Endpoints caller does not have permission

Question

I have an App Engine deployment which uses Endpoints. After sending a request my process seems to complete successfully. However, when I check the logs, I see these errors:

direct send of check request failed 
<module 'endpoints_management.control.check_request' from 
'/base/data/home/apps/s~[PROJECT]/20181214t082133.414677408142968625/endpoints_management/control/check_request.py'> 

and

failed to flush report_req <ServicecontrolServicesReportRequest 
(/base/data/home/apps/s~[PROJECT]/20181214t082133.414677408142968625/endpoints_management/control/client.py:472)

Both have the following error code:

"error": { 
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"}

How can I resolve these errors? Is there a default service account that needs additional permissions?

Answer 1

Most likely this error is happening because one of the needed Cloud APIs (https://console.cloud.google.com/apis/dashboard) is not enabled.

In my case, I had to enable both Service Management API and Service Control API.

Answer 2

I have the same problem. Cloud endpoint seems to be inconsistent in the way it checks the api access and reporting error. For example if one API requires firebase authentication, instead of rejecting the request when no Firebase token is provided, the API is called successfully with return code 200, but there's error logged in the request log like this which is very confusing.