I am trying to embed a live event video on my customer site using API. I am trying to retrieve the list of public livestream videos using youtube.liveBroadcasts.list.
It is working on the API Explorer query builder.
When I copy the request to the browser I am getting a login required error.
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
The question is:
Why do I need to authenticate if I am requesting the public live broadcasts? The API key is not enough?
Is there an other way to get all user's public livestream events?
That particular API endpoint doesn't just return public streams; it can return private ones as well (in addition to private info about public streams). For this reason, the authorization level sits in front of the endpoint, and so you must authenticate a user with oAuth2 (so the user grants explicit permission for you to be able to access that data).
If you are sure you'll only ever need public data about broadcasts, you should instead use the Data API's video search list endpoint. You can set the "channelId" parameter to the id of the user's channel, set the "type" parameter to "video," and then set the "eventType" parameter to either "completed," "live," or "upcoming." By using the "eventType" parameter, you'll have your search restricted to only broadcast events. So, for example, you might call a URL like this:
GET https://www.googleapis.com/youtube/v3/search?eventType=live&part=snippet&channelId=UCoMdktPbSTixAyNGwb-UYkQ&type=video&key={YOUR_API_KEY}
Unfortunately, there's no way to get completed, active, and upcoming broadcasts in the same API call, so if you need all 3 you'll have to make 3 calls.
You can use the standard Search/list endpoint to return only live events from a particular channel, without being authenticated as that channel/user, if you know that channel's channelId:
part -> snippet
channelId -> [channelId of the channel/user with the live event]
eventType -> live
type -> video (required when setting eventType to live)
HTTP GET https://www.googleapis.com/youtube/v3/search?part=snippet&channelId={channelId}&eventType=live&type=video&key={YOUR_API_KEY}
if you check the page you linked youtube.liveBroadcasts.list you will notice it says Authorization.
Authorization This request requires authorization with at least one of
the following scopes (read more about authentication and
authorization). https://www.googleapis.com/auth/youtube.readonly
https://www.googleapis.com/auth/youtube
You can't use a public key with this. You must be authenticated using Oauth2 to access youtube.liveBroadcasts.list.
Related
My user account can use the Google Classroom web UI to see all the announcements for a given course. Trying to pull them programmatically using the Google Classroom API.
I've set up an app with Oauth consent screen covering (for test purposes) ALL the scopes listed under the Google Classroom API, and can run the consent flow with my user account to get an access token.
I can successfully GET course details by curl'ing https://classroom.googleapis.com/v1/courses/<my course ID> using the access token obtained from the oauth flow. However, when I GET https://classroom.googleapis.com/v1/courses/<my course ID>/announcements with the same token, I get the following:
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "google.classroom.v1.Work.ListAnnouncements",
"service": "classroom.googleapis.com"
}
}
]
}
}
Behaviour is same in using both client libraries as well as raw REST calls.
Am I missing an auth scope (I switched them all on), am I just not allowed to do this since I'm not the course owner, or am I doing something else wrong? Advice please!
You apear to be using the courses.get method
In order to access this method your application needs to be authorized with one of the following scopes.
You also appear to be using the courses.announcements.list method
This method requires that your application be authorized with one of the following scopes.
The error message "Request had insufficient authentication scopes." means exactly what it says. The access token you are using was not authorized with one of the scopes needed for the courses.announcements.list endpoint there for you can not use it.
You need to delete the access token you have now and request authorization of the user using the proper scope for this method. Always make sure to delete your old token. When changing scopes in code your app does not always request authorization again if you just change the scopes in the code. You need to force it to request authorization again.
All the scopes
you should not be requesting all of the scopes of the user only the scopes that you need. If you only need readonly access make sure not to request write.
I had forgotten that my code explicitly defines the scopes when configuring the client that then builds the oauth request URL:
config, err = google.ConfigFromJSON(b, classroom.ClassroomCoursesReadonlyScope)
Changed to
config, err = google.ConfigFromJSON(b, classroom.ClassroomCoursesReadonlyScope, **classroom.ClassroomAnnouncementsReadonlyScope**)
and it works fine.
I'm writing a Lambda function that queries Google Calendar events. Although I successfully created a credential (client ID, and client secret) on Google Developers Console, I cannot access the events. Error:
{ "error": { "errors": [{ "domain": "usageLimits", "reason": "keyInvalid", "message": "Bad Request" } ], "code": 400, "message": "Bad Request" } }
My http request looks like this:
https://www.googleapis.com/calendar/v3/calendars/MY_CLIENT_ID/events?key=MY_CLIENT_SECRET
What went wrong? Any help is greatly appreciated.
"domain": "usageLimits", "reason": "keyInvalid", "message": "Bad Request"
Means that the key you are sending is an invalid api key.
Background info
When you make a request to a Google api for public data you can use an API key. Public data is data that is not owned by a user. For example public posts on google+, google books. In these instances you can use an api key inorder to access the api using
GET https://www.googleapis.com/youtube/v3/search?part=snippet&maxResults=25&q=surfing&type=test&key={YOUR_API_KEY}
key identifies your application to google using the api key you create in google developer console.
