0

I'm trying to make my GAE (python) Application talk to the Prediction API, but I keep getting HttpError: <HttpError 401 when requesting ... returned "Invalid Credentials">

The GAE code I have is:

from handler_request import Request_Handler # My extended Request Handler
from apiclient.discovery import build
from oauth2client.appengine import AppAssertionCredentials
import httplib2

api_key = "<my key for server apps>"

http = AppAssertionCredentials('https://www.googleapis.com/auth/prediction').authorize(httplib2.Http())
service = build('prediction', 'v1.6', http=http, developerKey=api_key)

class ListModels(Request_Handler):
    def get(self):
        papi = service.trainedmodels()

        result = papi.list(
            project='my_project_number',
            maxResults=10
        ).execute()

        self.response.headers['Content-Type'] = 'text/plain'
        self.response.out.write('Result: ' + repr(result))
  • All imported libraries are Google's python API libraries, and are being imported correctly.
  • I'm using, as api_key, my application's "Key for server apps" API Key, as I understand this is the correct one for my use case as my application is directly trying to talk to the Prediction API

For some reason, this doesn't work. I've taken this code directly from this page and adapted it to my needs: https://developers.google.com/prediction/docs/developer-guide#predictionfromappengine

As a matter of fact, if I copy and paste that same code, I still get an Invalid Credentials error.

Any suggestions?

Michael Gradek
  • 2,628
  • 3
  • 29
  • 35

1 Answers1

2

A few things to check:

  1. For version 1.6 of Prediction API you no longer need to specify the developerKey (so I would suggest not doing so), AppAssertionCredentials is enough.

  2. AppAssertionCredentials will not work in the local dev_appserver.py environment, make sure you deploy to <your app name>.appspot.com to use - or look at using a SignedJwtAssertionCredentials as a substitute when testing locally.

  3. Make sure that the service account associated with the App Engine app is added to the "Team" in the API Console for the project that has Prediction API enabled.

aeijdenberg
  • 2,427
  • 1
  • 16
  • 13
  • Thanks! I had no idea it didn't work on the dev_appserver. All the documentation I read didn't mention it. I may have missed it, but if not, I would suggest to mention that in your documentation :) In addition, the SignedJwtAssertionCredentials import does not work. I've read in some Google Discussion group that this is a known issue. This basically means (to my knowledge) that I can't host the app locally. This is a bummer, as we not always want to deploy apps simply because there is no need to (internal use cases), and makes maintenance slighly harder. Improvement for future, maybe? Thanks – Michael Gradek Jun 30 '13 at 16:04
  • The SignedJwtAssertionCredentials *can* be made to work under dev_appserver.py, but it currently requires a few extra steps: (1) Convert the p12 file to a .pem file: openssl pkcs12 -in xxxxx-privatekey.p12 -nodes -nocerts | openssl rsa > out.pem (2) Make sure lib pycrypto in enabled in app.yaml: https://developers.google.com/appengine/docs/python/tools/libraries27 (3) Make sure pycrypto is installed. (4) Make sure you are using version 1.1 of the Google Python API Client libraries. – aeijdenberg Jun 30 '13 at 21:48
  • @aeijdenberg can you elaborate on this? I installed pycrypto 2.6, put the library in app.yaml, but how should I change the code? I keep getting the same error importing SignedJwtAssertionCredentials.. – luca Jul 19 '13 at 09:14
  • 1
    I was able to get this to work by explicitly requesting "version: 2.6" in my app.yaml. It didn't work when I requested "version: latest". Could you see if that helps? – aeijdenberg Jul 19 '13 at 20:44