Access Google API with API Key
I'm creating a server side app which is able to access (Create, edit & delete files) specific folder in my google drive. I was able to achieve it with both OAuth and service account but I wanted do it without OAuth or service account like in official docs. When I tried use API Key It gives a login required error. How I fix it?
srv, err := drive.NewService(
ctx,
option.WithAPIKey(key),
option.WithScopes(drive.DriveFileScope),
)
Error:
googleapi: Error 401: Login Required, required
The first thing you need to understand is the difference between private and public data.
Public data is data that is not owned by anyone that anyone can access. Holiday calendars on Google calendar. If a user uploads a public Videos to YouTube you also don't need permission to access. We use a Public API key to access public data.
Private data is something else. Private data is data that is owned by a user. For your application to be able to access it you need the consent of the owner of the data or someone who has access to it. A users files on Google drive and their google drive account are private user data. You do need permission to access because they are private user data.
You are getting the following error message because
googleapi: Error 401: Login Required, required
If you check Files.create you will notice that it tells you that you need permission to access it.
To answer your question you can not use a public api key to access a users private google drive account. You could read a file that they had set to public using an api key. However to read, write and create files on a users private google drive account. You are not going to be able to create and edit files. For that you would need the users permission.
Oauth2
If you are trying to access the accounts of your users then you need to switch to Oauth2 and request their consent to access their drive account. Once you have a refresh token you will be able to access their account from your server system.
service account
If you are accessing an account that you the developer control. If you are not going to be accessing the accounts of your users then what you should be doing is looking into using a service account. Have a look and open a new question if you have any issues.
security
Authorization is not there to bother you. It is there to ensure that your data and the data of your users is secure. Don't try to find ways to circumnavigate security. Learn to work with it.
like in official docs.
There is nothing in the official docs that stats that you can access private user data with a public api key. Go (isn't going to / cant) change the underling security imposed upon us by Google to access their systems. That being you need user consent to access private user data.
- Call COM object method from Go without CGo
- How to scan into nested structs with sqlx?
- Unit testing in golang
- How to handle gosec linter warning: Potential file inclusion via variable
- Mock go function that modifies and returns the value passed as argument
- Is there a way to show the dependency graph of a Go package?
- Can I utilize conditional compilation without creating a bunch of files in Go?
- Go App deployment error on redhat openshift. CreateContainerError
- Return nil for a struct in Go
- How to display multiple HTTP 200 Response Samples on Swagger-UI using Swaggo/swag
- Using Go to create BitBucket Pipeline YAML with anchors and merging
- Parse hex string to image/color
- When I run `go test -fuzz=Fuzz`, Not enough memory resources are available to process this command
- Streaming yaml parsing, but Decode twice
- How do I simplify this model with a double reference?
- How to handle SecurityErrors as convenient errors with ogen
- What is the right approach to encapsulate platform specific code in Go?
- Is there any way to access private fields of a struct from another package?
- How do I convert a Go array of strings to a C array of strings?
- Return default value for generic type
- Code, for the same input, returns different results occasionally
- Version of Delve is too old for Go version 1.20.0 (maximum supported version 1.19)
- idiomatic Go name for struct in package?
- all goroutines are asleep - deadlock
- Go Gin ctx.SetCookie can't clear cookie for a specific domain
- Catching return values from goroutines
- GO WebSocket to stream public Mastodon posts gives bad handshake
- How to create a big int with a secure random
- Is there a way to run gorm's AutoMigrate using oldStruct but only migrating the tempStruct?
- protoc --go-grpc_out generate code in out of vision of --go_out generated code