Google Reseller API获取GoogleJsonResponseException:403 Forbidden

时间:2016-10-25 08:30:00

标签: java service-accounts google-reseller-api

我正在开发使用Google Apps转销商API(Found here)的项目。

我遇到了403 Forbidden Exception。

代码(大部分来自Google Codelab示例Here

try {
        try {

        Reseller service = GoogleResellerApiUtil.getResellerService();

        Customer customerRecord = service.customers().get("acme.com").execute(); //crashes here
    // "acme.com" is also used in the example from Google
        System.out.println(customerRecord.toString());


    } catch (GoogleJsonResponseException e) {
        e.printStackTrace();
    }

这是我用来连接API的类。 我提供了一个p12文件并且它使用了服务帐户,在调用API时它会冒充其中一个超级管理员,因此应该允许它进行所有调用。

目前我只使用只读范围。

public class GoogleResellerApiUtil {
    /** HTTP_TRANSPORT */
    private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();

    /** JSON Factory*/
    private static final JsonFactory JSON_FACTORY = new JacksonFactory();

    /** Service Account Email */
    public static final String SERVICE_ACCOUNT_EMAIL = "****@appspot.gserviceaccount.com";

    /** P12 File Location */
    public static final String PRIVATE_KEY_FILE = "WEB-INF/key.p12";

    /** Reseller Admin Account to impersonate */
    public static final String RESELLER_ADMIN = "**.**@**.com";

    /** Scopes */
    public static final List<String> SCOPES = Arrays.asList(ResellerScopes.APPS_ORDER_READONLY);

    /** Application name. */
    private static final String APPLICATION_NAME = "**-subscription-portal";

    /** Logger */
    private final static Logger LOGGER =
        Logger.getLogger(GoogleResellerApiUtil.class.getName());



    public static GoogleCredential getCredentials() throws IOException {

        GoogleCredential credentials = null;

        try {
            credentials = new GoogleCredential.Builder()
                .setTransport(HTTP_TRANSPORT)
                .setJsonFactory(JSON_FACTORY)
                .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
                .setServiceAccountScopes(SCOPES)
                .setServiceAccountUser(RESELLER_ADMIN)
                .setServiceAccountPrivateKeyFromP12File(new File(PRIVATE_KEY_FILE))
                .build();
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        }

        System.out.println("credential has been build, returning credential "); //this gets printed, so I think the credentials are valid?
    return credentials;
}

    /**
     * Build and return an authorized Reseller client service.
     * @return an authorized Reseller client service
     * @throws IOException
     */
    public static Reseller getResellerService() throws Exception {
        Credential credential = getCredentials();
        return new Reseller.Builder(
            HTTP_TRANSPORT, JSON_FACTORY, credential)
            .setApplicationName(APPLICATION_NAME)
            .build();
    }
}

但是在拨打电话时收到以下错误消息:

com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 OK
{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Forbidden",
    "reason" : "forbidden"
  } ],
  "message" : "Forbidden"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
etc. etc. etc.

1 个答案:

答案 0 :(得分:1)

Reseller API: Manage Subscriptions中注明

  

注意:如果customerAuthToken无效或已过期,则API响应将返回403&#34; Forbidden&#34;错误。

要解决此问题,请确保请求必须由有权访问数据的经过身份验证的用户授权。正如Reseller API: Authorizing

中所述
  

注意:授予转销商API权限的用户必须是域超级管理员。

除此之外,在Token expiration中建议您编写代码以预测授予的令牌可能不再有效的可能性。由于以下原因之一,令牌可能会停止工作:

  • 用户已撤销访问权限。
  • 该令牌已使用六个月。
  • 用户更改了密码,令牌包含Gmail范围。
  • 用户帐户已超过一定数量的令牌请求。

希望有所帮助!

相关问题
最新问题