1

I am simply trying out curl examples from the GDrive API Explorer, specifically this call: https://developers.google.com/drive/api/v3/reference/files/list

However when I copy the example and execute it with my API key, I get this error:

curl https://www.googleapis.com/drive/v3/files?key=AIzaSyCQfFNMxHVJRaTvXXXXXXXXXX
{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "insufficientFilePermissions",
    "message": "The user does not have sufficient permissions for this file."
   }
  ],
  "code": 403,
  "message": "The user does not have sufficient permissions for this file."
 }
}

When I try to get a single file using files/{fileId} with the same API key, it works fine and the file metadata is returned.

What is the deal here? Does listing require special permissions, or does API keys have limitations, or..?

pinoyyid
  • 21,499
  • 14
  • 64
  • 115
Martynas Jusevičius
  • 575
  • 1
  • 8
  • 21
  • What scopes are you using? – pinoyyid Aug 01 '18 at 18:44
  • Scopes AFAIK is an OAuth concept? As mentioned I am using API key for authentication, just for a proof of concept (don't want to get into OAuth side of things right now). In any case I cannot choose scopes for API key in the explorer: https://developers.google.com/drive/api/v3/reference/files/list?apix=true#try-it – Martynas Jusevičius Aug 01 '18 at 21:32
  • You've kinda answered your own question. Without using oauth to authorise your app, your app has no authorisation to perform the files.list. In fact, without oauth, GDrive has no way of even knowing which account's files you want to list. – pinoyyid Aug 02 '18 at 02:04
  • But how come `get` on a single file works, but `list` does not? This doesn't make sense. I am performing authorization using the API key, which is one of the two methods GDrive API supports (in addition to OAuth). – Martynas Jusevičius Aug 02 '18 at 07:38
  • My guess is that the file is public. Take a step beck and look that curl request. Where in that request is the account ID who's drive you want to list? The API key is not authorisation! It is merely identifying your app for audit and abuse purposes. – pinoyyid Aug 02 '18 at 08:59
  • Duplicate of https://stackoverflow.com/questions/48637563/how-to-use-api-key-to-access-the-google-drive – pinoyyid Aug 02 '18 at 09:03

1 Answers1

1

Just a hunch, you are trying a file that is not public, that is why you are receiving 403:insufficientFilePermissions. To access this you must authenticate your request using OAuth 2.0.

enter image description here

You can check the documentation About Authorization:

Your application must use OAuth 2.0 to authorize requests. No other authorization protocols are supported. If your application uses Google Sign-In, some aspects of authorization are handled for you.

Mr.Rebot
  • 6,703
  • 2
  • 16
  • 91