google-apigoogle-my-business-api

My Business Notifications Google APIs: 403 The caller does not have permission

We are trying to set up a functionallity to our API for fetching reviews from a google location. Most of the APIs are working, meaning that an OAuth2 client has been set up corecctly.

Now, we are trying to setup a pub/sub notification to receive a push notification on my webhook endpoint at our API. Having searched endless hours I still cannot understand why I would get a 403 error, more specifically

{
  "error": {
    "status": "PERMISSION_DENIED", 
    "message": "The caller does not have permission", 
    "code": 403
  }
}

As I am more than certain all of the configuration has been done as per the documentaion's instructions, my last option (last actual is to ask google but not expecting to ever get an answer) is to ask you guys for help.

Already having gained access to the MyBusiness API and enabled the API (mybusinessnotifications.googleapis.com/v1) I followed the steps in the documentation:

  1. Application has been configured
  2. Created a pub/sub topic
  3. Gave the mybusiness-api-pubsub@system.gserviceaccount.com the pubsub.topics.publish permision. To make sure, I even tried it with the admin permisions as can be seen in the bellow images: At the pub/sub level:pub/sub permisions At the project level:project permisions
  4. Created the subscription (although not really relevant at this issue)
  5. Performed a request on PATCH https://mybusinessnotifications.googleapis.com/v1/accounts/-/notificationSetting?updateMask=notificationSetting and received the response:
{
  "error": {
    "status": "PERMISSION_DENIED", 
    "message": "The caller does not have permission", 
    "code": 403
  }
}

To make sure I am doing everything correct, I have moved ahead and tried the same request at Google's OAuth 2.0 playground receiving the exact same response, ruling out any issues with my codebase.

The body I am sending with each PATCH request is this:

"pubsubTopic":"projects/PROJECTNAME/topics/new-review"

Although, I have also tried calling the endpoint, by providing also the name and the notificationTypes attributes.

Google's documentations are way outdated and I have ran out of options and ideas to try out.

Thank you all so much in advance.

Solution

  • SOLVED!!!

    In case anyone stumbles upon this thread, the issue was the "-" on the request URL.. No idea why this is nowhere in the docs, once more.

    It appears that the "-" (to compensate for the account ID) works on every other MyBusiness API, except the "mybusinessnotifications.googleapis.com".

    So the solution was to just replace the - with the actual account ID you are working with, resulting in:

    https://mybusinessnotifications.googleapis.com/v1/accounts/${accountID}/notificationSetting

    Note you can find the account id with a GET request at:

    https://mybusinessaccountmanagement.googleapis.com/v1/accounts/