Problem: cannot access Google Analytics View using API service (json credentials)
PHP Fatal error: Uncaught Google_Service_Exception: {
"error": {
"code": 403,
"message": "User does not have sufficient permissions for this profile.",
"errors": [
{
"message": "User does not have sufficient permissions for this profile.",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
Detail: When creating a Google analytics account via "Google Account A [analytics]" and creating an API service "Google Account A [developer console - JSON credentials] I can access Analytics data using the API.
I've been given access (Edit, Collaborate, Read & Analyse, Manage Users ) to "Google Account B [Analytics]. Logged into a web browser I can access and see the GoogleAnalytics of Google Account B and have setup a 'Custom View' to access Custom dimensions.
(GA A [Analytics] -> GA A [Dev console]) --- Access OK
(GA B [Analtyics] -> GA A [Permission granted] -> GA A [Dev console]) --- Error
I am assuming if Google Account B created an API service and passed the credentials.json key file things would run smoothly. I want to use this as a last resort as the client will have no idea how to set this up.
I am looking for a reason (and solution to) why Google Account A can see the analytics view of (Google Account B) but the API service of Google Account A cannot access the view.
Original setup/testing: Google Analytics UserID API extraction
Thanks in advance
Answer: A service account in Google API (that is created when setting up the API project) is associated with a user.
This particular user must also be granted access by the owning Google Analytics account.
i.e. Service account xxxx.yyyy#googlepais.com that is created when
setting up a Google API service account.
Something sounds so simple but I was under the impression that since this account was created by a main Google account that already has access that these permissions were implicitly inherited... Not the case but kind of makes sense. And provides a lot more fine grained control.
Once this was granted the API extracted the correct information.
Related
I need to test with PostMan the API
https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http
But always return 403...
{
"error": {
"code": "Forbidden",
"message": "",
"innerError": {
"request-id": "76cf26ec-0be3-4b51-a8a8-5c70d71e426c",
"date": "2020-05-25T15:38:50"
}
}
}
I have follow this articole to setup postman microsoft article and all work very well, except this API, and I don't understand why
For this problem, it was caused by the app doesn't have permission to create online meeting. When you click the "Get User Access token" in your postman, it will get the access token which includes the permissions you added to the app before. If you want to test the create online meeting api, you need to go to azure portal and add appropriate permissions for it. Please refer to the steps below:
1. Go to azure portal and click "Azure Active Directory" --> "App registrations" --> "All applications". Search the app by the ClientID which you set in your postman for the graph environment.
2. In you registration app, click "API permissions" and add the OnlineMeetings.ReadWrite permission for it.
After add the OnlineMeetings.ReadWrite permission, don't forget grant admin consent for it.
3. Now you need to get the user access token again in your postman, please click "Get User Access Token" in your postman. You can check the permissions by copy the access token to this page, it will parse the access token and you can check if the token contains the OnlineMeetings.ReadWrite permission.(As add the permission to access token requires a few minutes, so you'd better parse the access token to check if it contains the permission)
4. Then you can test this api in your postman (below I provide a create online meeting sample for your reference).
My Registered Application uses the REST API to synchronize files with "OneDrive for Business". It worked for a year, but recently, my customer reported an error when syncing with "OneDrive for Business". It responds with an error when my app lists or uploads files to it.
For example, listing files in "OneDrive for Business":
https://mydomain-my.sharepoint.com/_api/v2.0/me/drive/items/root/children?select=id,name,size,deleted,folder,file,parentReference,lastModifiedDateTime
"OneDrive for Business" returns the following error:
{
"error": {
"innerError": {
"code":"invalidAudienceUri"
},
"code": "unauthenticated",
"message": "Invalid audience Uri 'https://api.office.com/discovery/'."
}
}
My application has logged correctly into "OneDrive for Business" by OAuth2 and added the authentication header correctly.
Could someone tell me what the cause of the error, how to avoid the problem?
From the hint of Brad, I have resolved the problem, but may not a beautiful way.
Here is the program steps to resolve the problem: (Sorry I have omitted the links, because I can not put too many links)
Show the OAuth2 consent dialogbox, let the user allow the application to access the OneDrive for Business, obtain the Authentication Token (AuthToken).
