I have a question about Google APIs. My goal is to post status to our Google+ company page from server. So it has to be server-side, completely.
I saw hundreds of pages from Google documentation, but I don't understand it at all.
When I try to execute action "plusDomains.activities.insert" (over API Explorer), I'm getting error:
{
"error": {
"errors": [
{
"domain": "plusDomains",
"reason": "forbiddenScope",
"message": "Access to the Google+ Domains API is not allowed as the user has consented to incompatible scopes. See: https://developers.google.com/+/domains/authentication/."
}
],
"code": 403,
"message": "Access to the Google+ Domains API is not allowed as the user has consented to incompatible scopes. See: https://developers.google.com/+/domains/authentication/."
}
}
What is the reason of this error? And what user I have to use? In developers console I have 3 users and 1 full admin (my G-Apps account). What should I set as client-id and to google credentials object?
Many thanks for any advice.
The API Explorer has a bug where it defaults to scopes that are incompatible with Google+ Domains accounts. Go to the Google account permissions list and revoke access from Google APIs Explorer. Go back to the APIs Explorer and authorize again but uncheck the https://www.googleapis.com/auth/plus.login scope leaving only plus.me and plus.stream.write scopes enabled.
Related
According to Instagram API documentation here:
While in sandbox, your app has access to all permissions and you can
generate access tokens with any scope for testing.
But when I try this url :
https://api.instagram.com/oauth/authorize/?client_id=$valid_id&redirect_uri=$valid_redirectURI&response_type=code&scope=basic+likes+comments+relationships
and then logging in successfully, it shows an error as:
{"error_type": "OAuthException", "code": 400, "error_message":
"Invalid scope field(s): likes,comments,relationships"}
What am I missing?
Instagram is discontinuing their platform API in favor of using the new Instagram Graph API and currently all scopes outside of the default basic scope have been removed. In their documentation under Login Permissions (Scopes) here they currently state:
Here are the scopes we currently support:
basic
Even the basic scope will be discontinued soon according to this page:
https://elfsight.com/blog/2018/02/instagram-graph-api-changes/
The following will be deprecated in early 2020:
Basic – to read a user’s profile info and media.
So the way forward is to use the Instagram Graph API instead.
I have a project where the Google Sites API stopped working in March 2019. I am continuously getting the following error message.
I have checked necessary things like API is enabled, scopes and Google Admin API access enabled.
[26-Apr-2019 13:42:02 Europe/Minsk] PHP Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: '{
"error": "unauthorized_client",
"error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}
google-api-php-client\src\Google\Auth\OAuth2.php(314): Google_Auth_OAuth2->refreshTokenRequest(Array)
google-api-php-client\src\Google\Auth\OAuth2.php(239): Google_Auth_OAuth2->refreshTokenWithAssertion()
google-api-php-client\src\Google\Service\Resource.php(214): Google_Auth_OAuth2->sign(Object(Google_Http_Request))
google-api-php-client\src\Google\Service\Directory.php(1703): Google_Service_Resource->call('list', Array, 'Google_S in google-api-php-client\src\Google\Auth\OAuth2.php on line 363
I have not made any changes to my code and to the CREDENTIALS in the Google Developer Console or to the G Suite. What could have gone wrong for the API to stop working suddenly?
Thank you very much in advance.
Got the same surprising behavior with a NodeJS script using Google Sites API.
In GSuite developer admin console, some scopes for Google Sites have been removed (!) a few months ago, and must be replaced by a new one:
Authenticate to https://console.developers.google.com
In the top bar, choose the project corresponding to your app
In the search field at the top, type "Marketplace SDK"
Choose option G Suite Marketplace SDK
Go to Configuration
In section OAuth 2.0 scopes remove scopes:
https://sites.google.com/feeds/site
https://sites.google.com/feeds/activity
https://sites.google.com/feeds/content
Add scope:
https://sites.google.com/feeds
click Save changes
This hint helped me. Using the OAuth 2 API playground shown a much more precise error when using an "old" scope (Invalid legacy scope provided)
When i am trying to login in linkedin via php sdk, I am getting this kind of response.
it was not possible to access the API call: it was returned an unexpected > > response status 410 Response: { "errorCode": 0, "message": "This resource is > no longer available under v1 APIs", "requestId": "SGLV7JGIW9", "status": >410, "timestamp": 1556696042967 }
I need to login into own system via linkedin. Thank you.
From you error message:
This resource is no longer available under v1 APIs
... which implies you are using the v1 API of linkedin
Mircrosoft/linkedin has long communicated, at least on its blog and API migration FAQ that v1 API would be deprecated today (1st of May 2019) and that all developers were required to migrate their app to v2.
You will need to use the v2 oAuth platform for Linkedin as v1 is no longer available (We are doing the same) the Microsfot documentation isn't the best however for the API
Following Google's documentation you should be able to use the YouTube Reporting API without user authentication by using a Service Account.
Currently I have a very simple sample that should give me a list of available Jobs, could be empty though. But I get a 403 permission denied.
Request:
$client = new \Google_Client();
$client->setAuthConfig('service-account-key.json');
$client->addScope(Google_Service_YouTubeReporting::YT_ANALYTICS_MONETARY_READONLY);
$client->addScope(Google_Service_YouTubeReporting::YT_ANALYTICS_READONLY);
$youtube_reporting_service = new \Google_Service_YouTubeReporting($client);
$jobs = $youtube_reporting_service->jobs->listJobs();
Response:
Google_Service_Exception
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"errors": [
{
"message": "The caller does not have permission",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
I verified that the following APIs were enabled:
YouTube Reporting API
YouTube Data API v3
YouTube Analytics API
Google+ API (Having my doubts on this one if that is really necessary)
The thing I don't understand is how the relation should be between projects in Google Cloud Platform and the YouTube accounts.
Has this to do with Delegating domain-wide authority to the service account?
Are you then required to have G Suite enabled?
I see a similar question How to grant access to Youtube Reporting API for a google service account?
exists, but that one may be a bit aged since the last response. I hope my samples and additions will shine a new light over this question.
Is there someone with a working sample? May be in other languages. As long as the flow is clear.
In general, service accounts can be used to impersonate a user account. Making authorized calls is mentioned in Preparing to make an authorized API call.
But to answer the question, Service Accounts do not work with the YouTube API:
Service accounts do not work for YouTube Data API calls because
service accounts require an associated YouTube channel, and you cannot
associate new or existing channels with service accounts. If you use a
service account to call the YouTube Data API, the API server returns
an error with the error type set to unauthorized and the reason set to
youtubeSignupRequired.
I've currently got around 100 sites in Analytics across a few different Google Accounts and one single account has full permissions for every site. If possible I'd like to avoid having to manually add permissions for the Google Service account to each analytics profile.
I'm using the Google Analytics PHP Interface
When attempting to impersonate a user using the $delegate_email argument, I get the following exception:
GAPI: Failed to authenticate user. Error: "{
"error": "unauthorized_client",
"error_description": "Unauthorized client or scope in request."
}
I have read elsewhere about needing to 'Delegate domain-wide authority to the service account' using the Google Apps admin console. However we don't have Google Apps at all. Is there any way around this?
tl;dr
Is there a way to get read only access to Google analytics using a service account and impersonating a user without Google Apps?
I would first encourage you to go through the various Scenarios listed on Google OAuth 2.0 documentation and decide which is best for your application.
Service account require that you add a user to each account you wish to access, but with a web server application the end user simply authorizes your application to read their Google analytics data.
The scope you are looking for is:
https://www.googleapis.com/auth/analytics.readonly