There's a lot of new information regarding how to programatically download Google Play reports using gsutil tool. Google Play uses a bucket to store these reports, just like Google Cloud Storage does. I'm already able to download reports from Google Play bucket without a problem. For example:
gsutil cp gs://pubsite_prod_rev_<my project id>/stats/installs/installs_<my app id>_201502_overview.csv .
On the other hand, gsutil offers a feature to watch Google Cloud Storage buckets, so you can receive notifications every time an object in the bucket changes (gsutil notification watchbucket). I am also able to enable notifications in buckets created in my own Google Cloud projects.
The problem is, I'm not able to enable notifications in my Google Play bucket. Is it even possible? I get an AccessDeniedException: 403 Forbidden error when calling:
gsutil notification watchbucket -i playnotif -t sometoken https://notif.mydomain.com gs://pubsite_prod_rev_<my project id>
I've followed all the steps here, being specially careful with those regarding identifying a domain to receive notifications.
As I mentioned above, I'm already able to do all the process I need, but with my own buckets in Google Cloud, not with the Google Play bucket.
The Google Play project has been linked to a Google Cloud project. It did so automatically when I enabled Google Play API access (Google Play Developer Console -> Configuration (left menu) -> API access).
The Google Play project owner and my own Google Cloud project owner is the same.
This owner has successfully registered and validated the domain used to receive the notifications (following the example, I validated both just in case: notif.mydomain.com and mydomain.com, using https in the Google Webmaster Tools)
These domains have also been whitelisted in the Google Developers Console (left sidebar -> APIs & Auth -> Push).
I've successfully enabled notifications in my own Google Cloud buckets using either the project owner account or a service account I created. I've already tried using both (owner and a corresponding service account) in the Google Play bucket, without success.
Any ideas will be greatly appreciated. Thanks!
EDIT:
I had already followed the steps here, but using different procedures (as explained in the comment below). Following Nikita's suggestion, I tried to follow the steps using the same procedure.
So I configured gsutil (through gcloud) to use the owner account:
gcloud config set account owner-of-play-store-project#gmail.com
and while trying to grant full access to the service account, I encountered this error:
$ gsutil acl ch -u my-play-store-service-account#developer.gserviceaccount.com:FC gs://pubsite_prod_rev_my-bucket-id
CommandException: Failed to set acl for gs://pubsite_prod_rev_my-bucket-id/. Please ensure you have OWNER-role access to this resource.
So, I tried to list the default ACL for this bucket, and found:
$ gsutil defacl get gs://pubsite_prod_rev_my-bucket-id
No default object ACL present for gs://pubsite_prod_rev_my-bucket-id. This could occur if the default object ACL is private, in which case objects created in this bucket will be readable only by their creators. It could also mean you do not have OWNER permission on gs://pubsite_prod_rev_my-bucket-id and therefore do not have permission to read the default object ACL.
[]
Conclusion:
It really makes me think that, even using the project owner account, this account doesn't have the OWNER role on the Play Store bucket. This means ACLs can't be modified, not even listed, as well as notifications can't be enabled since, sadly, we don't really own the bucket.
At the moment, you cannot. Google Play owns these buckets, and end users do not have the bucket FULL_CONTROL access necessary to subscribe to Object Change Notifications.
Related
Apps requesting access to the All files access permission without a permitted use will be removed from Google Play, and you won't be able to publish updates.
This is the bit that's unclear, at least to me. So if an app is currently in the Play Store but targets API 29 and has requestLegacyExternalStorage=true, will that app be removed from the Play Store in the future? If so, that's bad. I get that after November for any updates the target API must be 30.
We received this warning what does it means, we use requestLegacyExternalStorage flag and targetsdk 29, so my app will be removed from play? And what changes i need to do for this?
No, your app is not get removed from playstore...
but your app not might work if you targeted API 30 above. "requestLegacyExternalStorage=true" is a temporary solution provided by google to allow developer to smooth transition to new Secure Storage Model.
Many apps that had no legitimate need to read all the files stored on the device’s storage were requesting this permission, causing Google to narrow storage access permissions with Android 11’s “Scoped Storage” changes.