Use the AuthToken to get the AccessToken and RefreshToken of discovery API. Here is the help of discovery API.
Use the above AccessToken to access discovery API to get the resource URI of your account. The result is like "htts://yourdomain-my.sharepoint.com/";
Show the OAuth2 consent dialogbox AGAIN, let the user allow the application to access the OneDrive for Business, obtain the Authentication Token (AuthToken2).
Use the AuthToken2 to get the AccessToken2 and RefreshToken2 of "htts://yourdomain-my.sharepoint.com/".
Access your "OneDrive for Business" resource by AccessToken2 and RefreshToken2.
Old OneDrive for Business API need not Step4 and Step5, just use AccessToken and RefreshToken to access the resources, but new APIs need Step4 and Step5.
I am getting the following JSON exception while I am executing the query using the java application for Big-Query API. Following is the exception I am getting:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "accessDenied",
"message": "Access Denied: Job eco-span-847:job_LyHmZIvlY1_0J8JQ3pxThEBf19I: The user does not have permission to run a query in project eco-span-847"
}
],
"code": 403,
"message": "Access Denied: Job eco-span-847:job_LyHmZIvlY1_0J8JQ3pxThEBf19I: The user does not have permission to run a query in project eco-span-847"
}
}
Why is this occurring and how could I resolve this?
To insert a query job in a project the calling user must be at least a Reader on the project.
When using the BigQuery API, you need to construct the client with OAuth credentials for some user. For programmatic access, this is often a Service Account identity. When you create a new Service Account, that account is not automatically added a membership role to your project.
To update the users and service accounts that are members of your project, go to https://console.developers.google.com/ for your project, select "Permissions" in the navigation panel, and make sure the user or service account identity you are calling with is a "Reader" on the project.
Check email/service account is it added in google cloud's IAM&Admin.
Verify the role/permission to use certain api. access control
If above are not met, communicate with the Owner/Admin of the project to add them in.
Working with Google Plus API, I have enabled the google+ api in developer console and regenrated the appkey multiple times and trying to access the profile using profile.get but everytime i am getting the following issue:
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
],
"code": 403,
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
}
Here is the link, i am trying to do:
https://www.googleapis.com/plus/v1/people/113377691202864347297?key={myKey}
passing my generated key for that domain, i am getting the above error. why it is not working
Screenshot of Enabled API's
I am guessing you're using the wrong API key. The API key is not a client ID or a client secret - it shouldn't have '.' in it. In the new console (https://developers.google.com/console) they are generated under the Credentials > Public API Access section and should look something like 'AIzaSyC-iPgOiU2hSqnpjc-KrtHpwThsWh_hQdO'.
If you've made one make sure that the allowable IP addresses or browser URLs (depending on key type) include the one you're making the call from. I included a screenshot of the key section below.
Which jar should i include for retrieving public posts of user.
Iam using google+ v1 api jars but there seems to be some problem with json. It is not able to resolve it.
I want to use Google Shopping Search API for products search. I have followed all the steps stated in document. First I created a google account, then went to GOOGLE APIs console to create a project and got an API key. I want to use this service as publishers in the Google Affiliate Network who can use the API to access product offers from their advertisers of choice.
Then I signed up at google affliate network to get pid. Then I send request to some advertisers to join their program from my affiliate admin panel. Now I have one advertiser approved. Now on this document, it states that to request feed to access products from google affiliate network advertisers of publisher I have to use the following url
https://www.googleapis.com/shopping/search/v1/source/products
Where source in the url is replaced by gan:mypublisherid after putting this my url looks like
https://www.googleapis.com/shopping/search/v1/gan:myid/products?key=mykey&country=US
But When I access this url i found following json error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "conditionNotMet",
"message": "authentication is required for GAN",
"locationType": "header",
"location": "If-Match"
}
],
"code": 412,
"message": "authentication is required for GAN"
}
}
Now my question is how to get authenticated? Is my url is correct or there is some thing other way to do this?
Best Regards.
Read this article. The last part i.e. authentication.
You have to get an access token before using the API. You can either use OAuth or Client Login token. To get a token using Client login you can use cURL. Remember to put servicetype as shoppingapi as the document says.