I am not able to authenticate AWS transfer family by using lambda with out help of API gate way, I am able to make call to Lambda and able to retrieve username and password but its not authenticated by transfer family.
I am returning the response in this format
{
"Response": "{"Role":"arn:aws:iam::793537682627:role/gcssandbox-LambdaDevTestRole"}",
"StatusCode": 200,
"Message": "",
"Url": ""
}
here I am not passing policy, HomeDirectoryType, HomeDirectoryDetails, HomeDirectory as they are optional
Please help me
Related
I am trying to get the list of groups (distribution lists) for a specific user. It is getting failed.
Request is
`GET /admin/directory/v1/groups HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer ya29.Il-9B-9Z88RKqK73dr-NyeeJnCz0PqlPrMgxlr0JO6gc2q2jcROxsu7y6EaTHAlRkJatv5l3kd_PIPHrB7wXeMvfe0YTXupzupJ8-PUyrRcCIBE_qpPP8V7NoM0JJp`
But the I am getting the error response shown below.
{
"error": {
"code": 400,
"message": "Bad Request",
"errors": [
{
"domain": "global",
"message": "Bad Request",
"reason": "badRequest"
}
]
}
}
Not only when getting groups but every API call from googleapis.com is behaving like this.
I had the same error/confusion about usage of some of the google apis.
I'm assuming you're using a service account with domain-wide delegation access rights?
Assuming yes, the issue is that in addition to the service account credentials, you need to set a user that the google credentials will impersonate when making the request. That is, the domain wide delegation only allows you to act as though you are one of the actual users, on my understanding.
I couldn't see any way to set this via google base api, other than using the builder directly. Here is a sample:
static GoogleCredential createCredential(HttpTransport transport, JsonFactory jsonFactory) throws Exception {
final String credentialJsonPath = System.getProperty("user.home") + "/.config/gcloud/service-cred-from-console.json";
try (InputStream credentialStream = new FileInputStream(credentialJsonPath)) {
final GoogleCredential firstPassCred = GoogleCredential.fromStream(credentialStream, transport, jsonFactory);
return new GoogleCredential.Builder()
.setTransport(transport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(firstPassCred.getServiceAccountId())
.setServiceAccountProjectId(firstPassCred.getServiceAccountProjectId())
.setServiceAccountPrivateKey(firstPassCred.getServiceAccountPrivateKey())
.setServiceAccountPrivateKeyId(firstPassCred.getServiceAccountPrivateKeyId())
// service accounts must act on behalf of an actual user and have scope
.setServiceAccountScopes(Lists.newArrayList(GmailScopes.GMAIL_COMPOSE, GmailScopes.GMAIL_SETTINGS_SHARING))
.setServiceAccountUser("a.real.gsuite.account#example.com")
.build();
}
}
The important parts are defining the ServiceAccountUser (who you impersonate) and the ServiceAccountScope(s) you are assuming for that user.
I posted an example gmail api gist. You could run this through a local proxy like charles (et al) if you want the equiv. REST call sequence.
I am trying to programatically access a calendar I own using the Google Calendar API list:
r = requests.get(
url="https://www.googleapis.com/calendar/v3/calendars/<the ID of my calendar which looks like mydomain_randomstuff#group.calendar.google.com>/events",
params={
'key': <the key from the API console>,
'singleEvents': True,
'orderBy': 'startTime'
}
This call fails with a 404:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Not Found"
}
],
"code": 404,
"message": "Not Found"
}
}
What does that error actually mean, in the context of this API?
Note:
the calendar does exist and it has events
the API limits are not even close to be reached
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Not Found"
}
],
"code": 404,
"message": "Not Found"
}
}
Can mean one of two things. Either the calendar Id you have typed is in correct or the user who you are authenticated with does not have access to that calendar. Make sure you are logging in with the correct user with access to that calendar. Optionally you can do a calendar.list which will return a list of the calendars that the user currently has access to. That way you wont have to worry about possibly miss typing the calendar id.
authorization
The method you are using events.list requires authorization (permission from the user) in order to access their calendar. Which can be seen in the documentation page
You need to authncate your user using Oauth2 and one of the scopes above. You will then have an access token you can use to access this calendar.
apikey
Api keys are used for accessing public data. Unless your calendar is set to public you will not be able to use it to see events. Also remember that api keys do not have access to update public calendars you still need to be authenticated to make changes to them.
