google-drive-apigoogle-oauthapi-keygoogle-developers-consolerestriction

I'm trying to restrict an API key to Google Drive API, but it's behaving like I've set a referrer restriction

In the Google Developers Console, I have restricted my API key to only accept the Google Drive API calls. I don't use any HTTP referrers that might restrict calls to specific websites.

An API key restrictions window in the Google Developers Console

However, I constantly get error 403 with the ipRefererBlocked reason:

The Response tab in the browser console with the error message

Here is an example of a request I'm trying to perform:

The Headers tab in the browser console showing the details of the failed request

Interestingly, I face this issue only with the Google Drive API (with every single key I create). Other APIs (if I restrict an API key to them), like Google Sheets API, Google Calendar API, work perfectly fine.

If there are no restrictions (neither application restrictions nor API ones), everything works fine.

What am I doing wrong? Does anybody else face the same issue?

UPDATE: It looks like GET requests have started working. However, the PATCH ones, no—I still can't write data back to a file I have permission to write to.

The Headers tab in the browser console showing the details of the failed PATCH request

Weirdly, I can upload files, e.g., images, via PATCH requests. 🤷🏻‍♂️

Solution

  • Google has verified the bug and it has been logged internally. They are working on a fix.

    Update: It should be fixed now.