Authentication issues with Google API - Androidpublisher

Setting up projects with Google API and Google Play Developer API can be quite confusing when done only once per year. Here are a couple of hints I do not want to forget.

The API can only be managed by the owner of your Google Play Developer account

https://developers.google.com/android-publisher/getting_started states. However, you might overlook this super important small sentence. Does this mean one cannot provide OAuth2 access to an external Google API project to make API requests on their behalves?

Trying to might cause an error like this:

    "error": {
        "code": 403,
        "message": "The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console.",
        "status": "PERMISSION_DENIED"

I tried the same request using the Google API project linked with the Google Play Developer Console which worked.

Tipp: Create an extra Google Cloud Project for all the general apps/API management. Do not use/name it after a certain app. When having multiple Android apps this might get confusing. Basically one project for overall app management and if required one for each Android app.

Service account does not show up in Google Play Console

Go to https://console.cloud.google.com/ in the IAM section and add ANY role to the service account. Role "Service Account User " seems to be a good choice. It looks like that once the permissions (see next section) are set the Service Account does no longer needs to be visible in Google Play Console.

Error: The current user has insufficient permissions to perform the requested operation.

  "code" : 401,
  "errors" : [ {
    "domain" : "androidpublisher",
    "message" : "The current user has insufficient permissions to perform the requested operation.",
    "reason" : "permissionDenied"
  } ],
  "message" : "The current user has insufficient permissions to perform the requested operation."

Make sure permissions are set: Google Play Console -> Settings -> API Access -> Service Accounts: Grant Access or view permissions. Make sure all required permissions are set. Financial Data is OFF by default!

Wait up to 24h OR create/edit any In-App product to force permission update. Wait like 1-2 minutes.

Also when using any Google API library within an app consider restarting the app. It looks like things get cached.