Google Drive API Key which is read only - google-drive-api

Our server is customer deployed and uses a Google Drive API key to obtain a tutorial file
listing via
https://www.googleapis.com/drive/v3/files?q=%27FILE_ID%27+in+parents+and+trashed=false&maxResults=1000&key=API_KEY&fields=files(name,webViewLink,id,kind,mimeType)
and file contents via
https://www.googleapis.com/drive/v3/files/FILE_ID/export&key=API_KEY
It is unclear how we can set that API key to be read only though.
I do not see anything on these pages for example,
https://developers.google.com/drive/api/guides/about-auth
https://cloud.google.com/docs/authentication/api-keys

The restrictions you can set to an API key can be found here, so it is not possible to do it this way. Now, the way to achieve what you are trying to do would be by setting up the project with the correct OAuth scopes and using read only scopes, but that can limit your implementation as sometimes the API needs more scopes.
For example, if you were trying to list users using the Directory API, you can see the list of scopes needed here. If you check the list you will see that there is a read only scope listed there.
So, in your project you could just use this specific scope for your implementation, but again some actions require more than just this scope to work, so you could be limited by that as well depending on what your implementation is doing.
Same example for the Drive API in your case. The list of scopes for the Files: list method are here, and you also have read only scopes as you can see in the image below.

Related

Get Labelled Files in GDrive

I wrote a code in Google Appscript to index all files in GDrive and try to identify if those files are labelled or not.
For summary, the Labels feature only available in GWorkspace business account and only the admin of the entreprise who have edit access of this feature.
I tried to use seacrhFiles(param) however the "Labels" isn't recognized by q string query Google, do we have another method to do it ?
Thank you,
Features that are part of workspace business accounts. Are not part of the public Google drive api.
You can tell by looking at the file resource object. It does not contain a field called label.
Your not going to find a method in the google drive api that will return a label on a file.
Even a Google Document resource object doesn't have it.
There may be a restricted api just for workspace users you would have to ask. But its not something i have heard of.
There will be a labels API that will allow you to to create, edit, apply, and remove labels programmatically
As of now, this API is still in development (beta stage), but you can get access to it if you contact drive-labels-feedback#google.com.
References:
https://support.google.com/a/answer/9292382?hl=en&fl=1#zippy=%2Cis-it-possible-to-apply-labels-through-an-api
https://issuetracker.google.com/167701931

How do I quickly list all Google Cloud projects in an organization?

I would like to quickly list all Google Cloud projects in an organization, without AppScript folders.
gcloud projects list can be very slow. This documentation is about speeding it up, but does not show how to retrieve the Appscript folder which is used for filtering. Can that be done from the command line?
Also, gcloud projects list does not have a way to filter by organization. It seems that that is impossible as projects are not linked to their organization except through a tree of folders.
The documentation shows a way of walking the tree, apparently with Resource Manager API, which might do the job, but only pseudocode is shown. How can this be done with gcloud -- or else with Python or another language?
And if there is no way to accelerate this: How do I page through results using gcloud projects list? The documentation shows that page-size can be set, but does not show how to step through page by page (presumably by sending a page number with each command).
See also below for a reference to code I wrote that is the imperfect but best solution I could find.
Unfortunately there isn’t a native Apps Script resource available to work with Cloud Resource Manager API.
Although, it is possible to make a HTTP call directly to the Resource Manager API projects.list() endpoint with the help of UrlFetchApp service.
Alternatively, using Python as mentioned, the recommended Google APIs client library for python supports calls to Resource Manager API. You can find the specific projects.list() method documentation here.
On additional note, if you happen to use a Cloud project to generate credentials and authenticate the API call, you may want to enable Cloud Resource Manager API on your project by following this URL.
I’d also recommend submitting a new Feature Request using this template.
Here is some code that lists projects in an organization as quickly as possible. It is in Clojure, but it uses Java APIs and you can translate it easily.
Key steps
Query all accessible projects using CloudResourceManager projects(), using setQuery to accelerate the query by filtering out, for example, the hundreds of sys- projects often generated by AppScript. The query uses paging.
From the results
Accept those that are the child of the desired org
Reject those that are the child of another org.
For those that are the child of a folder, do this (concurrently, for speed): Use gcloud projects get-ancestors $PROJECT_ID to find the projects in your organization. (I don't see a way to do that in Java, and so I call the CLI.)

Is it possible to enforce a naming standard for an BIM360 Docs folder through the data-management API?

