I have an API Key and a Bearer Token. I am able to list comments, insert comments and delete comments but I am not able to update comments.
API:
PUT https://www.googleapis.com/youtube/v3/comments
Body:
{
"snippet": {
"textOriginal": "Text"
},
"id": "..."
}
Response:
{
"error": {
"code": 403,
"message": "The comment could not be updated due to insufficient permissions. The request might not be properly authorized.",
"errors": [
{
"message": "The comment could not be updated due to insufficient permissions. The request might not be properly authorized.",
"domain": "youtube.comment",
"reason": "forbidden",
"location": "body",
"locationType": "other"
}
]
}
}
On my own channel, I was able to do it but I wasn't in other channels =/
One of the videos that I used to try it: https://www.youtube.com/watch?v=cahbnnv2Hwk
Do I need some kind of special authorization to be able to update my comment through an API? I am able to manually edit the comment.
Thank you =]
The comment could not be updated due to insufficient permissions.
There are two possible causes for this error. IMO your probably looking at the first.
Wrong scope of consent
Is due to the fact that the consent that you have from the user is not high enough for this method.
The method comments.update operates on private user data which means that you need the users consent in order to be able to use this method. That is what your bearer token does it should give you consent from the user.
If you check the documentation you will find that this method requires consent with the following scope
This is just one of a number of scopes that the YouTube Data api supports. These scopes define what access your application needs. Scopes
If you requested consent of the user with any scope other then https://www.googleapis.com/auth/youtube.force-ssl you will get the error message "insufficient permissions" because you don't have permission.
Low level user
The second possibility is that the user themselves may only have read permission on the YouTube channel account, and there for can not give you permission to update comments. TBH im not even sure that you can only grant read access to a user in YouTube, however i thought this possibility was worth mentioning.
As you state On my own channel, I was able to do it but I wasn't in other channels this may in fact be the problem. I'm not sure who the owner is of these "other channels" so you may want to try and contact the owner and see if they cant give you additional access.
However if you are trying to update a comment that you personally created on someone else channel. I personally wonder if this is even possible. Who has permission to edit the comment via the api would be a good question. The owner of the channel or the user that created it. I may have to test this.
Related
I am trying to set mail categories from an Outlook AddIn, via MS Graph.
When I call the PATCH for a users mailbox, this is working like a charme. Like this:
PATCH https://graph.microsoft.com/v1.0/users/{some-users-mail-address}/messages/{message-id-to-categorize}
If I use a share mailbox instead I get an error 403.
I already added the permission:
Mail.ReadWrite
Application
Read and write mail in all mailboxes
This should be enough, right? From the description, I'd expect this to include the shared mailboxes, too.
I found there is a delegated permission Mail.ReadWrite.Shared, but I cannot use it since I am not in a context with a user and is not selectable as application permission.
Found this:
Generated token is not able to access Graph APi to read shared mailbox messages
Admin consent is given for all scopes.
EDIT: If I check the token as Shiva Keshav Varma suggested it prints:
"aud": "https://graph.microsoft.com",
"idtyp": "app",
"roles": [
"Mail.ReadWrite",
"User.ReadWrite.All",
"Directory.Read.All",
"User.Read.All",
"Mail.Read",
"MailboxSettings.ReadWrite"
],
"ver": "1.0",
I have created a Service account and I need to move event1 from calendar1 of User1 to calendar2 of User2.
When I request access token as User1 with "sub":"user1#gmail.com" during JWT step and using that token When I do following
POST https://www.googleapis.com/calendar/v3/calendars/User1calendarId/events/event1Id/move?Destination=user2calendarId
I get following error
{
"error": {
"errors": [
{
"domain": "calendar",
"reason": "requiredAccessLevel",
"message": "You need to have reader access to this calendar."
}
],
"code": 403,
"message": "You need to have reader access to this calendar."
}
}
Are there any permission that needs to be assigned to Service Account in order to make this operation? or What should be correct way to move event between different user's calendar as a Service Account?
Explanation:
The scopes you are adding to your application are classified as sensitive scopes, as they request access to private user data such as Calendar events.
Your application would need to undergo a verification process to be able to use these scopes. For more information, please check the official documentation.
Sensitive scopes
Some of the scopes used by the following APIs are considered sensitive; see the API documentation or look for the lock icon in the Cloud Console. If your app requests sensitive scopes, and doesn't meet any of the criteria for an exception (see below), you will need to verify that your app follows the API Services User Data Policy.
For a complete list of Google APIs, see OAuth 2.0 Scopes for Google APIs. To check if scopes are sensitive or restricted, add the scopes to your project via the Google Cloud Console.
