Google Sheets API - PERMISSION_DENIED - google-api

I am trying to access some data from a Google Sheet using the V4 Spreadsheets API and am getting a 403 with PERMISSION_DENIED. I have verified that the API has been enabled and am passing key={MY_KEY} in the URL. I set the sharing settings to "Anyone with a link" in my personal Google account which is working fine and I am getting data back using the following URL:
https://sheets.googleapis.com/v4/spreadsheets/MY_KEY/values/Sheet1?key=MY_KEY
However, at work we use GSuite and Link Sharing is restricted to our organization only so when I hit that URL for a Sheet in my work account with the same setup from my personal account (excluding the sharing settings), I get the 403 with PERMISSION_DENIED.
I don't see any documentation as to how to authorize outside of an organization or if its possible to add an exemption to be able to share outside of the organization.

It is not possible to have an exemption from the sharing settings. If the policy prohibits sharing outside the organization, then the credentials accessing the sheet must be from a user in the organization.

Related

Recaptcha settings recovery

The company I work for has discontinued signing with Google Workspace and the configuration of one of our systems that has registered its domains in reCaptcha 2 is not being seen even after creating a Google account with the same email.
Is it possible to retrieve these settings somehow, for example by presenting the private key?
A Google account was created with the same e-mail that used to access the console previously, so we believed that it would be possible to view these settings.

How to get authorization for accessing Google Play developer API

I am trying to access Google play developer API https://developers.google.com/android-publisher/ to build an inapp purchase product for my company Application.
We have to get authorization to make a GET call to the Google play developer API. https://developers.google.com/android-publisher/api-ref/purchases/subscriptions/get
I followed the steps presented here. https://developers.google.com/android-publisher/authorization
Created an Oauth client and and also service account. The gmail account I used was part of the 'Users and permissions' in play.google.com console.
But when I tried to access the API, I got an error
As I started searching about this error, I understood that there is something else called 'API Access' in play.google.com. When I tried to access it, All I saw was
But I saw in other posts that there exists a screen with details like
https://i.stack.imgur.com/Hdjjy.png
So how can I go forward to access API. I did everything as mentioned in documentation of google but it didnt work. Also I dont have access to see the screen of 'API Access'.
Also I am confused, if you can create service accounts from both 'API Access' screen and also from 'credentials' screen in console.developers.com, which one should be used ?
Just to check you understand there are a few different APIs to do with in-app purchases.
Play billing library is designed to be used in your app. This is what allows users to buy things from your app
Configuring in app products. When your app supports in-app products you have to support what the products are and the prices. This is done via the Play console, either manually or in batches uploading CSV files.
Finally is the API you refer to in your question. This is not designed for use in your app, and you don't have to use it to support in-app products. Instead this API allows your server (not app) to validate a user's purchase. In order to use this API, you need to enable the "API access" in the page you found. This can only be enabled by the account owner for the Play console, for security reasons. You will need to find the Owner of your Google Play account, and get them to log in and create a service account which has API access.
I am able to access it now. I am not the owner of the Google Play console.That was the issue. You just have to go to API Access page and click on "create OAuth Client" or "create Service Account ".
You can use those credentials to access API from postman or through your code.

I keep getting an error that my app needs to be verified when either I or another user try to authorize with OAuth2. What does that mean?

I received this error when trying to authorize my app with my own account:
Your project is trying to access scopes that need to go through the verification process.
{invalid=https://www.googleapis.com/auth/contacts}
If you need to use one of these scopes, submit a verification request. Learn More
When I use a different account, the error message is different:
This app hasn’t been verified to access:
{invalid=https://www.googleapis.com/auth/contacts}
Are you the developer? If this project needs these scopes, sign in to an account with access to edit your project and try again.
If not, contact the developer for help.
As per the announcement on May 11, 2017, publicly available applications with access to certain user data must pass review. If you see an access error for your app, submit a request using our OAuth Developer Verification form.
For personal-use apps and those you are testing, join the Google group Risky Access Permissions By Unreviewed Apps, which allows you to approve data access for personal and testing accounts. See the Google API Services User Data Policy for more information.
UPDATE: Corrected broken link to form.

Google Calendar API doesn't work with a calendars from Google Apps for Work

I'm using the Google Calendar API to synchronise calendars with Google Calendar.
It work fine with a normal Google account, but I can't get it to work with a Google for Work account.
I basically ask credential to create a new calendar and then define myself as an owner of the calendar to be able to update it in the future. This is working for both types of account, but when I try to add new events, with the Google for Work account, I get a 403 Forbidden error.
Since it's working fine for the normal Google account, I assume there is a security setting somewhere which prevent me to create events but I can find which one.
I tried to add my client ID and the scope https://www.googleapis.com/auth/calendar in the Admin console of the Google for Work account but it as no effect.
"External Sharing options for primary calendars" controls in what way accounts outside the domain can access calendars within the domain. The setting is in the Admin console: support.google.com/a/answer/60765?hl=en

Google Api Service Account authentication access to developers data

I want to develop an application that uses the Picasa Google API for uploading images to my own account. I've already created the Service Account from the API Console and have created the code to upload the image (which works correctly given a valid access_token obtained from the OAuth2 playground).
However, when trying to obtain an access_token with the Google-api php library, this one doesn't seem to be associated to my own username (obviously, no consent screen), which throws me a 404 Not found error message when trying to access data from my personal account.
From what I've read over at https://developers.google.com/api-client-library/php/auth/service-accounts I could create an apps account to setup permissions for a whole domain. Is this, however, necessary given that I only want to access information from my own account? (the same I used to register the application in the API console). Couldn't this be done beforehand using API panel?
A service account is not you and does not by default have access to any data. Think of a service account as a dummy user. If you take the service account email address and add it as a user on a folder in your google drive it will have access to that folder on google drive. If you take the service account email address and give it access to one of your calendars on Google Calendar it will have access to the calendar.
If you set the album public I suspect it will then have access to the album. I did some Googleing and I cant see how you can add another users email address to an album on picasa.
I suggest you try using Oauth2.

Resources