Permissions denied when using offline access for google SA360 API in google script

Question

I am trying to use the doubleclick-search (SearchAds360) api in Google Script.

I have generated a refresh token using another application, and have a workflow that exchanges the refresh token for an access token in google script with no issue.

When I try to use the access token as an Authorization header to request a report, the response I get is this:

"domain": "global",
"reason": "conditionNotMet",
"message": "Permission denied: the DoubleClick Search user does not have read access to the report scope.",
"locationType": "header",
"location": "If-Match"

If I log the access token and then put it back into my application that I used to obtain the refresh token, I can use it with no issues to request a report, but Google Script refuses to work.

I have added the auth scopes manually to the GS manifest file which now reads:

4 OAuth Scopes required by the script:

https://www.googleapis.com/auth/doubleclicksearch
https://www.googleapis.com/auth/script.external_request
https://www.googleapis.com/auth/spreadsheets.readonly
https://www.googleapis.com/auth/userinfo.email

code that I use - may be incomplete

var report_cook_url = "https://www.googleapis.com/doubleclicksearch/v2/reports?fields=id,isReportReady,files"
var tokenUrl = 'https://accounts.google.com/o/oauth2/token';
function getAccessToken(){
  var headers = {'host':'www.googleapis.com'};
  var payload = {'client_id':client_id,
                 'client_secret': client_secret,
                 'refresh_token': refresh_token,
                 'grant_type':'refresh_token',
                 'scope':'https://www.googleapis.com/auth/doubleclicksearch https://www.googleapis.com/auth/userinfo.email openid'
                };
  var params = {
                'method':'post',
                'payload':payload
               };
  return UrlFetchApp.fetch(tokenUrl, params);
}


function bulkCookReport(){
  var token_response  =  getAccessToken();
  if(token_response.getResponseCode() != 200){
    return;
  }
  var access_token = JSON.parse(token_response.getContentText()).access_token;
  var headers = {"Authorization": 'Bearer '+ access_token,
                 "Content-Type": 'application/json'};
  Logger.log(access_token);

  var requests = [];
  //var reports = reports_to_run();
  //var report_names = Object.keys(reports);
  var aReport, aRequest

    aRequest = newRequestObj();
    aRequest.headers = {};
    aRequest.headers.Authorization = "Bearer "+ access_token;
    aRequest.payload = JSON.stringify(aReport);
    requests.push(aRequest);


  //var report_ids = UrlFetchApp.fetchAll(requests);
  var response = UrlFetchApp.fetch(report_cook_url, aRequest);
  //Logger.log(report_ids[0].getContentText());
  Logger.log(response.getContentText());
  //Logger.log(response);
}

function newRequestObj(){
  return {'url': report_cook_url,
          'method':'post',
          'muteHttpExceptions':true,
          'contentType':'application/json'
         }
}

The end point should include a specific reportid. `https://www.googleapis.com/doubleclicksearch/v2/reports` **/reportId** `?fields=id,isReportReady,files"` What's in `aReport`? — TheMaster, May 02 '19 at 14:12
I am using this API POST verb https://developers.google.com/search-ads/v2/reference/reports/request and it doesn't require the report ID. I use the same procedure in VBA and it works fine. It seems to be endpoint related, because If I use a smaller report with /generate then I don't have this issue. aReport is the report object as defined here https://developers.google.com/search-ads/v2/reference/reports — Sergei Trunov, May 02 '19 at 15:26

score 0 · Answer 1 · answered May 02 '19 at 16:08

0

The issue was unrelated to the error.

Fixed by changing agency and advertiser ids to strings.

answered May 02 '19 at 16:08

Sergei Trunov

165
9

Permissions denied when using offline access for google SA360 API in google script

1 Answers1