Trying to use service account but i'm getting 401 error
2,154 views
Skip to first unread message
plann...@gmail.com
Feb 6, 2018, 10:57:07 AM2/6/18
to Google's DoubleClick Campaign Manager API Forum
Hi, i'm trying to integrate DCM api into our agency system, i'm trying to use a service account to get some data to test that the authentication is correct, but when i try to get the campaign list for my profile in DCM it didn't work and i get the error message
Google.Apis.Requests.RequestError1075 : Failed to authenticate. Google account can not access the user profile/account requested. [401]Errors [ Message[1075 : Failed to authenticate. Google account can not access the user profile/account requested.] Location[Authorization - header] Reason[authError] Domain[global]]i know that i must link the DMC profile with the Service Account email and i already did it, am i missing something?
This is my code:
using System;using System.Collections.Generic;using System.IO;using System.Linq;using System.Text;using System.Threading.Tasks;using Google.Apis.Auth.OAuth2;using Google.Apis.Dfareporting.v3_0;using Google.Apis.Dfareporting.v3_0.Data;using Google.Apis.Json;using Google.Apis.Services;
namespace ConsoleApp1{ class Program { /// <summary> /// The OAuth 2.0 scopes to request. /// </summary> private static readonly IEnumerable<string> OAuthScopes = new[] { DfareportingService.Scope.Dfareporting, DfareportingService.Scope.Dfatrafficking }; /// <summary> /// Main method, to run this code example as a standalone application. /// </summary> /// <param name="args">The command line arguments.</param> public static void Main(string[] args) { Run(); }
/// <summary> /// Run the code example. /// </summary> /// <param name="service">Unused</param> public static void Run() { string pathToJsonFile = "JSONFILE";
// An optional Google account email to impersonate. Only applicable to service accounts which // have enabled domain-wide delegation and wish to make API requests on behalf of an account // within their domain. Setting this field will not allow you to impersonate a user from a // domain you don't own (e.g., gmail.com). string emailToImpersonate = "";
// Build service account credential. ServiceAccountCredential credential = getServiceAccountCredential(pathToJsonFile, emailToImpersonate);
// Create a Dfareporting service object. // // Note: application name should be replaced with a value that identifies your application. DfareportingService service = new DfareportingService( new BaseClientService.Initializer { HttpClientInitializer = credential, ApplicationName = "C# service account sample" } ); CampaignsListResponse campaigns; String nextPageToken = null; String fields = "nextPageToken,campaigns(id,name)";
do { // Create and execute the campaigns list request. CampaignsResource.ListRequest request = service.Campaigns.List(PROFILE_ID); request.Fields = fields; request.PageToken = nextPageToken; campaigns = request.Execute();
foreach (Campaign campaign in campaigns.Campaigns) { Console.WriteLine("Campaign with ID {0} and name \"{1}\" was found.", campaign.Id, campaign.Name); }
// Update the next page token. nextPageToken = campaigns.NextPageToken; } while (campaigns.Campaigns.Any() && !String.IsNullOrEmpty(nextPageToken));
Console.ReadLine(); }
private static ServiceAccountCredential getServiceAccountCredential(String pathToJsonFile, String emailToImpersonate) { // Load and deserialize credential parameters from the specified JSON file. JsonCredentialParameters parameters = NewtonsoftJsonSerializer.Instance.Deserialize<JsonCredentialParameters>(pathToJsonFile);
// Create a credential initializer with the correct scopes. ServiceAccountCredential.Initializer initializer = new ServiceAccountCredential.Initializer(parameters.ClientEmail) { Scopes = OAuthScopes };
// Configure impersonation (if applicable). if (!String.IsNullOrEmpty(emailToImpersonate)) { initializer.User = emailToImpersonate; }
// Create a service account credential object using the deserialized private key. ServiceAccountCredential credential = new ServiceAccountCredential(initializer.FromPrivateKey(parameters.PrivateKey));
return credential; } }}
Thanks for your help.
Chris Feldman (DCM API Team)
Feb 6, 2018, 3:00:11 PM2/6/18
to Google's DoubleClick Campaign Manager API Forum
Hi,
You are getting an authError on your requests. This error usually arises when you supplied the incorrect credentials/tokens in the Authorization header in your request. I suggest you double check if you are supplying the correct information and try running the request again. Here is a helpful guide for Authorizing requests using the API.
Please let me know if you continue to have issues.
Regards,
Chris Feldman
DCM API Team
plann...@gmail.com
Feb 6, 2018, 4:36:51 PM2/6/18
to Google's DoubleClick Campaign Manager API Forum
I found my mistake,
I was using the email account (@gmail.com) to associate the profile in DMC, not the account provided after create the service account.
Totally by bad.
Thanks a lot for your help.
plann...@gmail.com
Feb 6, 2018, 4:36:51 PM2/6/18
to Google's DoubleClick Campaign Manager API Forum
Hi Chris, thanks for your reply..
Reading the docs i see that we need to show to the user the consent windows in order to access to their data, so my question is... is possible to access to that information without showing the consent to the user? we've many clients with many accounts and our system inject data to many differentes third party vendors like DCM using key o token but i didn't see any similar in DCM,
our system use a non-UI job to upload all the data(campaings, ads, advertisers, etc) to differents vendors and we need the same for DCM is that possible?
I was trying using a Service Account created on the Credentials Explorer and then creating a profile in DCM with the same email that i use to create the Service Account, but i've got the error that i post before.
I really aprecciate any help on this.
Thanks
On Tuesday, February 6, 2018 at 3:00:11 PM UTC-5, Chris Feldman (DCM API Team) wrote:
Reply all
Reply to author
Forward
0 new messages