I'm trying to make a call to Google Reports API with a service account.
I follow this code example : https://godoc.org/golang.org/x/oauth2/google#JWTConfigFromJSON
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Access denied. You are not authorized to read activity records."
,
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Access denied. You are not authorized to read activity records."
}
}
I'm pretty sure it is on Google configuration side but :
I created the service account
I downloaded the JWT
I authorized the needed scopes
Then I try to call this URL : https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/login
What could I have forget ?
Thanks for helping me.
Fixed it. Needed to explicitly specify the subject value.
I now follow the Service Account example : https://godoc.org/golang.org/x/oauth2/google
Related
I have dug through most of stackoverflow posts to find an answer but still unable to solve this problem. This is just a simple matter of authing into the gmail api but I want to do it in a server so I need to follow the server-server (OAuth2.0 2 legged procedure). Anyways
I have gone through all the oauth docs in google api .
This one is spot on but it does no good.
https://developers.google.com/gmail/api/auth/web-server.
I have a service account and I do have the creds file.
here is my code snippet.
def call_gmail():
SCOPES = ['https://www.googleapis.com/auth/gmail.readonly']
SERVICE_ACCOUNT_FILE = '<creds_file>'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES)
print(credentials)
service = build('gmail', 'v1', credentials=credentials)
messages = ListMessagesMatchingQuery(service, "me", "<Some email address>")
message_id = messages[0]['id']
I keep getting this error:
An error occurred: <HttpError 400 when requesting https://www.googleapis.com/gmail/v1/users/me/history?startHistoryId=2547406&alt=json returned "Bad Request">
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
Would be very grateful if someone can help me solve this. thanks.
The gmail api only works with service accounts if its a Gsuite account and you have set up domain-wide delegation. Contact your Gsuite admin and make sure that they have setup delegation properly.
delegating authority
I'm using Google Play Android Developer API. I access it from server with service account. I have private key and got access token with it.
I use scope https://www.googleapis.com/auth/androidpublisher. And when I ask subscription info, I got 401 error:
"error": {
"errors": [
{
"domain": "androidpublisher",
"reason": "permissionDenied",
"message": "The current user has insufficient permissions to perform the requested operation."
}
],
"code": 401,
"message": "The current user has insufficient permissions to perform the requested operation."
}
But when I use other queries with the same token and with the same scope, I got successfull responses. For example, I can successful get voided purchases list or info about inapp product:
200 OK
{
"packageName": "com.myapp.exapmle",
"sku": "subscr_month",
"status": "active",
"purchaseType": "subscription",
"defaultPrice": {
"priceMicros": "149000000",
"currency": "RUB"
}
What could be the cause of the problem? I added this service account to developer console and provided all permissions (administrator access).
I'm trying to create and query a fusion table. So what I did:
I created a new fusion table in google drive
Created a new api key
Set the fusion table to public (using share button)
Now I'm using Advanced REST client executing this request:
GET https://www.googleapis.com/fusiontables/v2/tables?key=[myapikey]
But I keep getting 401: Unauthorized
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
The docs say that this should work, but I keep getting this message. Any hint?
p.s.: The reason why I use an api key only is simply because I created a batch which sends the request, the data is public and there is no user authentication required.
I'm using the API Explorer tool to create some request urls for google adsense. Here is the request url that the explorer tool generated that gives a response of today's earnings: https://www.googleapis.com/adsense/v1.4/reports?startDate=today&endDate=today&accountId=MY_ACCOUNT_ID&metric=EARNINGS&key=MY_API_KEY
However, when I try to use this url in the browser or in my code it gives this response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
I am not sure what I am missing it use this url. I have activated adsense apis on my google developer console.
The key parameter is the public API key for accessing public data.
The access_token parameter is used for accessing private user data.
In your case you are trying to access your private account and should be using an access token.
To obtain an access token you need to authentication your application using either Oauth2 or a service account. Once you have obtained an access token and send that with your request as so:
https://www.googleapis.com/adsense/v1.4/reports?startDate=today&endDate=today&accountId=MY_ACCOUNT_ID&metric=EARNINGS&access_token=YourAccessToken
You need to replace MY_API_KEY with your API key, and MY_ACCOUNT_ID in same fashion.
I am developing an application for the Google Apps Marketplace.
I use the Licensing API to retrieve the notifications. I need to get the information about admin, who installed the app, but the API doesn't provide me with this.
The solution I found is to use the Directory API to search users, but I get an error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
What is wrong with my request?
Are there any other solutions to get the information about admin?
The auth scopes:
- "email"
- "profile"
- "https://www.googleapis.com/auth/drive"
- "https://www.googleapis.com/auth/drive.file"
- "https://www.googleapis.com/auth/admin.directory.user.readonly"
- "https://www.googleapis.com/auth/admin.directory.group.readonly"