I have a case open with Plaid support, but it has not been even touched since opening 12/26, perhaps they are just all on vacation for the last week.
We had use the prior API for a site and wanted to use it for a new site. We found the API has drastically changed since the last time, as year ago, and have everything seeming to work in the sandbox, but for "development" or "production" cannot get the TD Business Direct to link up and produce the needed access_token so we can pull transactions into our application.
So I am hopeful with the post I may get some help knowing what the error of "the login details of this item have changed (credentials, MFA, or required user action) and a user login is required to update this information. use Link's update mode to restore the item to a good state" really means. The Plaid Link flow seems to accept the initial credentials and the responses to MFA, but after the second question is answered gives the error and we are not able to link the account.
We see a 400 status when it tries to post out after the second MFA question is answered and shows:
{
"display_message": null,
"error_code": "ITEM_LOGIN_REQUIRED",
"error_message": "the login details of this item have changed (credentials, MFA, or required user action) and a user login is required to update this information. use Link's update mode to restore the item to a good state",
"error_type": "ITEM_ERROR",
"request_id": "request_id_here"
}
Other details when we exit that may be helpful:
{"institution":{"name":"TD Bank - Business Direct","institution_id":"ins_107836"},"request_id":"request_id_here","link_session_id":"session_id_here","status":"requires_questions"}
From just reading the message would seem we may not have entered the right credentials, but we can login to the bank site just fine, so they are right and the account is not locked out.
When I've faced the similar issue, the reason was in changed user's details. Every time some details changed, you'll need to re-link user's bank account with plaid in update mode.
Exception with "error_code": "ITEM_LOGIN_REQUIRED" will help you detect such cases and handle them appropriately.
They have more info in their docs: https://plaid.com/docs/link/update-mode/
Link update should work fine. If you are facing some issues further, then create a support ticket to plaid and let them know that request id, bank_id and what type of error you are getting.
Sometimes the issue is on their side. There are quite slow in responding but you will get reply within 2 days and if there is some fix, they would ask you to test it after the fix is pushed on their side.
my idea is to create a google sheet, make it public and then access it from my work computer linux/bash to read/write values on a daily basis.
i have a public google doc sheet that anyone can find/edit.
this is the sheet ID: 1F6jh6756xNDlDYIvZm_3TrXb59EFEFHGEC7jdWz-Nx0
doing it by the book https://developers.google.com/sheets/api/samples/reading
curl 'https://sheets.googleapis.com/v4/spreadsheets/1F6jh6756xNDlDYIvZm_3TrXb59EFEFHGEC7jdWz-Nx0/values/Sheet1!A1:A3'
returns:
{
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"status": "PERMISSION_DENIED"
}
}
i've read a lot and especialy here Google Sheet API v4 i've found a complicated solution. that is if you want to access your public sheet in a short 1 hour period.
you browse to https://developers.google.com/oauthplayground/ get authorization for the v4 api, then get "Authorization code", then get "Refresh token", and finally "Access token".
using this "Access token" you can access the public sheet like this
curl 'https://sheets.googleapis.com/v4/spreadsheets/1F6jh6756xNDlDYIvZm_3TrXb59EFEFHGEC7jdWz-Nx0/values/Sheet1!A1:A3' -H "Authorization: Bearer ya29.GlvaBLjrTdsSuSllr3u2nAiC-BOsjvIOE1x5afU3xiafB-FTOdLWDtfabuIMGF1rId5BsZxiTXxrx7VDEtxww4Q1uvW9zRndkfm3I2LZnT1HK2nTWzX_6oXu-NAG"
returns:
{
"range": "Sheet1!A1:A3",
"majorDimension": "ROWS",
"values": [
[
"a1"
],
[
"a2"
],
[
"a3"
]
]
}
perfect. in theory the "Access token" expires after an hour, the "Refresh token" never expires. so you would save the tokens, try to read the sheet with the "Access token", if it fails use the "Refresh token" to gain a new "Access token" and carry on.
but, i've had a dozen of "Refresh token"s that were redeemed/expired, "Authorization code"s expired, all in all nothing works after a few hours. why?
how can i access my google sheet form bash with curl without this kind of authorization?
especially since my sheet is public and can be edited by anyone with a browser.
is there another way to do this with some other permanent authorization?
why not use email and pass?
"API key" is mentioned but never explained. can some one please explain this method step by step?
All Google APIs require that you create a project on Google developer console and identify yourself and your application, even to access public data. Since you have set the sheet to public you can just go to google developer console and create a public api key remember to active the google sheets api. Then just add key=[YourKey] as a parameter on your request.
