Where account is my google calendar API using? - google-api

I'm unsure where I can view the calendar I'm interacting with?
I created the project using my google work account. In the cloud console, it shows I technically have a service account for my codes authentication. Cloud console confirms I'm getting a 200 on my create event request. No event in my calendar for my work Gmail though.

You need to remember that service accounts are not you. A service account is like a dummy user, It has its own Google drive account, Google calendar account and probably a bunch more.
So when you insert something into a service accounts primary calendar its inserting into its account not yours. There is no web access to a service accounts data. You will need to do a event.list for example to see the events you have added.
What you can do is have the service account share its calendar with you and then you will be able to see its calendar in your google calendar web view. If memory serves you have to add it as an acl rule. You could also share your calendar with the service account and then it will be able to update that.
Useful links Sharing calendar my tutorial on service accounts
Now as for Google for work. You are going to have to add the service account to that somehow grant it access to the Google for work calendar. I dont have access to that so cant be of much help.

Related

Google API Authentication for App That Only Accesses One Account

Should I use a Service Account or an OAuth 2.0 Client ID?
I'm struggling to understand Google's documentation on authenticating for their APIs. I'm creating a basic application that will help users add and modify Google Calendar events for a single Google account (the account is shared between all users). I only need the application to access that one account, it'll never need to access any others.
It seems to me that Service Account would be best for this, but Google's documentation suggests Service Accounts should only be used for automated processes (unless I'm misunderstanding). For instance this page contains the following, describing when to use Service Accounts.
Would my application qualify as acting on the users behalf?
If so, I would want to use OAuth Client ID credentials, which will ask the user to sign in to a google account. In this case, is there a way I can guarantee they only sign in to the one account I want modified?
I can't find any decent documentation on the OAuth authentication requests to figure this out myself. If there is any could you point me there?
I'm sure I'm misunderstanding something basic here, but thank you for any help!
First off you should know that you can only use service accounts with Google aclendar api if you have a google workspace domain account.
You can then set up a calendar and a domain user that the service account can act on behalf of to control the access of that calendar.
Assuming that your application is going to preform all actions on this calendar then yes i would say that you could use a service account for this. If your app bacly has a ui with a calendar on it your just using google calendar to store the data.
However if you intend to share this calendar with the users themselves, this way they could see it within their own google Calendar account. Im not sure a service account would be the way to go.
If you want the users to be able to see it and make changes then you may want to just use Oauth2. Grant them access to the calendar and then request access to their calendar account.
Drawback to that option is going to be the verification process. You will get access to all the users calendars and your going to need write access.
If you can go with a service account you really should consider it it will save you a lot of hassle with verification.

Google service account email does not show up when trying to share a google calendar

I'm trying to set up a google service account for Google Calendar API to create and update events for my specific calendar.
I've set up my service account, got the credential keys and also enabled the domain wide delegation. For most of the part it does work, however I can not access my specific calendar (not able to share it with my service account).
When I paste the service account email to the share textbox in google calendar settings it does not show anything to add.
This is a really frustrating blocker, so if anyone has encountered this or has any insights it would be greatly appreciated :)
You do not need to explicitly share your calendar with the service account.
If you want to create an event with your service account for your calendar, you need to set up your service account in such a way that it impersonates you.
The official Google documentation gives examples of how to perform Perform G Suite Domain-Wide Delegation in different languages. It is also important to do so in Apps Script.
Important: In your Admin console you need to Manage API client access and give the service account the necessary scope
(https://www.googleapis.com/auth/calendar.events) to create events on
your behalf.

Service Account Permissions : Limiting to specific GA API

I created a new Service Account in Cloud Project, and want to restrict this account's permission to only use one specific Google API listed here.
Lets say my application using this service account should only be allowed to use "Google Analytics API". If possible, further limited to use subset of API requests (for ex. analytics.management.customMetrics.list, analytics.management.filters.insert etc.
I tried to create custom Role, but when I try to add necessary Permission, I don't see me desired permissions listed in that list... (attach screenshot)
How can I restrict this Service Account permissions to specific APIs?
Also,
does it make any difference creating new project in
https://console.developers.google.com/ or in
https://console.cloud.google.com/ ? I san see a project in both places
anyways...
In your case because you are using the Google Analytics API, there is an additional step where you need to add the Service Account to your Google Analytics account. If the Service Account is not added then it won't have access to the resources inside of Google Analytics.
See "1. Enable the API" in the following link:
https://developers.google.com/analytics/devguides/reporting/core/v4/quickstart/service-py
Add service account to the Google Analytics account
The newly created
service account will have an email address that looks similar to:
quickstart#PROJECT-ID.iam.gserviceaccount.com
Use this email address
to add a user to the Google analytics view you want to access via the
API. For this tutorial only Read & Analyze permissions are needed.
See the following for some guidance on managing users in Google Analytics
https://support.google.com/analytics/answer/1009702

Google Calendar API doesn't work with a calendars from Google Apps for Work

I'm using the Google Calendar API to synchronise calendars with Google Calendar.
It work fine with a normal Google account, but I can't get it to work with a Google for Work account.
I basically ask credential to create a new calendar and then define myself as an owner of the calendar to be able to update it in the future. This is working for both types of account, but when I try to add new events, with the Google for Work account, I get a 403 Forbidden error.
Since it's working fine for the normal Google account, I assume there is a security setting somewhere which prevent me to create events but I can find which one.
I tried to add my client ID and the scope https://www.googleapis.com/auth/calendar in the Admin console of the Google for Work account but it as no effect.
"External Sharing options for primary calendars" controls in what way accounts outside the domain can access calendars within the domain. The setting is in the Admin console: support.google.com/a/answer/60765?hl=en

Setting the creator for Google calendar events created via API

I'm creating a bunch of events (a school timetable) via the Google calendar API v3. I'm authenticating my program via OAuth credentials obtains through the APIs console. Everything works well, except that all events have my Google account as their creator, and all of the calendars that the program creates appear in my 'Other Calendars' list. Is there any way of changing this behaviour?
The only thing I can think of is to log in to the APIs console with a service account (e.g. timetable#mydomain.com) and creating the client secrets from that.
Yes, you'll need to authenticate as a service account and impersonate the user who you'd like to be the creator of the event. The Google Drive SDK has a good tutorial on using service accounts to impersonate users with the API, your process would be nearly identical except that you'd be using the Calendar API.

Resources