Google Drive API failing - Unusual traffic from your computer network

Question

The Google Drive API GET query started to fail (we are using this api in one of our client service):

https://www.googleapis.com/drive/v3/files/1ke4Yoxxxxxxxxxxxxxx?alt=media&access_token=ya29.ImG9BwT.....

We're sorry... ... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now. See Google Help for more information... "Unusual traffic from your computer network"

Everything was ok till today.

Just made a couple of tests with curl:

1. HTTP GET with access_token inside HTTP header: curl -H "Authorization: Bearer ya29._valid_access_token" https://www.googleapis.com/drive/v3/files/1r5BT2WPrulQ6FyhT8RcqV51TVOThEmhK?alt=media

Result: success, file downloaded.

2. HTTP GET with access_token as a part of HTTP request: curl https://www.googleapis.com/drive/v3/files/1r5BT2WPrulQ6FyhT8RcqV51TVOThEmhK?alt=media&access_token=ya29._valid_access_token

Result: error

    {
 "error": {
  "errors": [
   {
    "domain": "usageLimits",
    "reason": "dailyLimitExceededUnreg",
    "message": "Daily Limit for Unauthenticated Use Exceeded. Continued       use requires signup.",
    "extendedHelp": "https://code.google.com/apis/console"
   }
  ],
  "code": 403,
  "message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
 }
} 

Note that the Google API project approved by Google and has a Production state!!!

Hi Google team, any ideas why it is happening?

Thank you

Answer 1

Posting this just for documentation purposes. As per the reference provided by Tanaike, since January 1, 2020:

download calls to files.get, revisions.get and files.export endpoints which authenticate using the access token in the query parameter will no longer be supported.

Only requests that download media content (alt=media) are affected by this change.

The access token should be provided in the HTTP header, like Authorization: Bearer oauth2-token or, if that's not possible, follow the workarounds provided in the referenced documentation:

For file downloads, redirect to the webContentLink which will instruct the browser to download the content. If the application wants to display the file to the user, they can simply redirect to the alternateLink in v2 or webViewLink in v3.

For file exports, redirect to the export link in exportLinks with the desired mime type which will instruct the browser to download the content.

Reference:

• Changes in authorization to Google Drive API
• Authorization via HTTP header