Google Sheets - "The caller does not have permission" exception - google-sheets-api

I am using v4 and google/apiclient:2.9.1 (php).
I successfully access the spreadsheet through oauth2. It is meaning I can read and edit data. But sometimes I get 403 http code with a body
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"errors": [
{
"message": "The caller does not have permission",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
for no apparent reason. I don't change the permissions of spreadsheet, don't revoke permissions, etc. Re-access request is successful and the data becomes available again through API.
Why it happens? How do I get rid of the need to re-request access permissions?
This is repeated on different accounts and spreadsheets.

Related

Why I'm getting a 403 (Insufficient Permission) error on Google Workspace Admin SDK?

When I try to access Admin SDK API I get this error:
XHRGEThttps://admin.googleapis.com/admin/directory/v1/users?customer=some_custumer
[HTTP/3 403 Forbidden 220ms]
Even passing a API_KEY (&key=my_api_key), the same happens.
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"errors": [
{
"message": "Insufficient Permission",
"domain": "global",
"reason": "insufficientPermissions"
}
],
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "ccc.hosted.frontend.directory.v1.DirectoryUsers.List",
"service": "admin.googleapis.com"
}
}
]
}
}
Header:
www-authenticate
Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/directory.user https://www.googleapis.com/auth/admin.directory.user.readonly https://www.googleapis.com/auth/apps.directory.user.readonly https://www.googleapis.com/auth/directory.user.readonly https://www.googleapis.com/auth/cloud-platform"
I've configured my app on Google Console. Configured the authentication and scopes like this scopes. I've also configured domain-wide-delegation in Admin Console. I'm expecting to list all Workspace users through this API, but I got this error.
The OAuth works fine.
I am not sure what you are using but here you have my assumptions:
If you are using OAuth, you will need to use a user with enough
privileges to list your users (a super admin account for example)
If you are using a service account, besides allowing wide domain
delegation you need to implement impersonation in your code, that
way you will specify which account the service account will
impersonate to make the API call. So, it is very important to
impersonate an account with enough permissions
If you have any questions please let me know

Google AUTH API Returning 500 Error

This endpoint call has always worked:
https://www.googleapis.com/oauth2/v2/userinfo
Nothing changed. But today around 12:30ET it gives us the following response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Backend Error"
}
],
"code": 500,
"message": "Backend Error"
}
}
Google Services admins said they could not answer and to post here.
I saw a similar spike in 500s on login requests around the same time. It's possible it's just a random hiccup in their services. https://www.google.com/appsstatus#hl=en&v=issue&sid=22&iid=63152ed689097a6944dcdf3f15a12692 reports there was some temporary downtime logging into Hangouts for some users at around that same window -- might be the same thing.

Downloading a public shared file from Google Drive (encountering 500 error)

I run this request:
https://www.googleapis.com/drive/v3/files/1TcBDyugpHQSyUCLZcM0XtHOXo0S9Neh6asQUAYh54EM/export?mimeType=application%2Fpdf&key=[apiKey]
on this public file:
https://docs.google.com/document/d/1TcBDyugpHQSyUCLZcM0XtHOXo0S9Neh6asQUAYh54EM/edit
which is clearly exportable as PDF. I run this same query via Google's API explorer: Files: export
With whatever credentials it grabs, it tells me the response is 200 OK with application/pdf data. However, running the query manually in the browser gives me:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "internalError",
"message": "Internal Error"
}
],
"code": 500,
"message": "Internal Error"
}
}
I had a similar problem with a 400 using the normal File.get method:
https://www.googleapis.com/drive/v3/files/1TcBDyugpHQSyUCLZcM0XtHOXo0S9Neh6asQUAYh54EM?alt=media&key=[api key]
returning:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "badRequest",
"message": "Bad Request"
}
],
"code": 400,
"message": "Bad Request"
}
}
Am I just doing something wrong? Any help appreciated!
API key is used for accessing PUBLIC data. Unless your file is set to public your not going get it using an API key. You will need to be authenticated using Oauth2 and use an access token
https://www.googleapis.com/drive/v3/files/1TcBDyugpHQSyUCLZcM0XtHOXo0S9Neh6asQUAYh54EM?alt=media&access_token=[token]
Error documentation:
400: Bad Request
User error. This can mean that a required field or parameter has not been provided, the value supplied is invalid, or the combination of provided fields is invalid.

google plus auth returning error 401

I am using Google plus auth to log in in web application. It is working properly, but for some time its return error 401. Error JSON is following. I view link Error Description but I did not understand what should I do.
{
"error":
{ "errors":
[
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
As the error page indicated - your access token has likely expired. It sounds like you got an access token once, and are continuing to use it.
Access tokens expire after an hour. After that time, you either need to go through the auth flow again, or use the refresh token to get a new one.

google plus api 403

For some reason I’m not getting the results that I expected using the HTTP POST explorer. I’m getting 403 Forbidden for all userIds that I try.
I used this article to be sure I'm using the correct userId (I even used the userID from the article to see if it was just the ones I tested).
This is where I'm testing: https://developers.google.com/apis-explorer/#p/plusDomains/v1/plusDomains.activities.list
Could there be something wrong with the API?
Here's the full response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Forbidden"
}
],
"code": 403,
"message": "Forbidden"
}
}
For the Plus Domain API, you need to make sure the user you're authenticating as is part of the domain you're making queries for. See https://developers.google.com/+/domains/authentication/ for more details.