Google Client for Calendar service responding with a 404

Question

Target

I'm trying to integrate Google Calendar API to my company website to automate event creation upon some events.

The events will be added to a company calendar and displayed to the users, so i don't need the users to authenticate, i will not work on their own calendars.

What i've done

• made a OAuth 2.0 service account as described in the Google OAuth 2.0 for Server to Server Applications docs

• created, downloaded and added the credentials file to my project, and added its path to the environment variable GOOGLE_APPLICATION_CREDENTIALS;

• followed the docs example to authorize my requests using the service account and the docs to create events.
  Here's a short version of my sourcecode:

  $client = new Google_Client();
  $client->setApplicationName("XXX");
  $client->addScope(Google_Service_Calendar::CALENDAR); // "https://www.googleapis.com/auth/calendar"
  $client->useApplicationDefaultCredentials();
  
  $service = new Google_Service_Calendar($client);
  
  $event = new Google_Service_Calendar_Event(/* array with event data */);
  $calendarId = /* calendar id taken from calendar Settings and Sharing on calendar.google.com*/;
  
  $event      = $service->events->insert($calendarId, $event);
  

  Compared to the example (lines 43:52) I didn't manually check for the credential files but gone straight for useApplicationDefaultCredentials().

The error

The logged errror from my code is

[2020-10-19 14:29:19] local.ERROR: {
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "notFound",
    "message": "Not Found"
   }
  ],
  "code": 404,
  "message": "Not Found"
 }
}
 {"userId":2,"exception":"[object] (Google_Service_Exception(code: 404): {
 \"error\": {
  \"errors\": [
   {
    \"domain\": \"global\",
    \"reason\": \"notFound\",
    \"message\": \"Not Found\"
   }
  ],
  \"code\": 404,
  \"message\": \"Not Found\"
 }
}
 at /var/www/vendor/google/apiclient/src/Google/Http/REST.php:123)
[stacktrace]

It looks like it is calling the wrong api endpoint since a 404 is a page not found response.

Calendar ID
Just to be clear, here is where i taken the calendar id

Answer 1

As far as I know, service accounts do not have their own calendars, so they need to be granted access to a specific organization in order to create/read events.

If this is for an internal application (and you are an administrator for your organization), you can follow the steps under Delegating Authority to grant your service account access to the calendars for your organization:

Then, a super administrator of the G Suite domain must complete the following steps:

1. From your G Suite domain’s Admin console, go to Main menu menu > Security > API Controls.
2. In the Domain wide delegation pane, select Manage Domain Wide Delegation. Click Add new.
3. In the Client ID field, enter the service account's Client ID. You can find your service account's client ID in the Service accounts page.
4. In the OAuth scopes (comma-delimited) field, enter the list of scopes that your application should be granted access to. For example, if your application needs domain-wide full access to the Google Drive API and the Google Calendar API, enter: https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/calendar.
5. Click Authorize.

You'll also need to follow the steps to impersonate a specific user under Preparing to make an authorized API call in order to retrieve a token for a user that has access to the calendar in question.

If this is for an application intended to be installed by multiple organizations, you should consider using a managed OAuth service, like Xkit (where I work). Xkit in particular has a Google Calendar Service Account connector that abstracts away all of these steps (including a step-by-step guide for the IT admin) from you as the developer to deliver you a working access token in one API call.

As a side note, the service account example you cited uses public data from the Books API, so it does not need authorization from a user, it only needs to identify itself as an application.