Update Dev console:
Create project and get key:
Google developer console -> create a project -> credentials drop down -> API Key
Enable it:
Google developer console -> library find sheets enable it.
Update:
{ "error": { "code": 403, "message": "The request is missing a valid API key.", "status": "PERMISSION_DENIED" } }
Means that you have not identified yourself to Google. In 2015 Google Start to require that we identify ourselves you cant just use a Google API without telling google who you are. You do that by creating a project on [Google developer console1. Create an API key and use that API key in all of your requests. This only works with Public data.
https://sheets.googleapis.com/v4/spreadsheets/1F6jh6756xNDlDYIvZm_3TrXb59EFEFHGEC7jdWz-Nx0/values/Sheet1!A1:A3?key=YOurKEY
Note: With private user data you would need to use OAuth and use either access_token=your token or set the header
Authorization: Bearer ya29.GlvaBLjrTdsSuSllr3u2nAiC-BOsjvIOE1x5afU3xiafB-FTOdLWDtfabuIMGF1rId5BsZxiTXxrx7VDEtxww4Q1uvW9zRndkfm3I2LZnT1HK2nTWzX_6oXu-NAG.
An access token is not the same as a API Key.
If you don't want to mess with OAuth2, maybe the simpler solution is to use third-party soft. https://sheetdb.io allows you to work with Google spreadsheets and does OAuth2 for you. Additionally, the API is simpler than Google, check out the docs here: https://docs.sheetdb.io
Another approach is to share the sheet with a Google Cloud service account, and then use the service account to authorize with the API client. If the document is public you do not need to share it.
Instructions on creating a service account and reading a Google doc, which should also apply to sheets https://www.futurice.com/blog/read-goog-doc-using-service-account
A piece of advice - NEVER allow write access to a public Google Sheet.
Anyone can add lots of data and cause all sort of problems.
Always control access to who can edit.
Allow arbitrary edits by anyone programmatically is even worse. I can whip up a script that fill in your Google Sheet to capacity in seconds with garbage data. To everyone else viewing it, the sheet will look like a jumble of data.
Now to answer your question. Here are the basic steps for creating an OAuth 2.0 ClientID:
In the Google Cloud console, go to Menu menu > APIs & Services > Credentials.
Go to Credentials
Click Create Credentials > OAuth client ID.
Click Application type > Desktop app.
In the Name field, type a name for the credential. This name is only shown in the Google Cloud console.
Click Create. The OAuth client created screen appears, showing your new Client ID and Client secret.
Click OK. The newly created credential appears under OAuth 2.0 Client IDs.
Save the downloaded JSON file as credentials.json, and move the file to your working directory.
Follow the rest of the instructions for setting up the environment for a Go app to authenticate, authorize and manipulate the Google Sheet via Golang. For other languages, select the corresponding entry in the left sidebar of the web page.
I'm creating an application in Laravel 5.0 and I want implement socialite 2.0 as OAuth package.
I tried this package for GitHub, Google, Linked In and everything is working fine. But after configuring my Bitbucket account and granting permission to read Email scope, I'm receiving this error:
Received error [{"error": {"message": "Your credentials lack one or more required privilege scopes.", "detail": {"granted": ["account"], "required": ["repository"]}}}] with status code [403] when retrieving token credentials.
After editing my consumer account in Bitbucket and adding Read Repository Permission, everything going to be fine except receiving Null Emails.
First, I don't want to prompt my users to allow to access their repositories, I don't need them and I don't want to scare my clients.
Second, how can I solve null email issue?
I feel your pain. User authentication via third-party without the user email is, to say the least, useless. In the very extreme, it might be dangerous and unsafe to ask for the user to input an email.
Thus, I've created a small fork of the original Bitbucket connector (from the League Of Extraordinary Packages): https://github.com/igorsantos07/oauth1-client
The best way to retrieve the user email and other missing info (such as location) was upgrading to API 2.0, what means repositories are not retrieved anymore. It might be a breaking change for some users, but I guess for many others it will actually be less data to be downloaded.
To install that fork into your project, add/merge the following to your composer.json:
"repositories": [
{
"type": "vcs",
"url": "https://github.com/igorsantos07/oauth1-client"
}
]
Then, you should composer require league/oauth1-client:dev-master. It will download the fork's master branch, with the said Bitbucket upgrades.
Note: I still have nooooo idea why Bitbucket asks for repository permissions to retrieve user emails. Go figure...
In your users migration you will need to set email up as being able to add an account without there being an email.
change:
$table->string('provider')->default('myapp');
to:
$table->string('provider')->default('myapp')->nullable();