I created Apps script and deployed it as an API Executable with the follow settings:
Web App Execute as: ME Who has Access: Anyone within the domain API Executable Who has Access: Anyone within the domain
Once deployed, I get 2 URLs, one for the Web App and one for API Executable. The test function in that API Executable is:
function saveObservation(bookId, name)
{
console.log (bookId + ":" + name);
//var book = SpreadsheetApp.openById(bookId).getSheetByName(name);
}
In another Apps Script I have a code which invokes the API Executable URL
var token = ScriptApp.getOAuthToken();
var options = {
"method": "POST",
"headers": { "Authorization": "Bearer " + token },
"contentType": "application/json",
"payload": JSON.stringify({
"function": "saveObservation",
"parameters": [bookId,sheetName],
"devMode": "true"
}),
"muteHttpExceptions": true
}
var rest = UrlFetchApp.fetch("https://script.googleapis.com/v1/scripts/ApiExecuteID:run", options)
console.log("rest " + rest)
If I execute this code as myself, everything works fine. When I then share the spreadsheet and some one else executes the code, the script fails and in the logs I see
rest {
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
If I invoke the Web app URL as opposed to the API Executable URL, it works fine.
The code is not that clean though since I have to maintain the doPost() function to then call the desired function.
So what am I missing in order so that the API Executable can be called by domain user?
