I have a project owner permission on bigquery. And I able to create/delete/insert records into bigqquery table from UI.
However, when I am trying from Python, I am getting following error.
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"method": "google.cloud.bigquery.v2.JobService.ListJobs",
"service": "bigquery.googleapis.com"
}
}
]
}
}
Following is my code
def insert_data():
client = bigquery.Client()
job_config = bigquery.LoadJobConfig(
write_disposition=bigquery.WriteDisposition.WRITE_TRUNCATE,
source_format=bigquery.SourceFormat.CSV,
skip_leading_rows=1,
)
uri = " gs://xxx/csv_files/csv_test.csv"
table_id="xxx.Gaurang.csv_data"
load_job = client.load_table_from_uri(
uri, table_id, job_config=job_config
) # Make an API request.
load_job.result() # Waits for the job to complete.
You must authenticate when you use Google's libraries; Cloud Console and gcloud authentication does not extend transparently to code using the libraries.
Google's documentation is comprehensive and an example is here:
https://cloud.google.com/bigquery/docs/reference/libraries
Generally code run as a Service Account; the Service Account provides an identity and -- with Google Cloud services -- IAM provides roles/permissions based access, see BigQuery: access control with IAM.
Google provides a mechanism called Application Default Credentials that facilitates running code as a Service Account.
Related
When I try to access Admin SDK API I get this error:
XHRGEThttps://admin.googleapis.com/admin/directory/v1/users?customer=some_custumer
[HTTP/3 403 Forbidden 220ms]
Even passing a API_KEY (&key=my_api_key), the same happens.
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"errors": [
{
"message": "Insufficient Permission",
"domain": "global",
"reason": "insufficientPermissions"
}
],
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "ccc.hosted.frontend.directory.v1.DirectoryUsers.List",
"service": "admin.googleapis.com"
}
}
]
}
}
Header:
www-authenticate
Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/directory.user https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/apps.directory.user.readonly https://www.googleapis.com/auth/directory.user.readonly https://www.googleapis.com/auth/cloud-platform"
I've configured my app on Google Console. Configured the authentication and scopes like this scopes. I've also configured domain-wide-delegation in Admin Console. I'm expecting to list all Workspace users through this API, but I got this error.
The OAuth works fine.
I am not sure what you are using but here you have my assumptions:
If you are using OAuth, you will need to use a user with enough
privileges to list your users (a super admin account for example)
If you are using a service account, besides allowing wide domain
delegation you need to implement impersonation in your code, that
way you will specify which account the service account will
impersonate to make the API call. So, it is very important to
impersonate an account with enough permissions
If you have any questions please let me know
I am trying to send a WhatsApp message using Facebook graph API
https://graph.facebook.com/v13.0/107858631967863/messages
with below payload
**{
"messaging_product": "whatsapp",
"to": "XXXXXXXXX",
"type": "template",
"template": {
"name": "hello_world",
"language": {
"code": "en_US"
}
}
}**
But I am getting below error message ,
**{
"error": {
"message": "An unknown error occurred",
"type": "OAuthException",
"code": 1,
"error_subcode": 2593006,
"is_transient": false,
"error_user_title": "Account Not Exist",
"error_user_msg": "Account does not exist in Facebook Hosted API, please use /register API to create an account first.",
"fbtrace_id": "ApD14BKT4ZcnAmQe7aMNBYH"
}
}**
You need to first register the number on WhatsApp Cloud API before you can begin messaging. Checkout their developer docs: https://developers.facebook.com/docs/whatsapp/cloud-api/reference/registration
Note, you will need to add the number to the Business Manager account and verify it in the process first.
Goal:
I have a simple web application where I submit my Blood Pressure and Heart Rate measurements.
Now I'd like to submit these measurements to my Google Fit Account.
