0

I am trying to use the google-api-nodejs library to manage some resources in the google Campaign Manager API.

I have confirmed that we currently have a GCP project configured, and that this project has the google Campaign Manager API enabled (screenshot at the bottom).

I have tried several ways of authenticating myself (particularly API keys, OAuth2, and Service account credentials). This question will focus on using an API key though, as theoretically it is the simplest (and I will raise a separate question for the issues I am facing using Service account credentials).

Now, I have generated an API key and I have restricted it to have access to the Campaign Manager API (this is visible in the screenshots below). I configured my code following the using-api-key section of the library's repo (https://github.com/googleapis/google-api-nodejs-client/#using-api-keys):

import { assert } from "chai";
import { google } from "googleapis";

it("can query userProfiles using API Key", async () => {
  try {
    const api_key = "AIza ****";

    const df = google.dfareporting({
      version: "v3.5",
      auth: api_key,
    });

    const res = await df.userProfiles.list({}); // error thrown on this line
    console.log("res: ", res);

    assert(true);
  } catch (e) {
    console.error("error: ", e);
    assert(false);
  }
});

Unfortunately, this code results in an error with the message Login required:

{
  "code": 401,
  "errors": [
    {
      "message": "Login Required.",
      "domain": "global",
      "reason": "required",
      "location": "Authorization",
      "locationType": "header"
    }
  ]
}

It is worth noting that:

  • While the API key seems to be correctly configured (that is, it matches what is visible in the Google API), changing the value of the API key in our code does not change the result - the error is still exactly the same

  • Moreover, changing the auth attribute from google.dfareporting to userProfiles.list results in the same error.

    const df = google.dfareporting({
  version: "v3.5",
});

const res = await df.userProfiles.list({
  auth: api_key, // error thrown on this line
});

Campaign Manager API is enabled API key is enabled and has access to Campaign Manager

Improve this question

1 Answer 1

Reset to default
3

If you check the documentation for userProfiles.list

You will find it states

enter image description here

This means in order to access this method you need to be authorized by a user using oauth2 with one of those scopes.

Api keys will only give you access to public data not private user data.

you sould check the Google api node.js client for information on authorization with this library.

const {google} = require('googleapis');

const oauth2Client = new google.auth.OAuth2(
  YOUR_CLIENT_ID,
  YOUR_CLIENT_SECRET,
  YOUR_REDIRECT_URL
);

// generate a url that asks permissions access 

const scopes = ['https://www.googleapis.com/auth/dfareporting'
];

const url = oauth2Client.generateAuthUrl({
  // 'online' (default) or 'offline' (gets refresh_token)
  access_type: 'offline',

  // If you only need one scope you can pass it as a string
  scope: scopes
});
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

So @DalmTo, does that mean that whenever the docs say that an endpoint requires "OAuth scopes", you always need to authenticate using OAuth, and that other authentication methods (particularly "service-account-credentials") will always result in an error? (And thank you for your reply!)
There are a couple of methods in the YouTube api that can be public but if you want any extra info like stats you need authorization for. However for the most part if it says you need authorization you need authorization.
if you want to use service accounts make sure you have delegation set up properly developers.google.com/doubleclick-advertisers/service_accounts

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.