Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Google Webmasters API for Java returns empty site list

I have written a simple site list query code which uses Oauth with service account based on Google's documentation. The authentication key file (.p12) being used is valid as well as the account.

The problem is that sites list method returns an empty list.

service.sites().list().execute();

Also if I explicitly try to get sitemaps of a validated site, by calling

service.sitemaps().list("my.sample.site.com").execute();

I got a 403 Forbidden - "User does not have sufficient permission for site 'sample.site.com'. See also: https://support.google.com/webmasters/answer/2451999." error from the API.

According to my debugging, the API perfectly loads the key file (.p12) and manages the access tokens etc. with no problems.

Nevertheless there might be a problem with my service account authentication.

Dependencies:

<dependency>
  <groupId>com.google.apis</groupId>
  <artifactId>google-api-services-webmasters</artifactId>
  <version>v3-rev6-1.20.0</version>
</dependency>

Sample code:

package webmastertools;

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.webmasters.Webmasters;
import com.google.api.services.webmasters.WebmastersScopes;
import com.google.api.services.webmasters.model.SitesListResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import java.io.File;
import java.util.Collections;

public class GoogleWebmastersClient {

    static Log logger = LogFactory.getLog(GoogleWebmastersClient.class);

    public static void main(String args[]) {

        try {

            HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
            JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
            String emailAddress = "[email protected]";
            String applicationName = "Sitemap Generator";

            GoogleCredential credential = new GoogleCredential.Builder()
                    .setTransport(httpTransport)
                    .setJsonFactory(jsonFactory)
                    .setServiceAccountId(emailAddress)
                    .setServiceAccountPrivateKeyFromP12File(new File("/path/to/auth.p12"))
                    .setServiceAccountScopes(Collections.singletonList(WebmastersScopes.WEBMASTERS))
                    .build();

            Webmasters service = new Webmasters.Builder(httpTransport, jsonFactory, credential)
                    .setApplicationName(applicationName)
                    .build();

            SitesListResponse siteList = service.sites().list().execute();

            if (siteList.isEmpty()) {
                logger.info("Site list is empty!");
            }

        } catch (Exception e) {
            logger.error("Exception: ", e);
        }
    }
}

Is there anything wrong with this code?

like image 305
divdby0 Avatar asked Jul 09 '15 08:07

divdby0


1 Answers

After some debugging of Google's Oauth authentication code, a colleague of mine discovered that there was nothing wrong with my code but there is a certain procedure that should be followed at Google Webmasters Console which nowhere to mentioned by the way:

  • You have to give "full" permission to your service account email address for each of your domains. If you gave the "ownership" before, you have to revoke that ownership (because you can not modify the permission if you give ownership before giving permission).

  • You have to give ownership to your service account email address.

If you do this in the wrong order; your site will not be listed in sitemaps list and even if you explicitly try to get sitemaps of your site by it's address you will get an authentication error.

You have to give permissions and ownerships for each domain you would like to access (even just for getting their names).

There is no single top level access control for all your sites.

like image 136
divdby0 Avatar answered Oct 31 '22 01:10

divdby0