I was able to retrieve access-token using Google Service account but when I tried to use the same access-token to retrieve GooglePlus User Profile API I'm getting the error mentioned below:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Not Found"
}
],
"code": 404,
"message": "Not Found"
}
}
I used scope value as https://www.googleapis.com/auth/plus.me while retrieving access-token using Google service account and I was able to fetch access-token, but then if I try to use the same access-token to request User profile API- I.e
https://www.googleapis.com/plus/v1/people/me?prettyprint=true I get the error above.
Can anyone help me on this?
This is most likely because the account that has done the authentication does not have a Google+ account/profile. For testing, you may wish to replace the "me" with the profile ID in question to verify this. In production, of course, you should catch this error and indicate that they don't have a Google+ profile.
If you need to check for a Google login, even if they don't have a Google+ profile, you can use the https://www.googleapis.com/auth/userinfo.profile scope. See https://developers.google.com/accounts/docs/OAuth2Login for more details.
Related
I've previously developed simple GAS projects that read csv files and inserted them into a BigQuery table and I don't recall using any special authentication since both projects were under my account. However, I'm now getting an error when trying to insert.
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"method": "google.cloud.bigquery.v2.JobService.GetJob",
"service": "bigquery.googleapis.com"
}
}
]
}
}
One difference is that I am now using a personal google account, whereas before I was using a work account, though I haven't seen anything that mentions this distinction for calling BigQuery from GAS.
I've found some blogs that seem to address how to implement an oauth2 auth, but I'm wondering if something has changed in the past ~8months that now necessitates a more explicit auth for BigQuery calls? This doco doesn't mention anything about authenticating - https://developers.google.com/apps-script/advanced/bigquery.
edit:
This was for a csv load/insert job. I remembered that I was previously doing array inserts, and the auth for that job has not changed so I am able to successfully execute those jobs. No idea why the auth is different for a csv-blob job, but hopefully this will save others some time.
The BigQuery API uses OAuth 2.0 access tokens to authorize requests and grant temporary access to the API. In this case, I recommend using a service account to authenticate the API. You can follow these steps to create an account.
If you are using BigQuery client Libraries, you can set up the authentication. If not, you need to follow these steps.
Also, you must have permission to load data into bigquery. You need the following IA permission.
bigquery.tables.create
bigquery.tables.updateData
bigquery.tables.update
bigquery.jobs.create
If you are in cloud storage, you need the following permissions.
storage.objects.get
storage.objects.list (required if you are using a URI wildcard)
I've set up a Google Compute Engine Instance and I want to be able to turn it on and off using a script on my home computer. I see that there's an API that lets me do that by sending a POST request like this:
curl --data '' https://www.googleapis.com/compute/v1/projects/my-project/zones/asia-east1-a/instances/my-instance/stop
but the response I get from that is this:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
So I'm trying to see how I can allow my script authorisation to use the API on the compute engine without having user interaction. How do I do this?
It looks like Google requires OAuth 2.0 authentication, but it seems really complex.
The closest thing I can find in Google's docs is this page but I can't work out how to make it a bunch of curl statements.
This SO thread gets closer, but glancing over the scripts there - it looks like they need user interaction.
I think you need Application Default Credentials. Have you seen this page?
https://developers.google.com/identity/protocols/application-default-credentials
When I try to authenticate against the Zendesk API as an end-user, and then list tickets, it always responds with 403 Forbidden:
e.g.
GET
https://mysite.zendesk.com/api/v2/requested.json
Basic Authorization
returns with a 403
{
"error": {
"title": "Forbidden",
"message": "You do not have access to this page. Please contact the account owner of this help desk for further help."
}
}
It appears that the "tickets" API (like above) is not for end-users. Instead they must use the "requests" API .
So use: https://mysite.zendesk.com/api/v2/requests.json instead...
I am currently researching a way to use the Google Purchase Status API with just HTTP request calls, and I have hit a brick wall. I have an app setup with Google Play, and ownership of the Google Console account.
Basically, I just would like to check the status of a user's purchase on my server. The only information I should be using is the purchase token, product ID, and product package.
I have followed all the documentation on doing this at developer.android.com/google/play/billing/gp-purchase-status-api.html
The HTTPS request call I am attempting to make is this (product names and real strings substituted):
googleapis.com/androidpublisher/v1.1/applications/(com.product.myproduct)/inapp/(com.product.myproduct.product1)/purchases/(myproductpurchasestring)?access_token=(myaccesstokenstring)
and my response is always this:
{
"error": {
"errors": [
{
"domain": "androidpublisher",
"reason": "developerDoesNotOwnApplication",
"message": "This developer account does not own the application."
}
],
"code": 401,
"message": "This developer account does not own the application."
}
}
When polling my access token through this http request call:
googleapis.com/oauth2/v1/tokeninfo?access_token=(myaccesstokenstring)
this is my response:
{
"issued_to": "12345.apps.googleusercontent.com",
"audience": "12345.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/androidpublisher",
"expires_in": 3319,
"access_type": "offline"
}
So according to the documentation at https://developers.google.com/accounts/docs/OAuth2#webserver, I need to:
Authorise myself and retrieve a refreshable access token that is generated from 'Client ID for web applications' in the API access section of the Google API Console. I have done this.
Utilise this access token for google API calls in either of 2 ways: appending the string to the HTTP header 'Authorization', or as part of the HTTPS request itself with the property access_token=(mytokenstring). This part does not work for me, I always get an unauthorised message.
My question I guess would be: is it possible to use a simple HTTPS request call (without external library support) to retrieve the status of a purchased item without user interaction on backend servers?
I would really appreciate any help, most of the other threads are about how to go about getting a refresh token, but I have covered that already.
ok, I figured out my own problem with the help of a colleague. Basically, my access token was being generated under an account which wasn't linked to the project in any way. It would be safest to use the owner of the project's google account when generating the access token.
Phew!
I want to use Google Shopping Search API for products search. I have followed all the steps stated in document. First I created a google account, then went to GOOGLE APIs console to create a project and got an API key. I want to use this service as publishers in the Google Affiliate Network who can use the API to access product offers from their advertisers of choice.
Then I signed up at google affliate network to get pid. Then I send request to some advertisers to join their program from my affiliate admin panel. Now I have one advertiser approved. Now on this document, it states that to request feed to access products from google affiliate network advertisers of publisher I have to use the following url
https://www.googleapis.com/shopping/search/v1/source/products
Where source in the url is replaced by gan:mypublisherid after putting this my url looks like
https://www.googleapis.com/shopping/search/v1/gan:myid/products?key=mykey&country=US
But When I access this url i found following json error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "conditionNotMet",
"message": "authentication is required for GAN",
"locationType": "header",
"location": "If-Match"
}
],
"code": 412,
"message": "authentication is required for GAN"
}
}
Now my question is how to get authenticated? Is my url is correct or there is some thing other way to do this?
Best Regards.
Read this article. The last part i.e. authentication.
You have to get an access token before using the API. You can either use OAuth or Client Login token. To get a token using Client login you can use cURL. Remember to put servicetype as shoppingapi as the document says.