When calling Google Admin Directory API to write recovery email, I get response status code 400 BAD REQUEST

Question

Here is my code:

Here is the response:

2020/09/14 12:19:51.425: INFO Results for adding ppsEmailAddress as recovery email: {data=[object Object], finalURL=https://www.googleapis.com/admin/directory/v1/users/ttestaccount@pps.net, headers={Alt-Svc=h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43", Content-Length=357, Content-Type=application/json; charset=UTF-8, Date=Mon, 14 Sep 2020 19:19:51 GMT, Server=ESF, Vary=[Origin, X-Origin, Referer], X-Content-Type-Options=nosniff, X-Frame-Options=SAMEORIGIN, X-XSS-Protection=0}, initialURL=https://www.googleapis.com/admin/directory/v1/users/ttestaccount@pps.net, statusCode=400.0, statusReason=Bad Request}

Full code:

Trying to follow the Google API reference here, though something wrong with my syntax: https://developers.google.com/admin-sdk/directory/v1/reference/users#resource

Your code has an extra `"` - it reads `,""recoveryEmail:"` when it should be `,"recoveryEmail:"` - Is that the issue? — iansedano, Sep 11 '20 at 11:20
@iansedano That extra quote looks to be only in my StackOverflow post somehow. If you look at the screen capture you can see the exact code since it is a screen capture. The reason there was a typo only in StackOverflow is that platform I am required to use, I cannot copy and paste code to outside places. I know that may sound a bit crazy, but unfortunately that is a real limitation of this platform I am locked into. — joshgoldeneagle, Sep 11 '20 at 17:15
In your response, the `finalURL` endpoint has as its email "ttestaccount@pps.net@pps.net", is that it? I have checked the endpoint with your arguments (with a test account) and it works for me so it must be something to do with how the request is being constructed. Maybe you could share the code behind callGoogleAPI()? Or give more details about the platform you are using to make the request. You can also test your specific request using: https://developers.google.com/oauthplayground/ — iansedano, Sep 14 '20 at 07:30
@iansedano I will post the full code here as per your suggestion. I have updated the code so that the finalURL has a properly formatted email. — joshgoldeneagle, Sep 14 '20 at 19:24
There are many things missing in your question. You need to provide the code for `callGoogleAPI` or provide the details on complete http request sent to the server. From what I can see the google API expects a JSON. I don't see JSON in your request data. Probably the data should be `"{receoveryEmail":+alternateEmail+"}"}` instead of `"receoveryEmail":+alternateEmail` as passed by you. — manishg, Sep 15 '20 at 01:40
@joshgoldeneagle - thanks, but would need to see the actual function `callGoogleAPI`, not just code that uses it. Can you also clarify what language you are using? — iansedano, Sep 15 '20 at 08:59
@manishg What is wrong with this? "{recoveryEmail:"+alternateEmail+"}" — joshgoldeneagle, Sep 15 '20 at 16:16
java.lang.IllegalArgumentException: Error compiling action set 'writeRecoveryEmailToGoogle': Invalid expression '"{recoveryEmail:"alternateEmail"}"' for property 'callGoogleAPI.data' missing ) in parenthetical "{recoveryEmail:"alternateEmail"}" — joshgoldeneagle, Sep 15 '20 at 16:17
@iansecodo I am using {recoveryEmail: "ttestaccount@pps.net"} for the data field and I am now getting statusCode=403.0, statusReason=Forbidden}. At least that's a different error message. — joshgoldeneagle, Sep 17 '20 at 16:56

score 0 · Accepted Answer · answered Sep 15 '20 at 09:08

0

I made a similar request using the Google OAuth Playground

This was the format of my request:

PATCH /admin/directory/v1/users/youremail@joshgoldeneagle.com HTTP/1.1
Host: www.googleapis.com
Content-length: 45
Content-type: application/json
Authorization: Bearer {REPLACE WITH ACCESS TOKEN}
{
recoveryEmail: "yourPatchEmail@joshgoldeneagle.com"
}

Ensure that callGoogleAPI() makes a request in this format.

References: https://developers.google.com/admin-sdk/directory/v1/reference/users/patch

answered Sep 15 '20 at 09:08

iansedano

6,169
2
12
24

Hmmm what is wrong with this: "{recoveryEmail:"+alternateEmail+"}" – joshgoldeneagle Sep 15 '20 at 16:16
java.lang.IllegalArgumentException: Error compiling action set 'writeRecoveryEmailToGoogle': Invalid expression '"{recoveryEmail:"alternateEmail"}"' for property 'callGoogleAPI.data' missing ) in parenthetical "{recoveryEmail:"alternateEmail"}" – joshgoldeneagle Sep 15 '20 at 16:16
maybe you don't need the speech marks around the object? i.e. not `"{recoveryEmail:"+alternateEmail+"}"` but just `{recoveryEmail:"+alternateEmail+"}`? – iansedano Sep 15 '20 at 17:12
Also, you can try putting the key in speech brackets too `{"recoveryEmail":"+alternateEmail+"}` depending on your platform it might be needed - lmk how you get on – iansedano Sep 15 '20 at 17:25
1

I've cleaned up my nested if statements to fix the spaghetti code. Now I just have a single call to Google API. I hard coded the email addresses I am submitting to Google API as well to simplify testing. 1. What is required in the headers field though? 2. For data field I now have "{recoveryEmail:ttestaccount@pps.net}" I also tried for the data field your suggestions, as well as: "recoveryEmail:ttestaccount@pps.net" and {"recoveryEmail:ttestaccount@pps.net"} Still getting response statusCode=400.0, statusReason=Bad Request – joshgoldeneagle Sep 17 '20 at 16:31
@iansedono I think my headers field can be set to null based on what I am seeing in the example for callGoogleAPI here https://ri-doc-lts-html5.identitymgmt.net/en/g-suite-adapter-actions.html – joshgoldeneagle Sep 17 '20 at 16:41
@iansecodo I am using {recoveryEmail: "ttestaccount@pps.net"} for the data field and I am now getting statusCode=403.0, statusReason=Forbidden}. At least that's a different error message. – joshgoldeneagle Sep 17 '20 at 16:56
Is there any other info with that 403 code? Are any other services using the API key? It could be a quota limit thing or even a permissions issue, but at least its progress. – iansedano Sep 17 '20 at 18:42
2

Since the question I posted is for the status code 400 BAD REQUEST error, and that error is resolved, and the number of comments and changes is lengthy at this point, I am going to mark this as resolved. If I cannot figure out the 403 forbidden code after searching and reading about it, I will make a separate new post on StackOverFlow at that time. Thank you Ian. – joshgoldeneagle Sep 18 '20 at 15:57

When calling Google Admin Directory API to write recovery email, I get response status code 400 BAD REQUEST

1 Answers1