I've been trying to enforce a predefined naming-standard on an Autodesk BIM360 Docs folder.
There exists an API endpoint to get the naming-standard that is enforced for a BIM360 Docs folder by calling
GET projects/:project_id/folders/:folder_id
and also
GET https://developer.api.autodesk.com/bim360/docs/v1/projects/:projectId/naming-standards/:id
to get the details of the defined naming standard.
But there seems to be no public API to enforce a naming standard on a newly created folder. Which is strange since one can set a naming standard via the UI.
I've checked what happens when a user enforces a naming standard via the UI. The UI calls this API
POST /dm/v3/projects/<ProjectId>/folders/naming-standards:batch-enforce
with this data
[{"folderUrn":"<folderId>", "namingStandardId":"<namingStandardId>", "includeSubfolders":false,"operation":"add"}]
I tried calling the same API programmatically and got an error that my registered forge app has no access to the specified api product, although the data-management api is enabled for this app.
Am a little helpless of how to continue. Perhaps someone can give me a push in the right direction?
Thanks
Unfortunately, the naming standard API is READ-ONLY currently. The Write API is still on the way to come. Please stay tuned with us.
Note. The API you found is for Docs Service itself only.

Google Drive API get AppProperties with API Key

Question:
Is it possible to access the appProperties field in a Google Drive document via an unauthenticated user (i.e., via API Key or other method rather than Oauth)?
Background:
I have an app that works as a live document editor. It authenticates users via OAuth and allows them to save those documents to their google drive, and later re-open them in my app (google file ids are saved in my database and will load the document text into my app). Create()-ing and Get()-ing these files works fine as long as the user is signed in, and I have the "appProperties" field storing a couple of additional key metadata items.
As a next step, I would like to allow users to mark a document as "public view", and provide read-only access to their file, even for non-logged-in users. In my head, the flow would work as follows:
User_A authenticates with OAuth and creates a document, saved to their google drive.
User_A presses a button in my app, which sets the google document to a public sharing mode?
App generates a "viewer" link that User_A can share with his friends.
User_B does not have a Google account, but visits the "viewer link", and my app looks up the appropriate google document (using API key? since User_B is not logged in)
Document is loaded into my app for viewing.
This seems to mostly work; I can read the file metadata just fine using the API key, and even get the file contents. Side Note: Why do we need the API Key at all, given the quote on the google drive api page: "Note: Authorization optional."
However, the "appProperties" field always returns empty when using the API key!
Edit: After further searching I am just more confused. The closest answer I could find was from this related question here on stackoverflow:
It's very simple. appPropperties is a private field and is available only to the application that added it.
Based on this, it seems Google Drive is treating requests from my app API Key and requests from OAuth users on my app as two separate apps?
Further, I would eventually like to allow users to collaborate on a single document, owned by one user. So instead of just providing a read-only "view" link, they could generate an "editor invitation" link that would allow an authenticated user (User_B gets a google account now) to be added as an authorized collaborator (but not simultaneous editing) on the original (User_A's) document. Is that even possible?
Note I am using the Node.js google api.
This might be a bug:
appProperties are app-specific properties attached to a file. Any call from this app should be able to access them. Therefore, I think calls from this app using an API key should be able to retrieve these properties.
I could reproduce this behaviour: appProperties are populated when using OAuth, but not when using an API key, even though both are created from the same GCP project.
I filed a bug:
After researching this issue, I think this might be a bug. Therefore, I decided to file a bug on Issue Tracker:
appProperties are not populated when accessing a public File using an API key
To anyone affected by this, I'd suggest to click the top-left star in order to keep track of this and to help prioritizing it.
Reference:
Add custom file properties

Google API PHP Client - Choosing the right Scopes

From the Google documentation, there is an example that references a variable named $scopes:
$scopes = array('https://www.googleapis.com/auth/sqlservice.admin');
This is for sqlservice. I want to use a different scope. How do I choose the right scope? And how do I know it's the right service for what I want? Is there a list of scopes somewhere that match up to which URL's to use?
That line of code returns an array, even though there is no sqlservice.admin file in the auth folder.
I need to use the drive service.
I'm assuming that I should change that line to:
$scopes = array('https://www.googleapis.com/src/drive.php');
But how that integrates into the bigger picture, I don't understand. Do I also need to call OAuth2.php at some point?
I just realized that the array is pointing towards a https://www.googleapis.com/src/ web address and not a file. And I was looking at the OAuth 2.0 Playground, and there is a list of all the scopes.
And I just noticed that if I hover over an item in the list, a help context balloon appears.
So, I guess I can get a list of scopes and descriptions of the scopes from there, although I'd still like to know if there is an official list somewhere other than on the OAuth2 playground.
Each scope is a URN. They also seem to be URL's, but I don't think that's significant. For your app, it's just a string (or list/array of strings - you can specify more than one) that you need to spell correctly. Each Google service supports a range of scopes, each of which grants different permissions. Generally, somewhere within the documentation pages for each service, you'll find a single page that defines the available scopes. In the case of the Drive service, the scopes are defined at https://developers.google.com/drive/web/scopes