Setting Stage for Google AppScripts API

Understand the whole communication process

Before using any API, you should understand the whole behind the scene activities done to effect the communication. This is explained in a brief way here

Two parts for calling Google App Scripts with API

Regardless of which language API you want to use, running Google App Scripts with API requires you to comply 2 steps as prerequisites

  1. Setup Google Project
  2. Deploy Google App Script as API Execultable

Setup Google Project

Google Cloud Console

  1. Create a new project of Select an existing project
  2. Note down the following attributes
    Project Name: PROJECT NAME
    Project Id: projectname
    Project Number : 12345678 ( to be set in app script)

    See below to see how Project Number is required to deploy as API Executable

APIs and Services

Depending on the objectives of the project APIs an Services must be explicitly added.
Hamburger menu(3 lines) >> APIs and Services >> Enabled APIs and Services

Some APIs will be already added by default. But some important ones like Drive, App Scripts etc should be explicitly added.

Examples

  1. Apps Script API, in android projects you need to use this https://www.googleapis.com/auth/script.external_request)
  2. Google Drive API , in android projects you need to use this https://www.googleapis.com/auth/drive

Set Credentials

Hamburger menu(3 lines) >> APIs and Services >> Credentials`

There are 4 CREATE options of which 3 are important

  1. API Key (Required for JS API)
  2. OAuth Client ID, has several options. commonly used are
    1. Web Client
    2. Android Client
    3. chrome Extension

Important Values to be noted from google cloud console

For JS API

  1. CLIENT_ID (received afeter setting up OAuth Client ID, Web Client)
  2. API_KEY (received in API Key created by default)
  3. apiScopes
    var apiScopes = 'https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile';

For PHP API

  1. CLIENT_ID (received afeter setting up OAuth Client ID, web app)
  2. Client Secret ( also received afeter setting up OAuth Client ID, Web Client)
  3. Scopes
    $this->googleClient->setScopes(['email',
                                        'profile',
                                        'https://www.googleapis.com/auth/drive', 
                                        'https://www.googleapis.com/auth/script.external_request'
                                        ]);

For Android API

  1. APPSCRIPT_CLIENT_ID (received after setting up OAuth Client ID, Android Client)
  2. SCOPES
    private static final String[] SCOPES = { "https://www.googleapis.com/auth/userinfo.email","https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/calendar.readonly","https://www.googleapis.com/auth/spreadsheets", "https://www.googleapis.com/auth/script.external_request", "https://www.googleapis.com/auth/script.send_mail" };

Additional actions

For Android Client

SHA1 Certificate fingerprint :SHA1(under debug): should be like EZ:72:7E:11:E2:C9:32:47:0A:48:DB:71:45:2F:E4:7F:8A:1F:28:80

For Web Client

Set the following Urls

1. Authorised JavaScript origins(required only if you use JSAPI)
2. Authorised redirect URI eg: http://localhost/pjt/tests/googleAPI/PHP/googleLogin.php?action=getTokenFromCode

Deploy Google App Script as API Execultable

App script can be deployed either as

  1. Web app
  2. API Executable

To run App Script using API with third party apps, you should deploy as API Executable. If will ass for Project Number. This project number is to be taken from Google cloud console Project. See above

Important Values to be noted from Google App Scripts Console

  1. Script_ID (For this, script should be made API Executable, by clicking blue Deploy button API Executable scripts, this is deployment_Id in Manage Deployments)

Important: if any change is brought in App script, new deployment hould be created, each deployment will create a new deployment_Id, which is to be updated in the respective calling scripts.


ACCESS Token, REFRESH Token and ID Token

The following 3 tokens thus received are important while communicating via API thereafter.

  1. ID Token : Prove that a user has been authenticated and can contain additional information about the user, such as their email address, picture, and birthday. ID tokens are JSON Web Tokens (JWTs) that can be inspected and used by the application. This ID token may be used to retrieve user details like address, picture, and birthday.Eg:https://oauth2.googleapis.com/tokeninfo?id_token=XYZ123

  2. Access Token is receieved each time you ask for authorisation. This requires successfully logging in. Once Logged in, you will be granted an access token. Further communication with the server will be using this access token. ie if you want to make API Calls, pass Access Tokens . Access token expires after 3600 seconds. So it should be saved carefully to use in subsequesnt calls. More about Access Tokens

  3. Referesh Token is got when you login with your credentials to the google app client(Android Client, Chrome extension or Web Client with the language of your choice) for the first time. If this is saved, it can be used to get a new access token when existing one expires.

PS: You get refresh token only once for the client you logged in granding permissions. if you dont save it, you loose it. To get a new referesh token, you will have to Remove Access going to Google Security Checkup and login again

Sample Code using REFRESH TOKEN in a helper class

    public function setAccessToken() //https://stackoverflow.com/a/15393022
    {
            $this->accessToken =  $this->getSavedToken();//json_decode(file_get_contents($this->tokenSavedFile),true);
            $this->googleClient->setAccessToken($this->accessToken);

          // Refresh the token if it's expired.
          if ($this->googleClient->isAccessTokenExpired()) {
            $this->googleClient->refreshToken($this->googleClient->getRefreshToken());
            $this->accessToken =  $this->googleClient->getAccessToken();
            $this->saveToken($this->accessToken);

          }
    }//public function setAccessToken()

Obtaining tokens

The prior step to authorisation is to authenticate yourself. For this login url is created with the Authorised redirect URI of the current site. A signin button will be shown which will take you to google login page. When a user clicks the sign-in button in a client app, an authorization request is sent to Google's authorization servers. If the user grants the application permissions, you will be redirected to the Authorised redirect URI with an additional URL Paramenter Code, which will contain authorisation code. This code is then send back to google to get the required tokens in JSON format.


Important URLs

API client Libraries for various languares

PHP API Client
JS API Client
JAVA API client