I have written a simple site list query code which uses Oauth with service account based on Google's documentation. The authentication key file (.p12) being used is valid as well as the account.
The problem is that sites list method returns an empty list.
service.sites().list().execute();
Also if I explicitly try to get sitemaps of a validated site, by calling
service.sitemaps().list("my.sample.site.com").execute();
I got a 403 Forbidden - "User does not have sufficient permission for site 'sample.site.com'. See also: https://support.google.com/webmasters/answer/2451999." error from the API.
According to my debugging, the API perfectly loads the key file (.p12) and manages the access tokens etc. with no problems.
Nevertheless there might be a problem with my service account authentication.
Dependencies:
<dependency>
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-webmasters</artifactId>
<version>v3-rev6-1.20.0</version>
</dependency>
Sample code:
package webmastertools;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.webmasters.Webmasters;
import com.google.api.services.webmasters.WebmastersScopes;
import com.google.api.services.webmasters.model.SitesListResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.io.File;
import java.util.Collections;
public class GoogleWebmastersClient {
static Log logger = LogFactory.getLog(GoogleWebmastersClient.class);
public static void main(String args[]) {
try {
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();
String emailAddress = "[email protected]";
String applicationName = "Sitemap Generator";
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(emailAddress)
.setServiceAccountPrivateKeyFromP12File(new File("/path/to/auth.p12"))
.setServiceAccountScopes(Collections.singletonList(WebmastersScopes.WEBMASTERS))
.build();
Webmasters service = new Webmasters.Builder(httpTransport, jsonFactory, credential)
.setApplicationName(applicationName)
.build();
SitesListResponse siteList = service.sites().list().execute();
if (siteList.isEmpty()) {
logger.info("Site list is empty!");
}
} catch (Exception e) {
logger.error("Exception: ", e);
}
}
}
Is there anything wrong with this code?
After some debugging of Google's Oauth authentication code, a colleague of mine discovered that there was nothing wrong with my code but there is a certain procedure that should be followed at Google Webmasters Console which nowhere to mentioned by the way:
You have to give "full" permission to your service account email address for each of your domains. If you gave the "ownership" before, you have to revoke that ownership (because you can not modify the permission if you give ownership before giving permission).
You have to give ownership to your service account email address.
If you do this in the wrong order; your site will not be listed in sitemaps list and even if you explicitly try to get sitemaps of your site by it's address you will get an authentication error.
You have to give permissions and ownerships for each domain you would like to access (even just for getting their names).
There is no single top level access control for all your sites.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With