Understand the whole communication process
Before using any API, you should understand the whole behind the scene activities done to effect the communication. This is explained in a brief way here
Two parts for calling Google App Scripts with API
Regardless of which language API you want to use, running Google App Scripts with API requires you to comply 2 steps as prerequisites
Setup Google Project
- Create a new project of Select an existing project
- Note down the following attributes
Project Name: PROJECT NAME Project Id: projectname Project Number : 12345678 ( to be set in app script)
See below to see how
Project Number
is required to deploy as API Executable
APIs and Services
Depending on the objectives of the project APIs an Services must be explicitly added.
Hamburger menu(3 lines) >> APIs and Services >> Enabled APIs and Services
Some APIs will be already added by default. But some important ones like Drive
, App Scripts
etc should be explicitly added.
Examples
- Apps Script API, in android projects you need to use this https://www.googleapis.com/auth/script.external_request)
- Google Drive API , in android projects you need to use this https://www.googleapis.com/auth/drive
Set Credentials
Hamburger menu(3 lines) >>
APIs and Services >>
Credentials`
There are 4 CREATE options of which 3 are important
- API Key (Required for JS API)
- OAuth Client ID, has several options. commonly used are
- Web Client
- Android Client
- chrome Extension
Important Values to be noted from google cloud console
For JS API
- CLIENT_ID (received afeter setting up OAuth Client ID,
Web Client
) - API_KEY (received in API Key created by default)
- apiScopes
var apiScopes = 'https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile';
For PHP API
- CLIENT_ID (received afeter setting up OAuth Client ID, web app)
- Client Secret ( also received afeter setting up OAuth Client ID,
Web Client
) - Scopes
$this->googleClient->setScopes(['email', 'profile', 'https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/script.external_request' ]);
For Android API
- APPSCRIPT_CLIENT_ID (received after setting up OAuth Client ID,
Android Client
) - SCOPES
private static final String[] SCOPES = { "https://www.googleapis.com/auth/userinfo.email","https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/calendar.readonly","https://www.googleapis.com/auth/spreadsheets", "https://www.googleapis.com/auth/script.external_request", "https://www.googleapis.com/auth/script.send_mail" };
Additional actions
For Android Client
SHA1 Certificate fingerprint :SHA1(under debug): should be like EZ:72:7E:11:E2:C9:32:47:0A:48:DB:71:45:2F:E4:7F:8A:1F:28:80
For Web Client
Set the following Urls
1. Authorised JavaScript origins(required only if you use JSAPI)
2. Authorised redirect URI eg: http://localhost/pjt/tests/googleAPI/PHP/googleLogin.php?action=getTokenFromCode
Deploy Google App Script as API Execultable
App script can be deployed either as
- Web app
- API Executable
To run App Script using API with third party apps, you should deploy as API Executable. If will ass for Project Number
. This project number is to be taken from Google cloud console Project
. See above
Important Values to be noted from Google App Scripts Console
- Script_ID (For this, script should be made API Executable, by clicking blue
Deploy
button API Executable scripts, this isdeployment_Id
inManage Deployments
)
Important: if any change is brought in App script, new deployment hould be created, each deployment will create a new
deployment_Id
, which is to be updated in the respective calling scripts.
ACCESS Token, REFRESH Token and ID Token
The following 3 tokens thus received are important while communicating via API thereafter.
-
ID Token
: Prove that a user has been authenticated and can contain additional information about the user, such as their email address, picture, and birthday. ID tokens are JSON Web Tokens (JWTs) that can be inspected and used by the application. This ID token may be used to retrieve user details like address, picture, and birthday.Eg:https://oauth2.googleapis.com/tokeninfo?id_token=XYZ123 -
Access Token
is receieved each time you ask for authorisation. This requires successfully logging in. Once Logged in, you will be granted an access token. Further communication with the server will be using this access token. ie if you want to make API Calls, pass Access Tokens . Access token expires after 3600 seconds. So it should be saved carefully to use in subsequesnt calls. More about Access Tokens -
Referesh Token
is got when you login with your credentials to the google app client(Android Client, Chrome extension or Web Client with the language of your choice) for the first time. If this is saved, it can be used to get a new access token when existing one expires.
PS: You get refresh token only once for the client you logged in granding permissions. if you dont save it, you loose it. To get a new referesh token, you will have to
Remove Access
going to Google Security Checkup and login again
Sample Code using REFRESH TOKEN in a helper class
public function setAccessToken() //https://stackoverflow.com/a/15393022
{
$this->accessToken = $this->getSavedToken();//json_decode(file_get_contents($this->tokenSavedFile),true);
$this->googleClient->setAccessToken($this->accessToken);
// Refresh the token if it's expired.
if ($this->googleClient->isAccessTokenExpired()) {
$this->googleClient->refreshToken($this->googleClient->getRefreshToken());
$this->accessToken = $this->googleClient->getAccessToken();
$this->saveToken($this->accessToken);
}
}//public function setAccessToken()
Obtaining tokens
The prior step to authorisation is to authenticate yourself. For this login url is created with the Authorised redirect URI
of the current site. A signin button will be shown which will take you to google login page. When a user clicks the sign-in button in a client app, an authorization request is sent to Google's authorization servers. If the user grants the application permissions, you will be redirected to the Authorised redirect URI with an additional URL Paramenter Code
, which will contain authorisation code
. This code is then send back to google to get the required tokens in JSON format.
Important URLs
API client Libraries for various languares
PHP API Client
JS API Client
JAVA API client
|
|