Google Drive API 403 Forbidden - google-drive-api

We are using the Google drive API to allow our users to browse and select a file to use in a report. One of our users (the issue is not widespread) is getting an error(below) when attempting to get a list of files.
JSON body returned from Google:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Forbidden"
}
],
"code": 403,
"message": "Forbidden"
}
}
Which is a bit confusing as it is not one of the listed errors here: https://developers.google.com/drive/web/handle-errors
Does anyone have any ideas on what might be causing this? Thanks for any insight!

It turned out to be related to this question: Getting a 403 - Forbidden for Google Service Account
This user's company did not have Google Drive as one of their activated apps.

This error also occurs if you disable the Google Drive setting called "Allow users to install Google Drive apps". This might be a good thing to check if you are certain that Google Drive is already enabled.

Related

dailyLimitExceededUnreg error on authenticated download requests for abusive files

I'm getting the following error when trying to download files from my Google Drive folder using JavaScript.
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "dailyLimitExceededUnreg",
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.",
"extendedHelp": "https://code.google.com/apis/console"
}
],
"code": 403,
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
}
}
I'm using googleapis library, version v3 with OAuth2 authorization.
My function downloads most of the files correctly but throws an error on some specific ones each time I run it.
The library itself prints cannotDownloadAbusiveFile error in the console but the response link shows the error above.
The acknowledgeAbuse flag is set to true. The files that this method refuses to download can't be downloaded from the web-interface either because of the viruses.
I tried changing the Google Drive user in OAuth2 to the creator of the files (it was just someone who has access before), it didn't fix anything.
Daily Limit for Unauthenticated Use Exceeded.
Means there is an issue with your authorization at some point you are sending a request with either a missing access token or an expired one.
As for cannotDownloadAbusiveFile you can set a flag in your request it should be one of the optional parameter's. acknowledgeAbuse='true' this will allow you to download files that Google has denoted as unsafe. If it contains malware though from what i recall only the owner can download that.

Listing files over REST using API Key gives 403

I am simply trying out curl examples from the GDrive API Explorer, specifically this call:
https://developers.google.com/drive/api/v3/reference/files/list
However when I copy the example and execute it with my API key, I get this error:
curl https://www.googleapis.com/drive/v3/files?key=AIzaSyCQfFNMxHVJRaTvXXXXXXXXXX
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientFilePermissions",
"message": "The user does not have sufficient permissions for this file."
}
],
"code": 403,
"message": "The user does not have sufficient permissions for this file."
}
}
When I try to get a single file using files/{fileId} with the same API key, it works fine and the file metadata is returned.
What is the deal here? Does listing require special permissions, or does API keys have limitations, or..?
Just a hunch, you are trying a file that is not public, that is why you are receiving 403:insufficientFilePermissions. To access this you must authenticate your request using OAuth 2.0.
You can check the documentation About Authorization:
Your application must use OAuth 2.0 to authorize requests. No other
authorization protocols are supported. If your application uses Google
Sign-In, some aspects of authorization are handled for you.

Change Google Service Account picture

As I am using service account to share Google Drive documents, it would be nice to get in invitation email a company picture instead of the silhouette.
Is it possible to change somehow Google Service account picture?
I tried using the Google Admin SDK, but I get the following error:
404 OK
- SHOW HEADERS -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Resource Not Found: userKey"
}
],
"code": 404,
"message": "Resource Not Found: userKey"
}
}
I tried this through the API explorer:
https://developers.google.com/admin-sdk/directory/v1/reference/users/photos/update
EDIT, the userKey is the email address of the account. In the service account case it is in the format:
account-name#project-name.iam.gserviceaccount.com
Get your service account to use delegation to impersonate and use a separate Google Apps account email address to do the document sharing. Set the photo in that Google Apps account.

Can't retrieve objects from Google Cloud Storage by their mediaLink

i wrote a project that work well with upload and download objects to/from Google Cloud Storage. I'm able to retrieve the content, the stream, the metadata, but when i get the 'mediaLink' of an object and paste it to the browser, i got this error:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
the format of mediaLink URL is shown here:
https://content.googleapis.com/storage/v1/b/bucketname/o/folder%2Finsidefolder%2Fexample.txt
I'm authenticated in my website by the OAuth 2.0 flow, and all the objects uploaded on GCS are with a custom AccessControlList which i decided to set into "allAuthenticatedUsers" in order to give access only to user that are authenticated with my website.
Could anyone help me to solve this issue? Thank you so much
The media link is not inherently authorized. You need to authorize a download using the media link in the same way you'd authorize any other request: by including an appropriate "Authorization" header.
Without providing read permission to "AllUsers", the media link will not work in a web browser.
Also, "AllAuthenticatedUsers" does not mean users that are authenticated with your website. It means "anybody with any Google account."

Google maps APIs for Business returning error code 403 reason accessNotConfigured

I am using Google Maps APIs for business to get location against Cell IDs and MAC addresses of WiFi access point.
That code was working fine on beta server. Now as I moved to production server, I am getting following response
{ "error": { "errors": [ { "domain": "usageLimits", "reason": "accessNotConfigured", "message": "Access Not Configured. Please use Google Developers Console to activate the API for your project." } ], "code": 403, "message": "Access Not Configured. Please use Google Developers Console to activate the API for your project." } }
In console, Beta server IP was added in allowed IPs. I have added production server IP as well. Still getting above response.
Do I need to generate new key after change in allowed IPs or any other change?
The message is self-explaining activate the API for your project
Go to the console, select the desired project(when you have multiple projects), go to APIs & auth ->API's and activate the service Google Maps Geolocation API