I'm having the same issue as the one posted here.
Unfortunately, that project was put on hold and the question was never answered. Does anyone know why an authenticated call to https://partners.googleapis.com/v2/companies?key=API_KEY returns the following?
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
Any help is appreciated.
Depending on what kind of data you are querying for, it may be necessary to use OAuth 2.0 instead of just an API key. If the data you are querying is entirely public, though, you may be ok with just your API key.
Either way, https://developers.google.com/partners/v2/how-tos/authorizing appears to explain what is necessary to set up auth for this method correctly.
Related
I am trying to test the Google Cloud Logging API on the "Try this API" feature that Google Cloud Platform has on their documentation, but I get this response back:
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
I know that my response body is correct because it works with OAuth 2.0 but fails when I use API Key.
Auth 2.0:
Working request using OAuth 2.0
API Key:
Non-Working request using API Key
Google docs says that they generate their own API Key for this "Try this API" feature. https://developers.google.com/explorer-help/
Since Google is using their own API Key, I do not understand why I am getting a response status of PERMISSION_DENIED.
Edit:
Here is a link to the Try this API feature in Google Cloud Platform if you would like to give it a try. https://cloud.google.com/logging/docs/reference/v2/rest/v2/entries/write?apix_params=%7B%22resource%22%3A%7B%22entries%22%3A%5B%7B%22logName%22%3A%22projects%2F%5BPROJECT_ID%5D%2Flogs%2Frequests%22%2C%22resource%22%3A%7B%22type%22%3A%22http_load_balancer%22%2C%22labels%22%3A%7B%7D%7D%7D%5D%7D%7D
Here is the python request that I am using in my code to create an entry:
import requests
entry = {
"entries": [
{
"logName": "projects/[PROJECT_ID]/logs/requests",
"resource": {
"type": "http_load_balancer",
"labels": {}
}
}
]
}
requests.post('https://logging.googleapis.com/v2/entries:write?key=[YOUR_API_KEY]', data=json.dumps(entry))
The API key was created from my user that has "logs writer", "logs viewer", and "logging admin" permissions. This theoretically should be all the permissions I need to make the post request. However, it is still returning a "PERMISSION_DENIED" status.
Any help would be much appreciated. Thank you in advance.
It looks like you are making a request to write data which isn't publicly writable. API Keys have no concept of user, they are only identifying you are allowed to call an API. So it looks like your API key request is working to the extent it can, but the response is telling you: I don't know who you are so I can't let you do this.
OAuth 2.0 is the solution here, as it acts on behalf of your account (you have to give consent), allowing the API to verify you have permission to take this action.
Service accounts are another option, to act on behalf of your project instead of your user, but they aren't practical from a web UI.
I've generated a Google Cloud API key without restrictions. I'm passing that to the my topic:publish url as a query parameter, but I'm experiencing an authorization error.
{
"error": {
"code": 403,
"message": "User not authorized to perform this action.",
"status": "PERMISSION_DENIED"
}
}
I'm unsure how to diagnose the permission issue, as there don't appear to be any restrictions on the key. The owner of the topic is my account, so shouldn't be an issue there.
Google Pub/Sub does not support API Keys for authorization. Pub/Sub uses Access Tokens. This means using a Service Account or Google OAuth.
https://xxxx.service-now.com/api/now/v1/table/incident while we're consuming this API in postman we're getting
{
"error": {
"message": "User Not Authenticated",
"detail": "Required to provide Auth information"
},
"status": "failure"
}
Here we are given basic authentication and the JSON input like
{
"short_description":"Creating incident through Request",
"assignment_group":"287ebd7da9fe198100f92cc8d1d2154e",
"urgency":"3",
"impact":"3"
}
It basically says you are not authenticated, it either means you didnt provide correct credentials or you forgot to provide basic-auth header while querying through postman
I think the error message is pretty clear about what the problem is... you're not authenticated. You'll need to authenticate in order to utilize the API. Unless you have a complex authentication scheme going, you can probably use Basic Authentication in PostMan and use the credentials for an account which you know has access to the resource you're trying to access.
I want to update data in Kinvey Database. I used Rest API (PUT Method). but it is not working .
Same Authorization token in GET and POST method is working fine. Here is the Error :
{ "error": "InsufficientCredentials", "description": "The
credentials used to authenticate this request are not authorized to
run this operation. Please retry your request with appropriate
credentials", "debug": "" }
Please correct me.
I finally found the solution after wasting my two days.
Kinvey applys permission on collection level. So you have to change that permission.
Here is the reference link.
http://devcenter.kinvey.com/rest/guides/security#collectionpermissions
Please see the snap, so you can better understand.
I am searching the google plus with api
Here is my Url:
https://www.googleapis.com/plus/v1/activities?query=internet%20marketing&access_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
here is response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
Here is my API CONSOLE screen http://i.stack.imgur.com/jO27J.png
Can Anyone tell what permission I need to setup for my app in api console. ?
This is a problem with your access token, not with your project configuration.
The insufficient permissions error is returned when you have not requested the scopes you need when you retrieved your access token. At a guess, since you are using the Google+ API and the YouTube API, you may have only requested the YouTube scope and not both, ie:
Check you have requested both:
https://www.googleapis.com/auth/youtube
https://www.googleapis.com/auth/plus.login
and not just the first one.
You can check which scopes you have requested by passing your access_token to this endpoint:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN
I can't check the token in your example because it has expired (access tokens expire after one hour). Also, please do not post access tokens publicly as they allow others access to your data - they should be kept secret and treated with care.
Incidentally, https://www.googleapis.com/plus/v1/activities?query=QUERY is an unauthenticated call, so you could pass your API key for your project rather than an access token. If you make the call with https://www.googleapis.com/plus/v1/activities?query=QUERY&key=API-KEY, then you wouldn't need to request scopes or fetch an access token at all.
If you haven't seen it already, you can try out the API calls you would like to make at the OAuth 2.0 Playground:
https://developers.google.com/oauthplayground/
That's a good place to see what works and what doesn't.
According to #Lee answer, now the Google V3 OAuth AccessToken validating endpoint is:
https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=<access_token>
You can refer google document below: (In OAUTH 2.0 ENDPOINTS Tab)
https://developers.google.com/identity/protocols/OAuth2UserAgent#validate-access-token
JavaScript
var OAUTH2_SCOPES = [
'https://www.googleapis.com/auth/youtube',
https://www.googleapis.com/auth/plus.login
];
to retrieve comments from the YouTube API add https://www.googleapis.com/auth/plus.login this into OAUTH2_SCOPES array