I have read through this guide to figure out how the new Google Drive API security changes will affect our DMS application which integrates with google drive using the Google Drive API v2.
From what I understand, a file in google drive which has been shared via a link with domain/anyone will now need to have a resourceKey to get "files referenced by requests to the Drive API".
Question 1: What is meant by "files referenced by requests"? Our current application uses the /files/{id} endpoint to get details about the file (I assume that will include a resourceKey if one exists) and the application also uses the downloadUrl from the files details to download the file. Does the file download count as one of these "requests"? And will our integration break for downloading these link shared files if the user trying to download it hasn't "viewed" it yet?
Question 2: What is meant by "viewed" in this case? Does the user have to open the file for viewing in a browser for it to be considered viewed? If I called /files endpoint to list files within a folder and that link shared file was in that folder, would that be considered viewing the file?
Question 3: If the resourceKey is required for the download, will the resourceKey now be included in the downloadUrl of the response to /files/{id}? This particular blog post mentions that the resourceKey will be included in "exportLinks, webContentLink, and webViewLink" but I don't see any mention of downloadUrl anywhere.
Question 4: If I can access a resourceKey for a file using the /files/{id} endpoint without providing a resourceKey to the /files/{id} endpoint. Then how is this adding any extra security to the shared file?
Related
Google recently announced that to access certain files on google drive my application should use a resouceKey along with the fileId when trying to access google drive through Api. When I checked the files in my google drive I find that not all files have the new resourceKey. I uploaded a new file and that too does not have the new resourceKey.
This lead me to wonder as to what criteria should a file satisfy to be requiring the new resourceKey?
Basically, the resourceKey is required for users who have not been shared the file specifically with them (that is, files shared with Anyone with the link or Anyone in the domain, but not shared with that user specifically) and which haven't accessed that file previously.
Because of this, files that you own, files that you have accessed before, and files that have been shared with you specifically don't require a resourceKey.
You can check the details of the impacted files on the alert center.
Reference:
Update to some Google Drive file links, admin decision recommended before July 23, 2021
Decide how to apply link-sharing security update to Drive
Access link-shared files using resource keys
I know it is possible to get a link that will initiate a download of a file from Google Drive. But this is not exactly what I am looking for. I want to be able to have the link of a file with its extension.
For example, it is possible to do this with Dropbox. I am able to get a direct link if I change "www.dropbox.com" to "dl.dropboxusercontent.com". So if I have a video file, it will play on the browser's player instead of opening the page to download it.
With Google Drive I don't know how to do this. If I generate a direct link, it will then create a link that automatically starts a download. A direct link for a .txt file will not be rendered on the browser. It will be downloaded instead.
So, it is possible to have a direct link to a file in Google Drive that is not the direct link that starts downloading automatically, but instead with the directory/file.ext?
There are several things you need to understand about how the Google drive api works.
When you do a file.get with the Google Drive api it returns a file resource this is the response for the file itself. The information about it that google is willing to share with us. There are two fields here you may find interesting
The first thing you should know is that a file has one or the other of these links not both. If the file is a binary type for example an image you will be given a webContentLink which can be used to download the file, If its say a google sheet then you will be given a webViewLink which can be used to view the file in Google Drive web application.
Which link you get depends entirely upon the type of file it is. No matter which link you get you will still need to have permission to access this file. So whoever clicks the link must have at the very least read permission to the file.
On the Google drive web application we can create links which can be shared with anyone and allow anyone to "access" there is no way to create these links VIA the api.
What you wish to do is out of scope for the Google drive api, probably due to security reasons. Also the simple fact that google drive api is not a file service api it a file storage system. THere is a difference.
Is it possible to upload files to a cloud storage folder for which I have only the shared link with edit permissions? I want to do this from my application, from code, so I'm interested in an API. I've looked into SkyDrive, GoogleDrive and DropBox APIs but I can't find a solution for this scenario in the API references.
It's fine if I have to sign in through the API with a user account to be able to upload the files to the shared link but I need to allow any user that has the link to upload files to that location.
Have I missed anything in the above mentioned APIs or are there any other cloud storage services which supply a solution for my needs?
Yes it is possible.
These are the steps I just took to verify.
User-A creates a folder called 'shared folder'
User-A makes that folder publicly writeable
User-A passes the shared URL to User-B. The key part of the URL is the id=1bxxxxxxx
User-B goes to https://developers.google.com/drive/v2/reference/files/insert#try-it
... where he authenticates himself
... creates a request body containing parent: "id_from_step_3"
... Executes the upload
The result is that User-B has created a file in the folder 'shared folder'
I think you have got your self in a tangle.
Through a shared URL
When someone gives you a URL to view and indeed edit a file that is purely for that file. You can't therefore upload files that way. You can share folders however very easily. https://support.google.com/drive/answer/2494822?hl=en https://www.dropbox.com/help/19/en
As for the API directly I can't really help you I am affraid
Can a google drive application generate a preview for a file (which is not handled by google drive by default) when a file of that type is uploaded by the user, rather than creating it using that application?(Assuming the user has authorized that application)
Unfortunately, no, sorry.
The closest we have is being able to generate a third party thumbnail for a file. Your app can decide how the file will appear in the Google Drive thumbnail view by uploading the necessary image(s).
The video here explains it: http://www.youtube.com/watch?v=jG5-9zlaPL8
If you remember, I'm trying to integrate Google Drive within our website, which is built on Elgg. Elgg already has its native file management system.
What we would like to do is to copy a file from Drive to our server, you know, kind of : Send to My Files. The problem is that I don't see any URL in the file metadata indicating where the file is physically stored.
I can see the copy function in Google Drive SDK but I don't think it allows to copy the file on our own server. Unless I've read it wrong.
Can you help me?
Thanks you.
If you are trying to save a file that has content stored in drive (e.g an image, pdf, etc.), the file's metadata should contain a downloadUrl that can be used to retrieve the file's content through an authorized GET request.
For Google Documents (Google Docs, Google Spreadsheets, etc.), the data is stored in a private format that cannot be understand by third party applications. In this case, your app will have to use one of the exposed exportLinks to export the document into a format understood by your application.