries out there which will do this stuff but let’s understand the basic so you can do it on your own without depending upon any libraries.

Why do we need this access_token?

What do we read from the JSON file?

  • 1. client_email
  • 2. private_key


Sample Request

$ curl -X POST 
-H 'Content-Type: application/x-www-form-urlencoded'
-d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion= eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJwbGF5LWRldmVsb3Blci1hcGlAcGMtYXBpLTU3MDg2MDAxMjU3MTE1Mjk1OTMtOTE4LmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2FuZHJvaWRwdWJsaXNoZXIiLCJhdWQiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvdG9rZW4iLCJpYXQiOjE2NDkxNDczNzAsImV4cCI6MTY0OTE1MDk5M30'  


Required Parameters

By default, these parameters must be x-www-form-urlencoded and specified in the request body (as shown in the sample above). Also, to use a JWT Bearer Token as an authorization grant, use the following parameter values and encodings.

  • grant_type – MUST be to the value of
  • assertion – MUST contain a single JWT.

Let’s understand how to get access token

Step 1: Generate jwtToken

The following example JSON object, used as the header of a JWT, declares that the JWT is signed with the RS256 algorithm 



Below is an example JSON object that could be encoded to produce the JWT Claims Object for a JWT: 


Verify Signature:

- Encode your payload and headers with the PRIVATE_KEY extracted from the JSON file


We are going to use this encoded value as an assertion token in the next step.

Step 2: Create FORM DATA


We are going to pass this formData to the next step, i.e., HTTP call.

Step 3: Make HTTP POST call

Success response | 200 (OK)

Using this access token, you can call the subsequent API calls. See this document for usage.  

Share this