Gmail API Signature Server Side

Question

I want to change all signatures from my Gmail domain. This domain has many accounts, and I need to change it from server-side.

I'm using php, and I started my project with: php composer.phar require google/apiclient:2.0

I wrote one code, but when I try to update one email (like teste@mydomain.com), I receive:

{ "error": { "errors": [ { "domain": "global", "reason": "insufficientPermissions", "message": "Insufficient Permission" } ], "code": 403, "message": "Insufficient Permission" } }

My code (using API client library) is something like:

<?php

// initialize gmail
function getService() {
    try {
        include_once __DIR__ . '/vendor/autoload.php';

        $client = new Google_Client();

        $credentials_file = __DIR__ . '/credentials/gmailAPI.json';

        // set the location manually. Credential server-side
        $client->setAuthConfig($credentials_file);

        $client->setApplicationName("GmailAPI");
        $client->setScopes(['https://apps-apis.google.com/a/feeds/emailsettings/2.0/']);

        $gmail = new Google_Service_Gmail($client);

        return $gmail;
    } catch (Exception $e) {
        throw new Exception($e->getMessage());
    }
}

function updateSignature(&$gmail) {
    try {
        // Start sendAs
        $signature = new Google_Service_Gmail_SendAs();
        // Configure Signature
        $signature->setSignature("Any HTML text here.");

        // Update account and print answer
        var_dump($gmail->users_settings_sendAs->update("someEmail@myDomain.com.br","someEmail@myDomain.com.br",$signature));
    } catch (Exception $e) {
        throw new Exception($e->getMessage());
    }

}

try {
    $gmail = getService();
    updateSignature($gmail);
} catch (Exception $e) {
    echo $e->getMessage();
}

?>

My credential file (gmailAPI.json) is one service account key, and I'm using Google for Work.

I created this credential using one administrator account from this domain.

My credential file is:

{
  "type": "service_account",
  "project_id": "myProjectId",
  "private_key_id": "myPrivateKeyid",
  "private_key": "myPrivateKey",
  "client_email": "gmailapi@projectid.iam.gserviceaccount.com",
  "client_id": "myId",
  "auth_uri": "url",
  "token_uri": "url",
  "auth_provider_x509_cert_url": "url",
  "client_x509_cert_url": "url"
}

Edit 1

I changed the scopes as instructed, and now my scopes are:

$client->setScopes(['https://www.googleapis.com/auth/gmail.settings.basic','https://www.googleapis.com/auth/gmail.settings.sharing']);

I also added permision on Google (/AdminHome?chromeless=1#OGX:ManageOauthClients) to my service account key.

I tried API explorer and it works. When i changed the scopes, the error changed to:

{ "error": { "errors": [ { "domain": "global", "reason": "failedPrecondition", "message": "Bad Request" } ], "code": 400, "message": "Bad Request" } }

I'm using this command:

var_dump($gmail->users_settings_sendAs->update("someEmail@myDomain.com.br","someEmail@myDomain.com.br",$signature));

I tried also

var_dump($gmail->users_settings_sendAs->get("someEmail@myDomain.com.br","someEmail@myDomain.com.br"));

But I received same error.

Answer 1

Thank You everyone.

I tried a lot of codes, and finally found one that works.

include_once __DIR__ . '/vendor/autoload.php';
// credential file (service account)
$credentials_file = __DIR__ . '/credentials/gmailAPI.json';
putenv('GOOGLE_APPLICATION_CREDENTIALS='.$credentials_file);
// Initialize Google Client
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
// scopes to change signature
$client->setScopes(['https://www.googleapis.com/auth/gmail.settings.basic','https://www.googleapis.com/auth/gmail.settings.sharing']);
// *important* -> Probably because delegated domain-wide access.
$client->setSubject("admEmailHere@test.com");
// Initialize Gmail
$gmail = new Google_Service_Gmail($client);
// set signature
$signature = new Google_Service_Gmail_SendAs();
$signature->setSignature("HTML code here.");
// update signature
$response = $gmail->users_settings_sendAs->update("admEmailHere@test.com","admEmailHere@test.com",$signature)->setSignature();
// get signature
$response = $gmail->users_settings_sendAs->get("admEmailHere@test.com","admEmailHere@test.com")->getSignature();
echo json_encode($response);

I commented all code, and I used https://developers.google.com/api-client-library/php/auth/service-accounts to create it.

Atention -> You need to give permission on Gmail, and create server key (with domain-wide access).

Answer 2

I think your access token doesn't contain all scopes you want. First try in API explorer. Check what are the scopes API explorer request from you and then add those scopes to your code(place where you get permission).

https://developers.google.com/apis-explorer

hope this solves your problem

Answer 3

Well, the error 403 or Insufficient Permission is returned when you have not requested the proper or complete scopes you need to access the API that you are trying to use. Here is the list of scopes with description that you can use with Gmail API.

To know the scope that you are using, you can verify it with this:

https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=xxxxxx

Note: You need to include all the scope that you are using and make sure you enable all the API that you use in the Developer Console. This Delegating domain-wide authority to the service account might also help.

For more information, check these related SO questions:

• Gmail API: Insufficient Permission

• How do I get around HttpError 403 Insufficient Permission?