Menu
I want to set up a push notification watch but I receive an error response. What authorization I need?
Request:
// Google API
$client = getClient();
// POST request
$ch = curl_init('https://www.googleapis.com/gmail/v1/users/me/watch');
curl_setopt_array($ch, array(
CURLOPT_POST => TRUE,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_HTTPHEADER => array(
'Authorization: Bearer ' . $client->getAccessToken()['access_token'],
'Content-Type: application/json'
),
CURLOPT_POSTFIELDS => json_encode(array(
'topicName' => 'projects/xxxx/topics/xxxx',
'labelIds' => ["INBOX"]
))
));
Response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
],
"code": 403,
"message": "Error sending test message to Cloud PubSub projects/xxxx/topics/xxxx : User not authorized to perform this action."
}
}
More details:
GMAIL_READONLY. 
217
Here are some notes come from google's documentation Troubleshooting 403 (Forbidden) error : Make sure you've enabled the Google Cloud Pub/Sub API in the Cloud Platform Console. communication. resource. See Google Cloud Dataflow Security and Permissions for more information.
HTTP Error Response code: 403 Forbidden HTTP Error Response body: Error: Forbidden Your client does not have permission to get URL /<FUNCTION_NAME> from this server. Allow public (unauthenticated) access to all users for the specific function.
If the role assigned to the service account is changed and the appropriate permissions are not otherwise granted, the Cloud Functions service cannot access Cloud Pub/Sub and the deployment fails. Reset this service account to the default role. Grant the pubsub.subscriptions.* and pubsub.topics.* permissions to your service account manually.
In view of subscription and topic you can click "permission" -> "add principal", paste long e-mail from your json with service account and select permissions described in Following the answer by Daniel, I tried to give my self Pub/Sub Editor role Pub/Sub Publisher role but it did not work, what worked for me is Pub/Sub Admin
From the page: https://developers.google.com/gmail/api/guides/push#grant_publish_rights_on_your_topic
Cloud Pub/Sub requires that you grant Gmail privileges to publish notifications to your topic.
To do this, you need to grant publish privileges to serviceAccount:[email protected]. You can do this using the Cloud Pub/Sub Developer Console permissions interface following the resource-level access control instructions.
(emphasis added)
103
You have to grant permission to topics. Go to your topics list Or click on the below link https://console.cloud.google.com/cloudpubsub/topic.
Then click on your topic
Then in right side permission tab, click on the ADD MEMBER button
Then enter the new member email or If your App have multiple user then you can enter allUsers. Then Select the role Pub/Sub Publisher and click on the Save button.
Note: This will make your topic public.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