I tried Googles tutorial: https://developers.google.com/fit/scenarios/write-bp-data
OAuth2 Setup
I created new credentials in one of my existing Cloud Console Projects. And then requested a new authorization code using the following scopes (The project is in Testing State and my account is registered as tester):
https://www.googleapis.com/auth/fitness.blood_pressure.write
https://www.googleapis.com/auth/fitness.heart_rate.write
Requesting the token returns the following response:
{
"access_token": "ya29.XXXXXXXXXXXXXXXX",
"expires_in": 3599,
"refresh_token": "1//XXXXXXXXXXXXXXXX",
"scope": "https://www.googleapis.com/auth/fitness.heart_rate.write https://www.googleapis.com/auth/fitness.blood_pressure.write",
"token_type": "Bearer"
}
As you can see, both write scopes are granted.
Additionally, if I check the permissions in my Google Account, both scopes are set.
Create dataSource
Now I create two dataSources (one for com.google.heart_rate.bpm and one for com.google.blood_pressure).
creating the Heart Rate dataSource works as expected, but creating a dataSource for Blood Pressure returns a 403 PERMISSION_DENIED Error:
Request (POST https://www.googleapis.com/fitness/v1/users/me/dataSources)
{
"dataStreamName": "BPA-BloodPressure",
"type": "raw",
"application": {
"detailsUrl": "https://aaa.bbb.ccc",
"name": "Blood Pressure App",
"version": "1"
},
"dataType": {
"name": "com.google.blood_pressure"
}
}
Response
{
"error": {
"code": 403,
"message": "Scope not included to modify data of type com.google.blood_pressure. Possible scopes: https://www.googleapis.com/auth/fitness.blood_pressure.write",
"errors": [
{
"message": "Scope not included to modify data of type com.google.blood_pressure. Possible scopes: https://www.googleapis.com/auth/fitness.blood_pressure.write",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
The Google Fit REST API tells me that the Scope fitness.blood_pressure.write is missing, but as you can see the Scope is given for the used access token.
Notes
I am working with Postman to test all requests. Later a Java/Groovy or PHP backend will used.
I also tried with read and write scopes for both data types.
I can see my app with both write scopes in Google Fit under "Connected apps".
Change dataType name to "fitness.blood_pressure" instead of "com.google.blood_pressure"
The body will be like this.
{
"dataStreamName": "BPA-BloodPressure",
"type": "raw",
"application": {
"detailsUrl": "https://aaa.bbb.ccc",
"name": "Blood Pressure App",
"version": "1"
},
"dataType": {
"name": "fitness.blood_pressure"
}
}
https://anypoint.mulesoft.com/apiplatform/anypoint-platform/#/portals/organizations/68ef9520-24e9-4cf2-b2f5-620025690913/apis/8617/versions/40329/pages/35412
/applications/{domain}/logs Traits: environment_based
Retrieve log messages for the application, ordered newest to oldest.
I am trying to access this api but am unable to relate what client id does it ask. Also I am unable to relate to oauth authentication this needs.
I am new to mule.
i am sharing the steps by step instructions to access the details of apps from api.
