I'm creating a server side app which is able to access (Create, edit & delete files) specific folder in my google drive. I was able to achieve it with both OAuth
and service account but I wanted do it without OAuth or service account like in official docs. When I tried use API Key
It gives a login required error. How I fix it?
srv, err := drive.NewService(
ctx,
option.WithAPIKey(key),
option.WithScopes(drive.DriveFileScope),
)
Error:
googleapi: Error 401: Login Required, required
The first thing you need to understand is the difference between private and public data.
Public data is data that is not owned by anyone that anyone can access. Holiday calendars on Google calendar. If a user uploads a public Videos to YouTube you also don't need permission to access. We use a Public API key to access public data.
Private data is something else. Private data is data that is owned by a user. For your application to be able to access it you need the consent of the owner of the data or someone who has access to it. A users files on Google drive and their google drive account are private user data. You do need permission to access because they are private user data.
You are getting the following error message because
googleapi: Error 401: Login Required, required
If you check Files.create you will notice that it tells you that you need permission to access it.
To answer your question you can not use a public api key to access a users private google drive account. You could read a file that they had set to public using an api key. However to read, write and create files on a users private google drive account. You are not going to be able to create and edit files. For that you would need the users permission.
If you are trying to access the accounts of your users then you need to switch to Oauth2 and request their consent to access their drive account. Once you have a refresh token you will be able to access their account from your server system.
If you are accessing an account that you the developer control. If you are not going to be accessing the accounts of your users then what you should be doing is looking into using a service account. Have a look and open a new question if you have any issues.
Authorization is not there to bother you. It is there to ensure that your data and the data of your users is secure. Don't try to find ways to circumnavigate security. Learn to work with it.
like in official docs.
There is nothing in the official docs that stats that you can access private user data with a public api key. Go (isn't going to / cant) change the underling security imposed upon us by Google to access their systems. That being you need user consent to access private user data.