I just need the correct format of the request - https://www.googleapis.com/customsearch/v1?
key=INSERT-YOUR-KEY&cx=013036536707430787589:_pqjad5hr1a&q=flowers&alt=json.
My app will simply make a request with the search phrase and get a callback in JSON. I already connect Google Custom Search to my account, fill in the payment details and get all the keys.
I use the key for Android apps (with certificates), but get the response "Access Not Configured" after call the request in the browser.
How to create a query string to request the API? How can I get the parameter cx?
This is a bug of Google. The problem was solved only completely removing default project and create a new one.
Related
I am trying to implement Android Management API in my project where the first step is to create an enterprise:
Post the Callbackurl and ProjectID to the Following URL
https://androidmanagement.googleapis.com/v1/signupUrls
I get the response name and url:
{
"name": "signupUrls/C265d41bc093bdd97",
"url": "https://play.google.com/work/adminsignup?token=someToken"
}
How can I Change this "url" parameter to my own. Do I require to upload my DPC to playstore?
I am out of guesses. please help
Thanks in advance.
The flow is this:
1) Create a Project in Google developer console, enable Android Management API, create credentials and get the project id. (I think you already done that).
2) Create a SignupUrl with signupUrls.create. (What you have done to get that JSON)
3) Keep the SignupUrl Name and redirect the user (or go) to the returned URL (inside the JSON posted).
3) Follow the procedure to create an enterprise.
This will start the creation of an enterprise to the signed Google Account.
4) At the end of the procedure you will be redirected to the callbackUrl specified inside signupUrls.create. Appended to the callbackUrl, as a GET query parameter, will be a token.
5) You must use the appended token to conclude the flow calling the API enterprises.create with these parameters:
The signup url name
The enterprise token returned as parameter
(optional) a request body with some enterprise parameters (logo, name, etc)
At the end of this coming and going between URLs and API calls, you will end with an Enterprise created on the Google Account and the enterprise ID in the form enterprise/<yourID> to interact with the API.
You can check all the Enterprise infos at the created Google Play for Work (or Managed Google Play) at http://play.google.com/work . Left menu "Administration Settings" at check your enterpriseId.
I want to create an app that autocompletes a destination text box. I read this documentation about it:
Adding Place Autocomplete to your Android App
However it says that you can't use your API key internally and that you must instead access an external web service to make the autocomplete submission and return the results to your app. I then came across this:
Place Autocomplete in response to an HTTP request
This states that you can make a request with your API key as part of the URL for the HTTP request. Can you do this internally from your app or would you have to submit that HTTP request from an external web service as well? If you can just make this HTTP request from within the app, how would I go about doing this?
Try this solution:
1) Get an application's API key from the Google console.
Create Api Key
2) Use this module from GitHub to make Google Place Auto Complete. It's easy to integrate: Android GooglePlaceAutoComplete
I have been doing a lot of research recently on securing my app engine. Currently, I've been reading through the question below and the links in that question:
How do I restrict Google App Engine Endpoints API access to only my Android applications?
However, it doesn't answer my problem. My question is similar to the question above, restricting access to my endpoint API to only my app. The guy seemed to have got it working when he inputs a correct email into the credentials.
My question is if I can achieve the same results without having to input any credentials. I want it so that only my app can use my endpoint API so to prevent other apps from abusing it and using up my quota. I already got a client id for my android application, and have placed it within my #API annotation. To test if it worked, I made a random value for the client id in the #API notation of another api class. However, my app was still able to use methods from both class. Any help?
-Edit-
From reading from the docs and researching further, the endpoint way of authorizing apps is by authenticating the user and for my API to check if user is null. My question is that in the process of authenticating the user, is Google somehow able to read my app's SHA1 fingerprint and authorize it to its list of client ids? If so, how can I replicate this process in my endpoint so that I check the SHA1 fingerprint of the app making the request and compare it to a set value? I don't understand the mechanics behind the endpoints very well, so correct me if I am understanding this wrong.
If the android app has access, then the user has access. A motivated party has many options for inspecting your protocol, including putting the device behind transparent proxy or simply running the app through a debugger. I do suggest running your app through ProGuard before publishing, as this will make the process [a bit] more difficult.
Ultimately, you'll need to make your appengine API robust against untrusted parties. This is simply the state of the web.
