Geek Answers Handbook

Continue to get 403 Forbidden from Google API (using client library v1 for PHP)

Okay ... I have to say that I don't have enough experience using the Google APIs, so I will try to explain as much as possible.

I need to use PHP to capture cloud storage data, so I tried my credentials using gsUtil to capture data from a bucket, and it works; But when I try to use the PHP library to capture data, the API answered me with this content:

"error": { "errors": [ { "domain": "global", "reason": "forbidden", "message": "Forbidden" } ], "code": 403, "message": "Forbidden" }

Since he did not tell me which particular step is wrong, so I searched around this site and tried everything that looked like it, but the situation was worth it.

Here is the configuration on my google dev. Console:

 Api Manager > Overall > Enabled API: (a)Drive API. (b)Cloud Storage. (c)Cloud Storage JSON API. Api Manager > Credentials: (a)Api Key / OAuth 2.0 ID / Service Acc. Key are created. (b)Server IPs are added to the Api key accept IP list. (c)Service Account have the Editor permission to the Project, service acc key is bind to this account too.

In PHP:

 $email = '<my gmail>'; $scope = 'https://www.googleapis.com/auth/cloud-platform'; $apiKey = '<my api key>'; $oAuthId = '<OAuth ID>'; $serviceAcc = '<service account id>@developer.gserviceaccount.com'; $keyFileLocation = $_SERVER['DOCUMENT_ROOT']. "/<p12 file>"; $bucketId = '<my bucket id>'; $list = array(); $client = new Google_Client(); $client->setApplicationName("gp-api"); $client->setDeveloperKey($apiKey); $cred = new Google_Auth_AssertionCredentials ( $serviceAcc, array($scope), file_get_contents($keyFileLocation) ); $client->setAssertionCredentials($cred); if($client->getAuth()->isAccessTokenExpired()) $client->getAuth()->refreshTokenWithAssertion($cred); if($client->getAccessToken()) { $reqUrl = "https://www.googleapis.com/storage/v1/b/$bucketId/o/"; $request = new Google_Http_Request($reqUrl, 'GET', null, null); $httpRequest = $client->getAuth()->authenticatedRequest($request); if ($httpRequest->getResponseHttpCode() == 200) { $objects = json_decode($httpRequest->getResponseBody()); foreach ($objects->items as $object) { $list[] = $object->mediaLink; } } else { echo $httpRequest->getResponseHttpCode(); // This is where I got the 403 } }

Please tell me if I missed something.

+2
google-cloud-storage api php google-api gsutil
source share
1 answer

Well, I had a problem: it should impersonate a user account that has privilege of access to the API area that I mentioned in the program.

So, some additional codes should be added as follows:

 $email = '<email account which could access that api>'; $scope = 'https://www.googleapis.com/auth/cloud-platform'; $apiKey = '<my api key>'; $oAuthId = '<OAuth ID>'; $serviceAcc = '<service account id>@developer.gserviceaccount.com'; $keyFileLocation = $_SERVER['DOCUMENT_ROOT']. "/<p12 file>"; $bucketId = '<my bucket id>'; $list = array(); $client = new Google_Client(); $client->setApplicationName("gp-api"); $client->setDeveloperKey($apiKey); $cred = new Google_Auth_AssertionCredentials ( $serviceAcc, array($scope), file_get_contents($keyFileLocation), 'notasecret', 'http://oauth.net/grant_type/jwt/1.0/bearer', $email );

Woooooyaaaaa, another problem resolved! time to move on to the next problem.

0
source share

More articles:


All Articles