Step 1 : Get the access token from the Api
https://anypoint.mulesoft.com/accounts/login?username=YOUR_USERNAME&password=YOUR_PASSWORD
NOTE : Use POST method and add Header Content-Type=application/json
You will get response in JSON format like below
{
"access_token": "44126898-7ed8-4453-8d28-skajnbf",
"token_type": "bearer",
"redirectUrl": "/home/"
}
Step 2: Get your organization id
https://anypoint.mulesoft.com/accounts/api/me
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
Example : Authorization = Bearer 44126898-7ed8-4453-8d28-skajnbf
In the response you will have a section where you will get you organization related details like below
"organization": {
"name": "Sample",
"id": "c1e68d1e-797d-47a5-b",
"createdAt": "2016-11-29T09:45:27.903Z",
"updatedAt": "2016-11-29T09:45:27.932Z",
"ownerId": "68df9a5",
"clientId": "7200350999564690",
"domain": "******",
"idprovider_id": "mulesoft",
"isFederated": false,
"parentOrganizationIds": [],
"subOrganizationIds": [],
"tenantOrganizationIds": [],
"isMaster": true,
"subscription": {
"type": "Trial",
"expiration": "2016-12-29T09:45:27.906Z"
},
Step 3: Get the environment Details
https://anypoint.mulesoft.com/accounts/api/organizations/YOUR_ORGANIZATION_ID_FROM_ABOVE/environments
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
Example : https://anypoint.mulesoft.com/accounts/api/organizations/c1e68d1e-797d-47a5-b/environments
You will get all available environments in the response in JSON format as below
{
"data": [
{
"id": "042c933d-82ec-453c-99b2-asmbd",
"name": "Production",
"organizationId": "c1e68d1e-797d-47a5-b726-77asd",
"isProduction": true
}
],
"total": 1
}
Step 4: Now specify the domain name and fetch the logs
https://anypoint.mulesoft.com/cloudhub/api/v2/applications/YOUR_CLOUDHUB_APP_NAME/logs
Example : https://anypoint.mulesoft.com/cloudhub/api/v2/applications/first-test-api-application/logs
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
X-ANYPNT-ENV-ID = ENVIRONMENT_ID_YOU_GOT_ABOVE
Example : X-ANYPNT-ENV-ID = 042c933d-82ec-453c-99b2-asmbd
You will get the logs in JSON format as below
{
"data": [
{
"loggerName": "Platform",
"threadName": "system",
"timestamp": 1480503796819,
"message": "Deploying application to 1 workers.",
"priority": "SYSTEM",
"instanceId": "583eb1f1c4b27"
},
{
"loggerName": "Platform",
"threadName": "system",
"timestamp": 1480503797404,
"message": "Provisioning CloudHub worker...",
"priority": "SYSTEM",
"instanceId": "583eb1f1e4b27"
}
],
"total": 2
}
NOTE : FOR ENHANCED LOGGING YOU SHOULD SELECT APPROPRIATE DEPLOYMENT AND INSTANCE IDs TO GET LOGS IN SIMILAR MANNER
Hope this Helps for Beginners
To see the clientID. Log into your CloudHub account. Click on the "gear" icon in the upper right corner. Click on the name of your organisation. you should now see your "clientID" and the "ClientSecret" ID.
Before you use the CloudHub APIs or the Anypoint platform APIs you have to create an account on the Anypoint Platform - Check the architecture of the Anypoint API platform #
https://docs.mulesoft.com/anypoint-platform-for-apis/anypoint-platform-for-apis-system-architecture
Once your are done with the registration with the Anypoint API platform you need to set up users, roles & privileges as an admin -
https://docs.mulesoft.com/anypoint-platform-administration/managing-accounts-roles-and-permissions
As admin you need to control access to APIs by creating & supplying client Id and client Secret - https://docs.mulesoft.com/anypoint-platform-administration/manage-your-organization-and-business-groups
I guess that's the client you referring to. It needs to be present in the request for all the APIs.
As far as OAuth is concerned, it is not completely functional on Cloudhub API. You will have to raise a ticket for support. Check this out -
https://docs.mulesoft.com/mule-user-guide/v/3.7/mule-secure-token-service
If you are new to Mule, run through the Mule Intro videos and try out the Anypoint Studio to get feel of Mulesoft Applications.
Hope this helps.
I'm trying to use the Google Fusion Tables API without success.
I created a table, set it to Public and I'm trying to access the API for my browser to this address:
https://www.googleapis.com/fusiontables/v1/query?sql=SELECT%20*%20FROM%201pheecBEHLRXeMA1cDSNGqhuXJ7srp9A3i1r3sdd6%20ORDER%20BY%20nome&key=my_key_access
But I always get this response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Forbidden"
}
],
"code": 403,
"message": "Forbidden"
}
}
My table has registered data
What can be happening?
You must also enable the download-option for the table to be able to request data via the Fusion Tables API