Private data is data that is owned by a user for instance your google calendar an application can not post to it with out permissions. Inorder to do this we use Oauth2. You create a client on google developer console then login the user using oauth2. you will get an access token back then you can make a request
https://www.googleapis.com/calendar/v3/calendars/MY_CLIENT_ID/events?accesstoken=ACCESSTOKEN
Notice that the first request used key and the second used accesstoken.
Anwser
Your problem is that you are sending a client secret as an api key which will not work because first of all a client secret is not an api key and second events are private user data which will require that you authenticate your user first.
I have been trying to use the google rest api for google webmaster integration into my system.
After going through it's documentation i am able to configure all it's OAuth keys and client id so when i use the Api Explorer i am getting the required reponse there.
There itself i get some url like this :
https://www.googleapis.com/webmasters/v3/sites/https%3A%2F%2Fwww.abcd.in?key={YOUR_API_KEY}
I am providing client secret key in the YOUR_API_KEY but when i hit the url in browser i get this error :
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
PS: i didnt't get any api key while generating the OAuth key (if you think i shud have used any kind of API key here ).
Can anyone help ?
You need to go to Google developer console and register your own project. Make sure to enable the webmasters api and create oauth2 credentials.
The Key parameter only works for public data. Webmaster tools data is private user data so you will be using an access token and not a public api key
https://www.googleapis.com/webmasters/v3/sites/https%3A%2F%2Fwww.abcd.in?access_token={YOUR_ACCESS_TOKEN}
There is a bug in the explorer where it shows key instead of access token it has been reported to Google.
Once you have done that i recommend you find a client library in your chosen language to help you with the authentication part.
"message": "Login Required"
Means that you haven't authenticated your user properly. You should check the documentation for oauth2 or find a client library to help you code it.
I would like to fetch all the google private connections of a user signed in from my app.
I've enabled the Google People and the Google Plus API's. I set up the credentials API key, client id & client secret. The url with which I'm trying to fetch the users connections is
https://people.googleapis.com/v1/people/me/connections?fields=connections&key=api_key&access_token=access_token
Also, I'm using the library passport-google-oauth, to get the users access_token. Is there anything that I'm missing in the above URL.
My google auth code is
// send to google to do the authentication
// profile gets us their basic information including their name
// email gets their emails
app.get('/auth/google', passport.authenticate('google', {
scope: ['profile', 'email','https://www.googleapis.com/auth/contacts.readonly', 'https://www.googleapis.com/auth/contacts']
}));
// the callback after google has authenticated the user
app.get('/auth/google/callback',
passport.authenticate('google', {
successRedirect: '/profile',
failureRedirect: '/'
}));
You have not mentioned what error you are getting but by looking at the url you are using I can tell you a few things.
people.connections.list access private user data. So for one you don't need to add Key that is just used for accessing public data. However having both should not result in any error message.
I have tested the request you are sending and it does work however this request requires that you have authenticated with at least one of the connections scopes.
https://www.googleapis.com/auth/contacts Requests that your app be
given read and write access to the contacts in the authenticated
user’s Google Contacts.
https://www.googleapis.com/auth/contacts.readonly Requests that your
app be given read access to the contacts in the authenticated user’s
Google Contacts.
If you have not then you will get a no access error message.
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED"
}
}
I am searching the google plus with api
Here is my Url:
https://www.googleapis.com/plus/v1/activities?query=internet%20marketing&access_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
here is response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
Here is my API CONSOLE screen http://i.stack.imgur.com/jO27J.png
Can Anyone tell what permission I need to setup for my app in api console. ?
This is a problem with your access token, not with your project configuration.
The insufficient permissions error is returned when you have not requested the scopes you need when you retrieved your access token. At a guess, since you are using the Google+ API and the YouTube API, you may have only requested the YouTube scope and not both, ie:
Check you have requested both:
https://www.googleapis.com/auth/youtube
https://www.googleapis.com/auth/plus.login
and not just the first one.
You can check which scopes you have requested by passing your access_token to this endpoint:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN
I can't check the token in your example because it has expired (access tokens expire after one hour). Also, please do not post access tokens publicly as they allow others access to your data - they should be kept secret and treated with care.
Incidentally, https://www.googleapis.com/plus/v1/activities?query=QUERY is an unauthenticated call, so you could pass your API key for your project rather than an access token. If you make the call with https://www.googleapis.com/plus/v1/activities?query=QUERY&key=API-KEY, then you wouldn't need to request scopes or fetch an access token at all.
If you haven't seen it already, you can try out the API calls you would like to make at the OAuth 2.0 Playground:
https://developers.google.com/oauthplayground/
That's a good place to see what works and what doesn't.
According to #Lee answer, now the Google V3 OAuth AccessToken validating endpoint is:
https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=<access_token>
You can refer google document below: (In OAUTH 2.0 ENDPOINTS Tab)
https://developers.google.com/identity/protocols/OAuth2UserAgent#validate-access-token
JavaScript
var OAUTH2_SCOPES = [
'https://www.googleapis.com/auth/youtube',
https://www.googleapis.com/auth/plus.login
];
to retrieve comments from the YouTube API add https://www.googleapis.com/auth/plus.login this into OAUTH2_SCOPES array