CODEWITHSUNDEEP
phpgoogle-api-php-clientgoogle-play-developer-apiin-app-subscription
Ivan Buttinoni
Ivan Buttinoni

Reputation: 4145

Retrieve info about a in-app purchase subscription of Google Play via API

Calling Google API got this message:

    {
  "error": {
    "errors": [
      {
        "domain": "androidpublisher",
        "reason": "permissionDenied",
        "message": "The current user has insufficient permissions to perform the requested operation."
      }
    ],
    "code": 401,
    "message": "The current user has insufficient permissions to perform the requested operation."
  }
}

or this error message (ADDED):

{
 "error": {
  "errors": [
   {
    "domain": "androidpublisher",
    "reason": "projectNotLinked",
    "message": "The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console."
   }
  ],
  "code": 403,
  "message": "The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console."
 }
}

I follow all indications I found and I keep having this error.

ON MY SYSTEM

My code 

        try {
            ini_set('max_execution_time', 3000);
            $client = new Google_Client();

            if ($credentials_file = $this->checkServiceAccountCredentialsFilePlay()) {
                // set the location manually
                $client->setAuthConfig($credentials_file);
            } elseif (getenv('GOOGLE_APPLICATION_CREDENTIALS')) {
                // use the application default credentials
                $client->useApplicationDefaultCredentials();
            } else {
                $rv= "missingServiceAccountDetailsWarning()";
                return [$rv];
            }

            $client->addScope("https://www.googleapis.com/auth/androidpublisher");
            $serviceAndroidPublisher = new \Google_Service_AndroidPublisher($client);
            $servicePurchaseSubscription = $serviceAndroidPublisher->purchases_subscriptions;

            $rv = $servicePurchaseSubscription->get(
                "com.my.app",
                "sub1month",
                "ajgbkxxxxxxxxx.AO-J1OxTOKENTOKENTOKEN-"
            );

        } catch (\Exception $e) {
            return $e->getMessage();
        }

The credential file

{
  "type": "service_account",
  "project_id": "project-id",
  "private_key_id": "abababababababababababababababababa",
  "private_key": "-----BEGIN PRIVATE KEY-----KEYBASE64=\n-----END PRIVATE KEY-----\n",
  "client_email": "[email protected]",
  "client_id": "123450000000000000000",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/google-play-account%40project-id.iam.gserviceaccount.com"
}

ON GOOGLE PLAY CONSOLE

I link the project to the google play console enter image description here

I add the Service account to the google play console enter image description here

It's present in the user menu of google play console enter image description here

And I give him all permission: enter image description here

ON GOOGLE API DEVELOPER CONSOLE

ADD FYI: my "project-id" is under an organization.

In google developer console I gave all possible permission to the service account: enter image description here

And of course I've enabled the google Play Android Developer Api (showing my failures): enter image description here

Upvotes: 1

Views: 3169

Answers (1)

MeinLieberScholli
MeinLieberScholli

Reputation: 27

I had the same problem.

In my case, I was using the google app engine (python) as a backend service. In the beginning, I linked a new Google cloud project in the Google Play Console. I'm not entirely sure if it's the main reason that I got a 401 'insufficient permissions' error, but after switching the linked project to my cloud project (which I used for the app engine) it worked the next day. Right after switching accounts, I received the 403 'projects not linked' error. So, I'm guessing that Google doesn't recognize the change of the linked projects immediately and you need to wait for a few hours.

If you are using app engine, you have to make sure that your default service account for the app engine has a JSON credential file. It's not created by default.

Here is the python code:

        if os.getenv('SERVER_SOFTWARE', '').startswith('Google App Engine/'):
            # production environment
            credentials = oauth2client.contrib.appengine.AppAssertionCredentials(scope='https://www.googleapis.com/auth/androidpublisher')
            http = credentials.authorize(httplib2.Http(memcache))
            response = googleapiclient.discovery.build('androidpublisher', 'v3').purchases().subscriptions()\
                .get(packageName=package_name, subscriptionId=subscription.product_id, token=subscription.token)\
                .execute(http)
        else:
            # local environment
            # setting the scope is not needed because the api client handles everything automatically
            credentials = google.oauth2.service_account.Credentials.from_service_account_file('local_dev.json')
            response = googleapiclient.discovery.build('androidpublisher', 'v3', credentials=credentials).purchases().subscriptions()\
                .get(packageName=package_name, subscriptionId=subscription.product_id, token=subscription.token)\
                .execute()

Upvotes: 0

Related Questions