GSuite Alert Center API returns 'customer id could not be inferred from the request or caller identity.' error

Question

I am trying to get a list of alerts from the GSuite Alert Center API in a Node JS application. I created a Service Account at the IAM & Admin page, checked the Enable G Suite Domain-wide Delegation checkbox, and generated a JSON file with access keys set. Then I went to the Admin Console -> Security -> API controls -> Domain-wide Delegation and registered the Service Account by its Client ID with the https://www.googleapis.com/auth/apps.alerts scope.

The code was taken from the example provided in google-api-nodejs-client and basically looks like

const { google } = require('googleapis');
const alertcenter = google.alertcenter('v1beta1');

const auth = new google.auth.GoogleAuth({
   keyFile: 'Path/to/my/file/with/accessKeys'
   scopes: ['https://www.googleapis.com/auth/apps.alerts'],
});
const client = await auth.getClient();
google.options({auth: client});

const res = await alertcenter.alerts.list();

What I am getting back from the API is the 'customer id could not be inferred from the request or caller identity.' error message.

I tried to pass the customer ID as a parameter to the list() method since it is described as its legit parameter. Like this

const res = await alertcenter.alerts.list({ customerId: 'my-customer-id' });

As a result, I only got another error message: Request contains an invalid argument.

What do I do wrong?

Answer 1

Hey I had this same issue and it drove me a bit mad.

I found that the authorisation needs a user email associated with the 'customer' that is required in the credentials. This email needs to be from an account of a user that has access to the alert center.

This is required in the 'subject' parameter of the authorisation credentials.

I couldn't do this through the GoogleAuth object as it doesnt, but through using the JWT, which is similar

I followed my nose from the python issue people had here https://github.com/googleapis/google-api-python-client/issues/777

const {google} = require('googleapis');

const scopes = ['https://www.googleapis.com/auth/apps.alerts'];
const credentials = require("Path/to/my/file/with/accessKeys");

// email with access to alert center
const auth_email = '[email protected]';

async function runSample() {
    const authClient = new google.auth.JWT({
        email:credentials.client_email,
        key: credentials.private_key,
        scopes: scopes,
        subject: auth_email 
    });

    authClient.authorize(function(err, tokens) {
        if (err) {
            console.log(err);
            return;
        } else {
            authClient.setCredentials(tokens);
        }
    });

    google.options({
        auth: authClient
    });

    const alertcenter = google.alertcenter('v1beta1');

    const res = await alertcenter.alerts.list();

    console.log(res.data);

    return res.data;
}

if (module === require.main) {
    runSample().catch(console.error);
  }
  
  // Exports for unit testing purposes
  module.exports = {runSample};

This is working for me now - there may be another way to assign the subject/email to the authorisation with GoogleAuth but I can't figure it out.