I have Google Apps Script-based software deployed to multiple users via Google Cloud Platform. Most of it works via triggers running every x minutes. However, currently there is one script that runs by being called through Apps Script API.
I made some changes yesterday. See this Stack Overflow question that I was able to answer: Google Apps Script API Authorizations for DriveApp.getFileById. (This is for a second script being called via API, but hasn't been deployed yet much.)
This may have "broken' the ability for just two recently onboarded users (the last two onboarded several days ago) to call the script through Apps Script API. The other users are fine. I have compared everything on the client side for all users, and all users seem to be the exact same.
Here is the code on the client side (in runOnEdit) that calls the Apps Script API:
var token = ScriptApp.getOAuthToken();
var header = {
"Content-Type": "application/json",
"Authorization": "Bearer " + token,
};
var parms = [id];
var data = {
"function": "checkSheet",
"parameters": parms,
"devMode": false,
}
var options = {
"method":"POST",
"headers": header,
"muteHttpExceptions": true,
"payload": JSON.stringify(data)
};
var response = UrlFetchApp.fetch(url, options);
For the manifest / appsscript.json file, I have:
{
"timeZone": "America/New_York",
"dependencies": {
},
"webapp": {
"access": "MYSELF",
"executeAs": "USER_DEPLOYING"
},
"exceptionLogging": "STACKDRIVER",
"runtimeVersion": "V8",
"oauthScopes": [
"https://www.googleapis.com/auth/drive",
"https://www.googleapis.com/auth/script.external_request"
]
}
The oauthScopes section was just added yesterday for all users (one's working & one's not) - the answer to my Stack Overflow question referenced above. I have also played with adding a number of different oauthScopes for the two users that are affected, but it hasn't helped.
For all users where this is still working, on their client side (where the code just above is located), there are NO Enabled APIs in their GCP Project. See this image: [![enter image description here][1]][1]
Their OAuth consent screens are just the default - Type: Public, default scopes, etc.
However, this morning for the 2 users that aren't working, when the above code runs and calls the Apps Script API script, the response was:
response = {
"error": {
"code": 403,
"message": "Apps Script API has not been used in project 746982115040 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/script.googleapis.com/overview?project=746982115040 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developers console API activation",
"url": "https://console.developers.google.com/apis/api/script.googleapis.com/overview?project=746982115040"
}
]
},
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "SERVICE_DISABLED",
"domain": "googleapis.com",
"metadata": {
"consumer": "projects/746982115040",
"service": "script.googleapis.com"
}
}
]
}
}
However, that is no different than the users that are working - they don't have the Apps Script API enabled.
So, I enabled the Apps Script API for one of the two users that this was happening to. Now, after doing that, I get the following message:
response = {
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
Any help is greatly appreciated! Thank you!
First, I have to say that learning GCP and all of the authorizations around it is difficult. There are so many things that could be the reason for this type of problem.
In my case, it ended up being that the "client's" app script project was still an "Apps Script-managed Cloud Platform project" instead of the regular GCP project that the API is associated with.
To fix, inside of the Google Apps Script code editor for the script that is making the API call, go to menu / Resources / Cloud Platform project.
Find the GCP project number you want to associate this with - In my case it is the "server's" project number, from which I have deployed the API.
Click on the "Set Project" button.
Now my API call works!