Google Marketplace license api suddenly does not work

Question

Since approx 5:30 UTC we are receiving only this response for this api call

https://www.googleapis.com/appsmarket/v2/customerLicense/{appId}/{customer}

{"error":{"errors":[{"domain":"global","reason":"forbidden","message":"Not authorized to access the application ID"}],"code":403,"message":"Not authorized to access the application ID"}}

but there has not been any previous development or changes on our side and this affects all of our marketplace applications.

Any ideas what is going on and how to fix/workaround this issue?

Answer 1

This issue should now be fixed by Google.

If you are still experiencing 403 Forbidden on marketplace API calls make sure you are following these guidelines

Access to these APIs is restricted: only project members of the Developer Console project associated with your application may use the API. Specifically, these project members must be in Can Edit or Is Owner roles. You may also access UserLicense and CustomerLicense as the logged in user to your app. Refer to https://cloud.google.com/compute/docs/access/add-remove-change-permissions-for-team-members to learn how to add members to your project.

For example by doing the API requests using a service account in the Google Cloud Platform Project for you application without using any impersonation/delegation.

Answer 2

What worked for me was using a Service Account with Basic Editor role. Any other less privileged role does not work so it has to be at least Editor or Owner. Then, I had to follow the @A. R. Younce answer:

On the Details tab for the service account, expand the Advanced settings section and click the Create Google Workspace Marketplace-compatible OAuth Client button.

It didn't work right away. I had to wait 20 minutes for this change to propagate.

This is a sample Python Script to test:

import os
from google.oauth2 import service_account
from googleapiclient.discovery import build

# Set the path to your service account key file
KEY_FILE_PATH = 'path/to/service-account.json'

# Set the scopes required for the API
SCOPES = ['https://www.googleapis.com/auth/appsmarketplace.license']

def create_service():
    credentials = service_account.Credentials.from_service_account_file(KEY_FILE_PATH, scopes=SCOPES)
    service = build('appsmarket', 'v2', credentials=credentials, static_discovery=False)
    return service

def list_license_notifications():
    service = create_service()

    # Set your application ID
    application_id = '<application-id>'

    # Set the maximum number of results to retrieve (optional)
    max_results = 100

    # Make the API request
    response = service.licenseNotification().list(
        applicationId=application_id, max_results=max_results
    ).execute()

    # Print the license notifications
    notifications = response.get('notifications', [])
    if notifications:
        for notification in notifications:
            print(notification)
    else:
        print('No license notifications found.')

if __name__ == '__main__':
    list_license_notifications()

The Application ID is found at the Google Workspace Marketplace SDK page at the APP CONFIGURATION tab

Answer 3

As the documentation for this has changed since the question (and answer) was posted I'm adding an addendum answer.

When accessing the Workspace Marketplace API via a service account it must be configured with a "Google Workspace Marketplace-Compatible OAuth Client".

On the Details tab for the given service account expand the Advanced settings section and click the Create Google Workspace Marketplace-compatible OAuth Client button.