I have an iOS app that accesses a google drive spreadsheet. To make upgrades to the app without modifying the original sheet, I made a copy of sheet to test the new code. I changed the share permissions on the copy to "anyone with link can edit". I can read the data in the copy, but I cannot change the sheet through the api.
I'm pretty sure the problem is has something to do with credentials and sharing permission.
Do I need a new credential to modify the new sheet? The "version 1" of the app is still in use and it uses the same credential, do I need a new credential for a "version 2" of my app.
What permissions should I use on the google drive sheet?
Any help will be appreciated.
Badly constructed query, I introduced a flaw when I reorganized a class.
Related
I have a Google App Script that receives users' spreadsheet urls and attempts to set data to their documents. This process works when I am signed in on my own gmail account and setting entries to my own spreadsheet, but it doesn't work with my other gmail account's spreadsheet url corresponding with the former's App Script.
I know that the documentation explicitly states:
Spreadsheet: Read only (can use most get*() methods, but not set*()).
Cannot open other spreadsheets (SpreadsheetApp.openById() or SpreadsheetApp.openByUrl()).
But is there some way that I'm unaware of that can potentially circumvent these rules? Can I have users give me read and write access so that I can set() data to their provided spreadsheet url? I've added the follow oauthscope to my appmanifest.json in my App Script:
"oauthScopes": ["https://www.googleapis.com/auth/spreadsheets"]
So the spreadsheet url just needs to have a sharing permission of "anyone can edit."
I am trying to use Google Spreadsheet API v4 to "add a row" in spreadsheet using an "ApiKey" directly without using an OAuth 2.0.
If I am using OAuth 2.0 its successfully "adding a row" but my requirement is to use "ApiKey"
Referred this URL: https://developers.google.com/sheets/api/guides/migration#add_a_new_row_of_data
But there is no proper document for using "APIKey ". When I tried using "Apikey" it is throwing me an error of "Unauthorized (401)".
While the documentation isn't entirely clear, it is possible to add rows to a spreadsheet without needing to go through the OAuth flow where the app has to obtain consent from a specific user.
The flow, when using a service account, is very similar to the flow when using an APIKey, except a service account can be given explicit authorization to write to the sheet.
This works because a service account is like a user, just one that is not human. The process is as follows:
Go to the Google Cloud Console and create a service account in your GCP project. (If you don't have a project, you may need to create one.)
Create a key and download it as a JSON file. The JSON file will contain a private key, a key id, an email address for the service account, and other information. Keep this in a safe place. It's sensitive data.
Next, in your spreadsheet, add the service account email address as a user with edit access.
Afterwards, you can now use the service account client_email and the private_key from the JSON file in order to create a JWT token to authorize the request. You can now write to the sheet, since the service account is an authorized editor in the sheet.
See Using OAuth 2.0 to Access Google APIs - Service Accounts for more information. Note that although the documentation makes it sound like the service account can't access user data, it can in this case since we add the service account as an editor on the sheet.
Also, see Using OAuth 2.0 for Server to Server Applications.
Now, I will say that your question states that you "require using an APIKey". Instead, I'm assuming that your requirement is that the app must be able to write to the sheet without prompting users for authentication. If that's the case, then this solves your problem, but if the question really involves using an APIKey, then the only way to do that is to make the sheet publicly writeable to all unauthenticated users.
I also don't know what programming language you're using, so I'll leave the creation of a JWT token as an exercise for the reader, and the linked documentation also describes the process in Java, Python, and as a raw HTTP/REST request. Hope this helps!
With the changes to third-party access protection for Google Sheets, calls to the Visualization API now require OAuth credentials unless Spreadsheets are shared to "anyone who has the link can view". (Google Developers Blog Post)(Google Charts Authorization)
Does this still apply to Spreadsheets that are shared to "anyone at domain with the link can view"? If so, how would I get a OAuth credential without prompting the end user for access to their Drive or Spreadsheets? Is it possible to pass a credential using a service account? We do not want to prompt every user that uses the application, since it has been authorized by a Google Apps Administrator and executes using service accounts.
Does this still apply to Spreadsheets that are shared to "anyone at domain with the link can view"?
It is stated in this documentation that:
Google Sheets requires end-user credentials to access private
spreadsheets via the Google Visualization API ("/tq requests")
but Take NOTE that:
Spreadsheets shared to "anyone who has the link can view" do not
require credentials. Changing your spreadsheet's sharing settings is
much easier than implementing authorization.
So if your spreadsheets is shared to "anyone who has the link can view", you are not affected by this update beginning September 14, 2016.
For more information, check this thread.
The "Anyone at domain with the link can view" still requires OAuth credentials, since the application is accessing non-public data. If you are using domain-wide delegation and service account impersonation, you can simply generate an access token in your backend and pass it in the requests to the /tq endpoint.
I've been reading on Google Drive's API which seems straight-forward enough, but I'd like to use it a bit differently.
Instead of a client-side application, I need to be able to batch copy files in a given directory on a server to a specific Google Drive account which I have control over. To elaborate, I'm implementing a scan-to-email feature in which a user can scan a document on our copier which is then copied to that Google Drive account.
This is done for internal users, so the accounts would be generic and there would be no reasons to change the passwords. Is this possible at all?
I would recommend you go with a service account. Think of a service account as a user, a service account will have its own drive account. You will be able to upload the files to it, and your application wont be required to login as it will have the login built into it. You will not be able to login and see the files for this account via the web interface.
In order for the users to access the files again you have a few options.
You can then set the permissions on the files to allow the different users to access the files via there google drive accounts. Google drive api permissions
you could create your own interface and use files list to list the files that are currently stored on the service account.
Heads up:
You will at some point want to know how much space the service account drive has left. use about.get
Google has a number of client libs that can make doing all of this quite easy. but you haven't said what language you are planning on doing this in.
You could rely on the insert method of the "File" resource within the API. This will allow you to create a Google Drive File with the file type based on the scanned file. Refer to this document for examples and further assistance: https://developers.google.com/drive/v2/reference/files/insert#examples
https://developers.google.com/drive/web/manage-uploads
What I want to do:
I need my ipad/iphone app to save files (image, pdf..etc) to a central google drive account
(note this app will be distributed to several clients, but all app will use same google drive account)
What I have done so far:
got hold of the google drive examples and sources
made a new test project, included the libraries required, build works fine
Problem:
All examples seem to use controlers/views to authenticate and use credentials from keychain.
In my case, I want to hardcode the email and password, do the authentication in the background and then push the files to Google Drive.
I have not found some good pointers or explanation as to how to achieve this and the sample code provided by google seems to be a whole mess..
I'm having a hard time to figure this out.
Well this seems to be quite impossible as the credentials and access token are obtained from the user always and the new Google Drive SDK does not support to what you want. And O-Auth will also not support you as its against their policy of User Data Protection.
You could try a call like this, following the same process as in the Google Example commenting out the part where the viewController is pushed to the front
[webView stringByEvaluatingJavaScriptFromString:#"document.getElementById('Email').value='ur.email#gmail.com';"];
[webView stringByEvaluatingJavaScriptFromString:#"document.getElementById('Passwd').value='urPass';"];
[webView stringByEvaluatingJavaScriptFromString:#"document.getElementById('signIn).click();"];
I glanced at the code for the google signin page and it gave these names for the text fields and for the "go" button