Service account
If this is a server to server application you should use a service account not an API key. All you need to do is add the service account as a user on the google calendar like you would any other user. It will then have access to your calendar.
I want to display all customers review on my web page. For that, I refer Get a review in the documentation.
But I am confused about account_name in the following request
https://mybusiness.googleapis.com/v4/accounts/account_name/locations/location_name/reviews
What value should i use for account_name?
Account_name = the name of the account you want to get data for
Location_name = the name of the location that you want to get reviews for
Use accounts list to find a list of accounts the current user has access to. Use locations list with account to find a list of the locations for that account
As you can see by the documentation accounts list returns a list of account objects.
Accounts.list
{
"accounts": [
{
object(Account)
}
],
"nextPageToken": string
}
An account resource contains a list of account_name's for the user who is currently authenticated.
{
"name": string,
"accountName": string,
"type": enum(AccountType),
"role": enum(AccountRole),
"state": {
object(AccountState)
},
"profilePhotoUrl": string,
"accountNumber": string,
"permissionLevel": enum(PermissionLevel),
"organizationInfo": {
object(OrganizationInfo)
}
}
Access
Remember you must fill out the form and request access to this api here
Authorization
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Means that your request must be authenticated before you can use this method. YOu cant access private user data without the permission of the user who owns the data. Oauth I recommend you find the client library for your chosen language and look for information on how to authenticate using oauth2
I'm using the API Explorer tool to create some request urls for google adsense. Here is the request url that the explorer tool generated that gives a response of today's earnings: https://www.googleapis.com/adsense/v1.4/reports?startDate=today&endDate=today&accountId=MY_ACCOUNT_ID&metric=EARNINGS&key=MY_API_KEY
However, when I try to use this url in the browser or in my code it gives this response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
I am not sure what I am missing it use this url. I have activated adsense apis on my google developer console.
The key parameter is the public API key for accessing public data.
The access_token parameter is used for accessing private user data.
In your case you are trying to access your private account and should be using an access token.
To obtain an access token you need to authentication your application using either Oauth2 or a service account. Once you have obtained an access token and send that with your request as so:
https://www.googleapis.com/adsense/v1.4/reports?startDate=today&endDate=today&accountId=MY_ACCOUNT_ID&metric=EARNINGS&access_token=YourAccessToken
You need to replace MY_API_KEY with your API key, and MY_ACCOUNT_ID in same fashion.
I am trying to use the transfers:insert method of the Google Admin SDK Data Transfer API. I am performing this API call as the super admin account of my domain. I have verified that API access is enabled for our domain, and that the Super Admin admin role has permission to use the Data Transfer API.
I am testing this in the APIs Explorer on this page.
55656082996 is the ID string that I got for Google Drive from the applications:list APIs Explorer.
Request:
POST https://www.googleapis.com/admin/datatransfer/v1/transfers?key={YOUR_API_KEY}
{
"oldOwnerUserId": "olduser#ourdomain.com",
"newOwnerUserId": "newuser#ourdomain.com",
"applicationDataTransfers": [
{
"applicationId": "55656082996"
}
]
}
Response:
400 OK
- SHOW HEADERS -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "invalid",
"message": "Invalid value for: Invalid oldOwnerUserId."
}
],
"code": 400,
"message": "Invalid value for: Invalid oldOwnerUserId."
}
}
I get the same "Invalid value for: Invalid oldOwnerUserId." response no matter if I use email addresses or usernames. I also tried excluding the applicationDataTransfers array from the response, but that also didn't work.
The documentation does not say this, but the Id cannot be the user's email address, like in all of the other Google APIs, but rather it needs to be a numeric ID for the user that you can get using the Users:get Directory API method.
I figured this out by Google searching and coming across this documentation, where they elaborate upon oldOwnerUserId by saying "# ID"
In addition to the answer above.
Here is how you can get the employee' IDs from Gsuite API in Python 3.*
def create_directory_service():
credentials = cls.get_credentials(scopes=['https://www.googleapis.com/auth/admin.directory.user'])
return build('admin', 'directory_v1', credentials=credentials, cache_discovery=Fals
service = create_directory_service()
old_owner_google_id = service.users().get(userKey=old_owner).execute()['id']
new_owner_google_id = service.users().get(userKey=new_owner).execute()['id']