0

I'm trying to consume Google's Workspace APIs, but I'm having extreme difficulty with the documentation to create my first code, following the first steps I did the following

  1. I created a project within Google Cloud

  2. I enabled the Admin SDK API

  3. I created a service account

  4. I created a key in Json format

  5. in the Workspace dashboard under delegation across domain I added the unique id and the following scope

    [ 'https://www.googleapis.com/auth/apps.order', 'https://www.googleapis.com/auth/siteverification', 'https://www.googleapis.com/auth/directory.readonly', 'https://www.googleapis.com/auth/admin.directory.user', 'https://www.googleapis.com/auth/admin.reports.usage.readonly', 'https://www.googleapis.com/auth/admin.reports.audit.readonly', 'https://www.googleapis.com/auth/gmail.send' ] I would like to use the document from the link https://developers.google.com/admin-sdk/reports/reference/rest to consult the activities of a specific user but I can't find an example code to consume this API using these credentials in Python , I'm new in this area and would like some help.

Generate a token and when I tried to use an api it didn't work and it was unauthorized, below is the code I used

    import requests
url = "https://admin.googleapis.com/admin/reports/v1/activity/users/usuario@exemplo.com/applications/calendar"
payload = ""
headers = {"Authorization": "Bearer xptoz_exemple_test=PHQbcdddx3xxxxxxxxxxxxddddddddd"}
response = requests.request("GET", url, data=payload, headers=headers)
print(response.text)
Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Rodrigo Martins
  • 13
  • 4
  • Please tell me you didn't just post your actual Google API key for the whole world to see. – Tim Roberts Apr 16 '22 at 22:18
  • It was a fictitious key, I tried to make it more similar to ream but anyway I changed it to make it more evident that it is a fictitious key – Rodrigo Martins Apr 17 '22 at 23:06
  • @TimRoberts Do you think you can help me? – Rodrigo Martins Apr 17 '22 at 23:07
  • Authorization tokens are only temporary. The expire rather quickly. Do you have OAuth2 code to login and fetch a current token? – Tim Roberts Apr 18 '22 at 01:35
  • I don't, is there any documentation I can follow to achieve this? Or could you give me an example? – Rodrigo Martins Apr 18 '22 at 16:37
  • It's a large topic. Google has lots of documentation, but because their API is so vast, it can be tricky. Here's a start: https://github.com/googleapis/google-api-python-client/blob/main/docs/oauth.md – Tim Roberts Apr 18 '22 at 17:12
  • 1
    You should consider using the Google api python client library you have your question tagged with that but your code shows you are not using it. Please edit your question and include the full error message. Without seeing your auth code its hard to help but check [Deligatin](https://developers.google.com/admin-sdk/directory/v1/guides/delegation) Sounds like you have not properly set it up. Or your not delegating to a user when you run the auth code. – Linda Lawton - DaImTo Apr 25 '22 at 06:24

1 Answers1

0

You are getting unauthorized because the service account doesn't have permission to do what ever it is you are trying to do. To get permission you need to be using the proper scope, and the service account needs to not only have permission to use this scope but it must have delegated to a user on the domain that has access to the data.

First you need to be sure that your authorization code is delegating to a user on your domain.

#!/usr/bin/python

from oauth2client.service_account import ServiceAccountCredentials
from httplib2 import Http
from apiclient.discovery import build


scopes = [            'https://www.googleapis.com/auth/admin.reports.usage.readonly'        ]

credentials = ServiceAccountCredentials.from_json_keyfile_name('/path/to/my/key.json', scopes)
delegated_credentials = credentials.create_delegated('me@mydomain.com')

http_auth = credentials.authorize(Http())

service = build('admin', 'directory_v1', credentials=creds)

Then you should consider having a look at Python quickstart the auth in this is set up to use an installed app. However the rest of the code should show you how to use the Client library rather then sending all the requests manually like you are now.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • 1
    Your answer was fundamental to my success, I managed to make the following code, to consume the google APIs, thank you very much for the help. [with the support of this other topic here it also helped a lot](https://gist.github.com/lewisrodgers/fa766ebd37c1397d3a014eb73805edd1) – Rodrigo Martins Apr 29 '22 at 00:17