trying to use the query parameter in drives.list() API, but failed with wrong parameter, although I copied/paste a.google example...
return gapi.client.drive.drives.list({
"q": "name='ts'"
})
what's wrong with this syntax?
well I just realized that the query parameter name is only available when using an admin account. not cool
Solely by itself, the name parameter is available to anyone making the request.
Service accounts, however, are special accounts representing non-human users that need to authenticate and be authorized to access data in Google APIs.
For the purpose of making a Drive API request, just creating a service account is not enough.
The main purpose of granting domain-wide authority to a service account is for these accounts to be able to access data on behalf of a user in your domain as otherwise the service account acts like just another account and it is trying to access its own data from Drive.
Reference
Using OAuth 2.0 for Server to Server Applications;
Drive API Search for Files and Folders.
Related
I am currently working with the Google Analytics API. I have implemented ga react package, so the analytics tool can show me the required data.
As per my understanding, Google uses OAuth 2.0 to identify the user and grant access. As my application has it's own user(s) and every user is not available in google.
Is it possible to access the Google analytics API inside my application?. API should get called using an only the API key.
So is it possible to access Google analytics API with the only key?
First off let me start by saying im not sure i understand this statement
As my application has it's own user(s) and every user is not available in google.
I am going to assume that you are trying to show the users of your application the analytics data from a single analytics account which they dont have access to.
API Keys
Api keys are used to access public data only. Public data is data that is not owned by any user. Public Videos on YouTube, Google analytics meta data API, Holiday calendars on google calendar these are all examples of Public data not owned by any user.
Private data
In order to access private user data you must have the permission of the user who has access to that data. Google analytics data is private user data you own the data associated with your account. In order for your application to access that data it must have your permission to do so. Permission is grated using Oauth2.
If you will only ever be accessing your own account and you will not be accessing data owned by other users then you could consider using a service account. Service accounts are dummy users you can share your google analytics account with the service account there by preauthorizing its access and it will then be able to access the data without needing to be logged in all the time. The issue with service accounts is that it cant be used client side you will need to use server sided code for this. I am not a react developer so im not sure if thats one of the JavaScript frameworks that can also run server-sided or not.
This is what I am trying to accomplish: I have a static website hosted with Firebase Hosting and it has a Google Forms Form. Upon clicking the submit button, I want to also send the user an email confirming that we received the form. I have written a Firebase function using an HTTP endpoint. However, that endpoint is exposed to the public. Is there any way I can protect this function? I know that we can do an auth verification with a logged-in user but I don't need the visitor to create an account to submit the form.
Thank you!
HTTP triggers deployed by the Firebase CLI are always accessible to anyone with an internet connection. The only access control is provided by Google Cloud to restrict access by IAM, which is not going to be helpful to you here.
What you should do instead is protect the endpoint to be accessible only by users signed in with Firebase Authentication. There are plenty of examples of this.
How to protect firebase Cloud Function HTTP endpoint to allow only Firebase authenticated users?
Callable functions also make it easy to check if the end user is authenticated at the time of the call.
Another possibility might be, to use req.headers["x-forwarded-for"] in order to compare the request's source IP address. It's not exactly a domain-check, because TCP/IP does not know about the DNS, but it still could be combined with a reverse lookup (or simply a list of IP address/es). It depends on the scenario (what the function actually does), because this would also work while not being authenticated. It is from where vs. who ...be aware the another Firebase hosting on the same IP address could not be told apart, but it would rule out direct access from the client-side .
I am new to GMail JS API and I was trying to read gmail emails using Javascript according to the quickstart tutorial given explained on below link
https://developers.google.com/gmail/api/quickstart/js
I have followed all the instructions given on the page but I am getting below
error
did I miss something???
Please help me resolve this error
Thanks in advance!!!
You may refer with this thread. Make sure that you are authenticated to the API properly.
To do this, there are two ways:
use OAuth - the Server redirects the user to google's servers, where they can login, grant permission to your app, and pass a token back to
you
Service Accounts. These are a little bit more complicated:
First, you'll have to setup an app (done)
second, you'll have to setup a service account. This is how your app authenticates to google. you've done that, and the certificate
you've got contains the private key to authenticate
third, the user needs to grant your application access to act on behalf of them. This is the point you haven't done yet.
Also, as stated here, certain scopes simply aren't supported for the oauth2 for devices flow.
Additional references:
Invalid scope error when trying to access gmail api
You may refer with this thread.
As per the announcement on May 11, 2017, publicly available applications with access to certain user data must pass review. If you see an access error for your app, submit a request using our OAuth Developer Verification form.
For personal-use apps and those you are testing, join the Google group Risky Access Permissions By Unreviewed Apps, which allows you to approve data access for personal and testing accounts. See the Google API Services User Data Policy for more information.
This blog about how to fix this error might be also helpful.
OAuth invalid scope
I'm trying to use Google Analytics API in Javascript. I want to:
Query Data for a specific website (under my control)
Use the data to build an open-to-the-public dashboard
Every example I can find requires you to use OAuth to authenticate before you can query data. Because I only want to query (not delete/modify), is there a way to use a simple API Key to grab the data I need?
Yes and No. The Google Analytics Core Reporting API is an Authenticated API and requires the use of OAuth2, authorized with the appropriate scope:
https://www.googleapis.com/auth/analytics.readonly
The API key simply identifies your Google Project, it does not necessarily grant you authorization to read the data of your Google Analytics Accounts, even if that account is associated with the same Google Login. The API key is usually public and lives on the client browsers, it would not be secure to grant access to anyone's Google Analytics Account data simply if they had access to a particular key.
What you are going to need to do is use a service account to access the data. Take a look at the Google Analytics Demos and Tools site. There they have a really good example example of using a service account server side to generate an access token and then has the JavaScript Client library make the final request. Alternatively you could build something akin to the Google Analytics Super Proxy which can query the API on your behalf and generates a public URL which can then be queried separately.
I'm working on a page that will be available to certain users where they can see shared Google Analytics data. I want to pull the data with JavaScript and I've succeeded in getting an OAuth token for the account with the GA data, but it expires in 1 hour.
How can I use this token for all users coming to the page? I don't need the users to be able to access their own GA data, just the shared data. Is there a way to make the token permanent or to refresh it?
Below I have listed three different possible solutions:
The easiest method might be to grant permission for your desired users to have read access to the view (profile) you want to share and use the embed API to authenticate those users and display that data.
You could look into using the Google Analytics Super proxy. The Google Analytics superProxy allows you to publicly share your Google Analytics reporting data. You can use it to power your own custom dashboards and widgets, transform responses to various formats, test, and much more.
Or you could look into using an authenticated service account. The Google OAuth 2.0 system supports server-to-server interactions such as those between a web application and a Google service. For this scenario you need a service account, which is an account that belongs to your application instead of to an individual end user. Your application calls Google APIs on behalf of the service account, so users aren't directly involved.