Error 403 Google API Email Settings .Net getting signature

Question

I am really diving on a issue which makes me loose some sleep.

Basically, we had an application which getting the HTML email signature on GMail ('domaincompany.com') for each user of the company and set the updated personal data on a new HTML signature.

Here it is how was implemented:

public static string getGMailFirma(string mail) {
  GoogleMailSettingsService service = null;
  string[] domainUserGMail;

  string result;

  try {
    /* Recuperamos los datos del usuario de GMail:  *
     *    - Pos 0: usuario                          *
     *    - Pos 1: dominio                          */
    domainUserGMail = Util.getUserDomainGMail(mail);

    /* Iniciamos el servicio de GApps */
    service = new GoogleMailSettingsService(domainUserGMail[1], "company.FirmaCorporativa");
    service.setUserCredentials(PropertiesManager.getUserGApps(), PropertiesManager.getPassGApps());

    result = service.RetrieveSignature(domainUserGMail[0]).getPropertyValueByName("signature").ToString();

    return result;

  } catch (Exception ex) {
    throw ex;
  }
}

So, few weeks ago this is not working anymore, showing error message: “Execution of authentication request returned unexpected result: 404” after executing:

result = service.RetrieveSignature(domainUserGMail[0]).getPropertyValueByName("signature").ToString();

Searching on web docs and different resources, we realized it should implement OAuth2, so we tried this code modification:

public static string getGMailFirma(string mail) {
  GoogleMailSettingsService service = null;
  string[] domainUserGMail;

  string result;

  try {
    const string ServiceAccountEmail = "xxxxxxxxxxxxxxxxxxxxxxx@developer.gserviceaccount.com";

    var certificate = new X509Certificate2("Key_admin.p12", "notasecret", X509KeyStorageFlags.Exportable);



    ServiceAccountCredential credential = new ServiceAccountCredential(
        new ServiceAccountCredential.Initializer(ServiceAccountEmail) {
          Scopes = new[] { "https://apps-apis.google.com/a/feeds/emailsettings/2.0/" }
        }.FromCertificate(certificate));

    if (!credential.RequestAccessTokenAsync(System.Threading.CancellationToken.None).Result)
      throw new InvalidOperationException("Access token request failed.");

    var requestFactory = new GDataRequestFactory(null);
    requestFactory.CustomHeaders.Add("Authorization: Bearer " + credential.Token.AccessToken);


    /* Recuperamos los datos del usuario de GMail:  *
     *    - Pos 0: usuario                          *
     *    - Pos 1: dominio                          */
    domainUserGMail = Util.getUserDomainGMail(mail);

    /* Iniciamos el servicio de GApps */
    service = new GoogleMailSettingsService(domainUserGMail[1], "CompanyFirmaCorporativa");
    service.RequestFactory = requestFactory;

    service.setUserCredentials(PropertiesManager.getUserGApps(), PropertiesManager.getPassGApps());

    result = service.RetrieveSignature(domainUserGMail[0]).getPropertyValueByName("signature").ToString();

    return result;

  } catch (Exception ex) {
    throw ex;
  }
}

But it still gets another error, 403 (Prohibited) after same line execution.

For the last testing, I have done the following steps before:

1. Generating Client ID as Service Account on Console Developers
2. Give the right access to Client ID for https://apps-apis.google.com/a/feeds/emailsettings/2.0/ on Google Admin

Please, I would be very grateful if someone could help me if something I am doing wrong.

Thanks in advance.

Cheers!

Answer 1

I have been going mad today with the same issue, but for 'RetrieveSendAs' which comes under the same API scope, and just this minute solved it!

The 'Initializer' needed a 'User' parameter with the primary email of a site admin:

ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(Globals.GaServiceEmail)
{
    User   = "gapps-admin-login@example.org",
    Scopes = new[] { "https://apps-apis.google.com/a/feeds/emailsettings/2.0/" }
}.FromCertificate(gaCertificate));

You also need to remove the old 'service.setUserCredentials' line from your code.