Solved: Google Sheet API stopped working post restricting ... - Page 2

asachan · 04-19-2023 07:32 AM

Recently we changed Google Drive's external sharing setting on one of our Google workspace's tenant.

Path to settings - Home > Apps > Google Workspace > Drive and Docs > Sharing Settings > Sharing outside of ABC Inc > AllowListed domains.

There was an GCP project where developers were accessing Google Spreadsheet using Google Sheet API using service acocunt.

After that change , it stopped working and getting error HTTP error 403 . The caller does not have permissions.

When we try to share that particular Google Sheet with service account, our settings doesn't allow as it is not from allowlisted domain and when try to allowlist domain. Google Admin console doesn't allow to list as it is not compatible.

Tried using by granting domain wide delegation to Client ID and scope. It still doesn't work.

What should we check?

asachan

I have resolved the issue using Domain wide delegation.

View solution in original post

goldyarora

DwD is very broad and not recommended unless you don't have any other option to make it work, in your case, you should consider following to add more security:
1. Create a google group and add your service account to it.
2. Create a trust rule, allowing this group to have access.

This way, you would be able to apply granular scope if needed.

View solution in original post

Google Sheet API stopped working post restricting Drive's External sharing to Allowlisted domains