How you can protect your endpoint API is described here: http://android-developers.blogspot.com/2013/01/verifying-back-end-calls-from-android.html
The secret is that you request a token from Google Play using the following scope: audience:server:client_id:9414861317621.apps.googleusercontent.com where 9414861317621.apps.googleusercontent.com is your ClientId.
Google Play will look up the id at your endpoints app and return a Google-signed JSON Web Token if it finds the id. Then you pass that id in with your request. Above article says you should pass it in with the body. I would possibly rather add another parameter for that because otherwise you can't pass your own entities anymore. Anyway, your server backend receives the token, and you ask Google as described if it is authentic, before you process the API request.
If you pass in the token using an extra parameter, you can catch it on the server side by adding HttpServletRequest to your endpoint signature and then using request.getHeader("Yourname") to read it out. Make sure you never add the parameter as a URL parameter as it may be logged somewhere.
public void endpointmethod(
// ... your own parameters here
final HttpServletRequest request
) throws ServiceException, OAuthRequestException {
request.getHeader("YourHeaderName") // read your header here, authenticate it with Google and raise OAuthRequestException if it can't be validated
On the Android side you can pass in your token when you build the endpoint api, like this, so you don't have to do it with each and every request:
Yourapiname.Builder builder = new Yourapiname.Builder(AndroidHttp.newCompatibleTransport(), getJsonFactory(), new HttpRequestInitializer() {
public void initialize(HttpRequest httpRequest) {
httpRequest.setHeader(...);
}})
Hope this helps you make your endpoints API secure. It should.
I try to use Google oauth to authenticate users on my android app.
Then I would like to send it to my app server so it can connect at any time with Google calendar.
I tried to use
GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);
Following this article:
https://developers.google.com/accounts/docs/CrossClientAuth
When I use it with scope
mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I get a token, which is valid for an hour
But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using
mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I receive either "invalid_scope" or "Unknown" exceptions.
What am I doing wrong?
EDIT:
OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token. When tying to resolve server gets an error about the redirection URL.
BTW, When I do the web flow with same parameters it works.
OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. A few things you have to know to work with Android and offline token
When you create google Client ID Don't create a service application before you create a web application
Must include https://www.googleapis.com/auth/plus.login in your scope
The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console.
That scope string is only documented to work when passed to GoogleAuthUtil(), see http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html, on Android. But it would be cool if it worked on iOS too; our infrastructure there is a little behind where we’re at on Android.
I have had the same issue then i realised that my app is not published and is in debug mode, so i had to add test users to the Google project -> Consent Screen, then i was able to fetch the token for the added test user.
You just need to follow the correct steps/format for specifying the scopes. Find them here https://developers.google.com/android/guides/http-auth#SpecifyingScopes
I'm trying to make an app that accesses a user's Google Calendar using OAuth. I have the code in place that gets all of the proper tokens and they are saved into some preferences. I used the tutorial here to do this all, by the way. I have successfully changed the scope and request URL's so that I'm getting the needed tokens. The problem comes when I actually try to USE the token. Instead of calendar info, I get back some HTML that says "Unknown authorization header Error 401". The request URL I am using is:
https://www.google.com/calendar/feeds/default/allcalendars/full
and the scope is:
http://www.google.com/calendar/feeds/
I have tried replacing 'default' with my email address (which is also the one that I used for the OAuth) to no avail. Am I using the wrong URL? if not, what else could cause this error? I have been looking for a few days now to find someone who has accessed the Calendar using OAuth, but everything I have found is people giving up because it's too difficult or doesn't work.
EDIT:
I believe my header is correct, here is an example of it:
OAuth oauth_token="************-********-**********-****",
oauth_consumer_key="anonymous",
oauth_version="1.0",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1303161387",
oauth_nonce="*******************",
oauth_signature="*******************"
That is pulled directly from my app, and from what I could find it looks right to me, but I'm still getting the error above (Unknown Authorization Header Error 401).
The Authorization header needs to be "Authorization: OAuth oauth_nonce="deadbeefdeadbeef" oauth_version="1.0" ....
See http://code.google.com/apis/accounts/docs/OAuth_ref.html#RequestToken. You can, supposedly, also but the authorization parameters in the querystring or in the body of a POST, but I have not attempted that.
As noted in the comments below, Google is now, at least with the Calendar feed, appending a 'gsessionid=' querystring and redirecting; and so a redirect handler must create a new nonce and timestamp, and make a new signature making sure to add the gsessionid to the base signature string in the correct lexicographical order (preceding any of the oauth_ variables).