Google 经销商 API 收到 GoogleJsonResponseException:403 禁止访问
Google Reseller API getting GoogleJsonResponseException: 403 Forbidden
我正在开发一个使用 Google 应用经销商 API (Found here) 的项目。
我 运行 进入 403 禁止异常。
代码(大部分来自 Google Codelab 示例 Here:
try {
try {
Reseller service = GoogleResellerApiUtil.getResellerService();
Customer customerRecord = service.customers().get("acme.com").execute(); //crashes here
// "acme.com" is also used in the example from Google
System.out.println(customerRecord.toString());
} catch (GoogleJsonResponseException e) {
e.printStackTrace();
}
这是我用来连接 API 的 class。
我提供了一个 p12 文件,它使用服务帐户,在调用 API 时它冒充了超级管理员之一,因此应该允许它进行所有调用。
目前我只使用只读范围。
public class GoogleResellerApiUtil {
/** HTTP_TRANSPORT */
private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
/** JSON Factory*/
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
/** Service Account Email */
public static final String SERVICE_ACCOUNT_EMAIL = "****@appspot.gserviceaccount.com";
/** P12 File Location */
public static final String PRIVATE_KEY_FILE = "WEB-INF/key.p12";
/** Reseller Admin Account to impersonate */
public static final String RESELLER_ADMIN = "**.**@**.com";
/** Scopes */
public static final List<String> SCOPES = Arrays.asList(ResellerScopes.APPS_ORDER_READONLY);
/** Application name. */
private static final String APPLICATION_NAME = "**-subscription-portal";
/** Logger */
private final static Logger LOGGER =
Logger.getLogger(GoogleResellerApiUtil.class.getName());
public static GoogleCredential getCredentials() throws IOException {
GoogleCredential credentials = null;
try {
credentials = new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(SCOPES)
.setServiceAccountUser(RESELLER_ADMIN)
.setServiceAccountPrivateKeyFromP12File(new File(PRIVATE_KEY_FILE))
.build();
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
System.out.println("credential has been build, returning credential "); //this gets printed, so I think the credentials are valid?
return credentials;
}
/**
* Build and return an authorized Reseller client service.
* @return an authorized Reseller client service
* @throws IOException
*/
public static Reseller getResellerService() throws Exception {
Credential credential = getCredentials();
return new Reseller.Builder(
HTTP_TRANSPORT, JSON_FACTORY, credential)
.setApplicationName(APPLICATION_NAME)
.build();
}
}
但是我在拨打电话时收到以下错误消息:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 OK
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Forbidden",
"reason" : "forbidden"
} ],
"message" : "Forbidden"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
etc. etc. etc.
在 Reseller API: Manage Subscriptions 中指出
Note: If the customerAuthToken is not valid or has expired, the API response returns a 403 "Forbidden" error.
要解决此问题,请确保请求必须由有权访问数据的经过身份验证的用户授权。正如 Reseller API: Authorizing
中所述
Note: The user granting permission for the Reseller API must be a domain super administrator.
除此之外,Token expiration 中还建议您编写代码以预测授予的令牌可能不再有效的可能性。由于以下原因之一,令牌可能会停止工作:
- 用户已撤消访问权限。
- 令牌已六个月未使用。
- 用户更改了密码并且令牌包含 Gmail 范围。
- 用户帐户已超过一定数量的令牌请求。
希望对您有所帮助!
我正在开发一个使用 Google 应用经销商 API (Found here) 的项目。
我 运行 进入 403 禁止异常。
代码(大部分来自 Google Codelab 示例 Here:
try {
try {
Reseller service = GoogleResellerApiUtil.getResellerService();
Customer customerRecord = service.customers().get("acme.com").execute(); //crashes here
// "acme.com" is also used in the example from Google
System.out.println(customerRecord.toString());
} catch (GoogleJsonResponseException e) {
e.printStackTrace();
}
这是我用来连接 API 的 class。 我提供了一个 p12 文件,它使用服务帐户,在调用 API 时它冒充了超级管理员之一,因此应该允许它进行所有调用。
目前我只使用只读范围。
public class GoogleResellerApiUtil {
/** HTTP_TRANSPORT */
private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
/** JSON Factory*/
private static final JsonFactory JSON_FACTORY = new JacksonFactory();
/** Service Account Email */
public static final String SERVICE_ACCOUNT_EMAIL = "****@appspot.gserviceaccount.com";
/** P12 File Location */
public static final String PRIVATE_KEY_FILE = "WEB-INF/key.p12";
/** Reseller Admin Account to impersonate */
public static final String RESELLER_ADMIN = "**.**@**.com";
/** Scopes */
public static final List<String> SCOPES = Arrays.asList(ResellerScopes.APPS_ORDER_READONLY);
/** Application name. */
private static final String APPLICATION_NAME = "**-subscription-portal";
/** Logger */
private final static Logger LOGGER =
Logger.getLogger(GoogleResellerApiUtil.class.getName());
public static GoogleCredential getCredentials() throws IOException {
GoogleCredential credentials = null;
try {
credentials = new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(SCOPES)
.setServiceAccountUser(RESELLER_ADMIN)
.setServiceAccountPrivateKeyFromP12File(new File(PRIVATE_KEY_FILE))
.build();
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
System.out.println("credential has been build, returning credential "); //this gets printed, so I think the credentials are valid?
return credentials;
}
/**
* Build and return an authorized Reseller client service.
* @return an authorized Reseller client service
* @throws IOException
*/
public static Reseller getResellerService() throws Exception {
Credential credential = getCredentials();
return new Reseller.Builder(
HTTP_TRANSPORT, JSON_FACTORY, credential)
.setApplicationName(APPLICATION_NAME)
.build();
}
}
但是我在拨打电话时收到以下错误消息:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 OK
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Forbidden",
"reason" : "forbidden"
} ],
"message" : "Forbidden"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
etc. etc. etc.
在 Reseller API: Manage Subscriptions 中指出
Note: If the customerAuthToken is not valid or has expired, the API response returns a 403 "Forbidden" error.
要解决此问题,请确保请求必须由有权访问数据的经过身份验证的用户授权。正如 Reseller API: Authorizing
中所述Note: The user granting permission for the Reseller API must be a domain super administrator.
除此之外,Token expiration 中还建议您编写代码以预测授予的令牌可能不再有效的可能性。由于以下原因之一,令牌可能会停止工作:
- 用户已撤消访问权限。
- 令牌已六个月未使用。
- 用户更改了密码并且令牌包含 Gmail 范围。
- 用户帐户已超过一定数量的令牌请求。
希望对您有所帮助!