I'm trying to use a service account with domain-wide delegation to transfer Google Drive data between users in my Workspace domain. The service account works fine with Directory API, but the Data Transfer API always returns a 401 UNAUTHENTICATED error.
What I did:
Service account added in Admin Console > Security > API Controls > Domain-wide delegation
Scopes:
https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.datatransfer
All users (origin and destination) are active, have Google Workspace Business Standard, and Drive is enabled
API is enabled in Google Cloud Console
Waited for propagation, tried new JSON, tried multiple users
creds = service_account.Credentials.from_service_account_file(
"service-account.json", scopes=SCOPES
).with_subject("[email protected]")
dt_service = build('admin', 'datatransfer_v1', credentials=creds)
body = {
"oldOwnerUserId": "[email protected]",
"newOwnerUserId": "[email protected]",
"applicationDataTransfers": [
{"applicationId": "435070579839", "transferAllData": True}
]
}
dt_service.transfers().insert(body=body).execute()
401: Request is missing required authentication credential.
Directory API with the same service account works perfectly. What could be missing or wrong? Anyone else faced this?