You have two option:
If your app require little to moderate use of storage > Use “Scoped Storage”
If your app is such as File Manager,Anti-virus,etc in which required all storage file access to work effectively and efficiently > Use "All files access"
Further query link_1 , link_2
I want to create an app that only my family members will be using. It needs to access Google Drive files using oauth access (to be precise it will be PHP client).
I've set permissions in Google API Console ./auth/drive.readonly.
I realize that I'll get an unverified app warning, but anyway, when I try to access the resources I get 403 error. Also when accessing for the first time and pasting the URL to get verification code it only says that app will have access to metadata, which is default permission.
Is it possible at all to create this kind of unverified app that will have those "unsafe" access to drive?
If anyone faces the same problem - when requesting access through an API, be it REST or PHP library one needs to specify the permissions app will be using. Those need to match the ones specified in Google Dev Console.
I am trying to access Google play developer API https://developers.google.com/android-publisher/ to build an inapp purchase product for my company Application.
We have to get authorization to make a GET call to the Google play developer API. https://developers.google.com/android-publisher/api-ref/purchases/subscriptions/get
I followed the steps presented here. https://developers.google.com/android-publisher/authorization
Created an Oauth client and and also service account. The gmail account I used was part of the 'Users and permissions' in play.google.com console.
But when I tried to access the API, I got an error
As I started searching about this error, I understood that there is something else called 'API Access' in play.google.com. When I tried to access it, All I saw was
But I saw in other posts that there exists a screen with details like
https://i.stack.imgur.com/Hdjjy.png
So how can I go forward to access API. I did everything as mentioned in documentation of google but it didnt work. Also I dont have access to see the screen of 'API Access'.
Also I am confused, if you can create service accounts from both 'API Access' screen and also from 'credentials' screen in console.developers.com, which one should be used ?
Just to check you understand there are a few different APIs to do with in-app purchases.
Play billing library is designed to be used in your app. This is what allows users to buy things from your app
Configuring in app products. When your app supports in-app products you have to support what the products are and the prices. This is done via the Play console, either manually or in batches uploading CSV files.
Finally is the API you refer to in your question. This is not designed for use in your app, and you don't have to use it to support in-app products. Instead this API allows your server (not app) to validate a user's purchase. In order to use this API, you need to enable the "API access" in the page you found. This can only be enabled by the account owner for the Play console, for security reasons. You will need to find the Owner of your Google Play account, and get them to log in and create a service account which has API access.
I am able to access it now. I am not the owner of the Google Play console.That was the issue. You just have to go to API Access page and click on "create OAuth Client" or "create Service Account ".
You can use those credentials to access API from postman or through your code.
I created a new Service Account in Cloud Project, and want to restrict this account's permission to only use one specific Google API listed here.
Lets say my application using this service account should only be allowed to use "Google Analytics API". If possible, further limited to use subset of API requests (for ex. analytics.management.customMetrics.list, analytics.management.filters.insert etc.
I tried to create custom Role, but when I try to add necessary Permission, I don't see me desired permissions listed in that list... (attach screenshot)
How can I restrict this Service Account permissions to specific APIs?
Also,
does it make any difference creating new project in
https://console.developers.google.com/ or in
https://console.cloud.google.com/ ? I san see a project in both places
anyways...
In your case because you are using the Google Analytics API, there is an additional step where you need to add the Service Account to your Google Analytics account. If the Service Account is not added then it won't have access to the resources inside of Google Analytics.
See "1. Enable the API" in the following link:
https://developers.google.com/analytics/devguides/reporting/core/v4/quickstart/service-py
Add service account to the Google Analytics account
The newly created
service account will have an email address that looks similar to:
quickstart#PROJECT-ID.iam.gserviceaccount.com
Use this email address
to add a user to the Google analytics view you want to access via the
API. For this tutorial only Read & Analyze permissions are needed.
See the following for some guidance on managing users in Google Analytics
https://support.google.com/analytics/answer/1009702
I've been crawling the web but haven't been able to figure this out.
I want to write an app with the following behavior: it presents existing users of Google Cloud with a login window to which they enter their Cloud credentials - user and password. With those credentials, I want to programmatically access and fetch their respective billing data so I can later display it to them. This should obviously be able to serve multiple users.
I don't understand how to get past the very first step, which is - what do I do after I get the credentials? Is there a client library method to which I supply them and then gain access to the user's info?
You can use Firebase Authentication or Google Identity Toolkit, see sample here