Using Postman to access Google Indexing APIs

2k views Asked by At

I would like to test Google Indexing API with Postman. I have already configured the api correctly on https://console.cloud.google.com/ for using it on a wordpress site with the plugin Instant indexing and everything works ok. Now I simply want to do a POST call with Postman, in particular I did not found anything clear about the type of authentication (Oauth 2) to use for the call.

{
    "error": {
        "code": 401,
        "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
        "status": "UNAUTHENTICATED",
        "details": [
            {
                "@type": "type.googleapis.com/google.rpc.ErrorInfo",
                "reason": "CREDENTIALS_MISSING",
                "domain": "googleapis.com",
                "metadata": {
                    "method": "google.indexing.v3.UrlService.PublishUrlNotification",
                    "service": "indexing.googleapis.com"
                }
            }
        ]
    }
}

Anyone can provide me an example? Thank you.

2

There are 2 answers

0
hhh On BEST ANSWER

For anyone interested I managed to make it work by following these steps:

1
Edo Akse On

As stated in the comments, Google API's normally use OAuth2. Some exceptions might use an API key, but even then most of those still limit the data you can access with an API key versus what you can access using OAuth2

This particular API does indeed use OAuth2 as per the docs. This means you need an access token (as the error message states), so you will need to generate one.


Easiest would be to use a library for one of the many programming languages, as per the docs here.

I'll give a simple example in python as that is my preferred language. The following code uses the google-auth library (docs). It's the base library to deal with credential objects. You will need to download the JSON representation for the service account you created. See the relevant docs. Note that you should handle this file as if it were a password, same as with the access token itself, although the access token has a default lifetime of 3600 seconds, AKA 1h.

If you get an error message that the token is expired, create a new one. Read up on refresh tokens for that, but that's beyond the scope of this question.

Code was tested on a virtualenv for python 3.10

requirements.txt

google-auth
requests

main.py

from google.oauth2 import service_account
import google.auth.transport.requests


# create credentials object
creds= service_account.Credentials.from_service_account_file("/path/to/serviceaccount.json")
# we need a scoped credentials object as per 
# https://developers.google.com/search/apis/indexing-api/v3/prereqs#requirements
scoped_creds = creds.with_scopes(['https://www.googleapis.com/auth/indexing'])

# create a request object for the refresh method
request = google.auth.transport.requests.Request()

# make the library do it's magic and get a token
scoped_creds.refresh(request)
print(scoped_creds.token)

This will print out an access token. (if it prints with dots (....) at the end, remove them.


Another easy option would be to (ab)use the gcloud command line tool. There's a couple of steps to this to get to work. You can use the cloud shell as an easy way to do this.

  1. Download or copy the serviceaccount JSON file I mentioned above.
  2. Activate the serviceaccount in gcloud using:
    gcloud auth activate-service-account [email protected] --key-file=/path/key.json
  3. Print the access token with this command: gcloud auth print-access-token

The hard and masochistic way would be to use something like CURL or HTTPS requests manually to generate the token. Feel free to do so, but I'm just going to point you to the docs for that. It's a bit of a pain in the posterior.


You can test the token as explained in this answer.

Now that you have the access token, you can use it in POSTMAN by setting it in the header for the call. See this nice answer, but basically add the following request header key/value pair, replacing TOKEN with the generated token.

  • KEY: Authorization
  • VALUE: Bearer TOKEN