85

I have a Google dev console process with Google Play Developer API is enabled and the project is linked to Google Play project. In Google Dev console project, created OAuth Client ID (web application) (I'm an owner of the project). Using "client_id" and "client_secret" to authenticate. Tried to using google-api-client in Python, Google Developer API Playground to send request to list reviews of our apps but got error: "The current user has insufficient permissions to perform the requested operation." Details as below: Request:

GET /androidpublisher/v2/applications/<package_name>/reviews

Response:

"error": {
    "code": 401, 
    "message": "The current user has insufficient permissions to perform the requested operation.", 
    "errors": [
      {
        "domain": "androidpublisher", 
        "message": "The current user has insufficient permissions to perform the requested operation.", 
        "reason": "permissionDenied"
      }
    ]
  }
}

Did I miss anything?

Nguyen Hoang
  • 851
  • 1
  • 6
  • 4

13 Answers13

212

There is one important thing about receipt validation using Google Play Android Developer API:

If you added your in-app product BEFORE granting permission or linking to your service account, you must open "In-app products" and change something. You can for example edit the description of your product and save it. You should instantly get the permission then.

Wojciech Kulik
  • 7,823
  • 6
  • 41
  • 67
  • 34
    This is the key. Damn you, Google. Any Google developer API experience has been trash but this takes the cake. – Mavamaarten Jul 27 '20 at 10:21
  • 2
    This works for me. For addition, make some changes in **Grow -> Store presence -> Main store listing** or **Monetize -> products -> In-app products/Subscriptions** also take effect. – Wyn He Nov 10 '20 at 11:02
  • 1
    Editing the description didn't work for me, creating and activating a new product did though (even for validating receipts for the old product). – Aulig Jan 29 '22 at 14:51
  • 5
    This solution still valid to July-2022, lol :)) – SLyHuy Jul 14 '22 at 07:34
  • 1
    yea, it worked..... I simply edit the available country and region, untoggle, save then toggle and save one country and then it worked instantly....wtf google – Pencilcheck Aug 04 '22 at 02:51
  • Worked for me too, just update details and plan country/Region. – Abhishek Jain Aug 09 '22 at 04:57
  • thank you very much for the solution, I would have probably spent hours or days trying to figure this out – pAkY88 Aug 12 '22 at 13:16
  • Editing the description doesn't work. Disabling and enabling an IAP does work. – Robin Dijkhof Oct 08 '22 at 21:28
  • I can not believe it but It works – elgsylvain85 Nov 07 '22 at 21:45
  • I can not believe it but It works 2 – Skywalker Dec 24 '22 at 03:50
  • I can not believe it, because I'm pretty sure I ran across this post a year ago and forgot this happens, but it works 3. – Bennett Keller Jan 16 '23 at 14:58
  • 4
    This indeed actually works still in 2023, kudos to you. – idish Jan 27 '23 at 22:43
  • 1
    It works in Mar 7, 2023!. got the permission by editing the name of an In-app product. Please not that editing the description didn't worked for me. – resuser Mar 07 '23 at 10:53
  • Changing description did not work but changing the price and then reverting back worked. – kerry Mar 18 '23 at 02:30
  • Note also when you update the Service Account's permission, the product needs to be "updated" again. Changing the "Benefits" in the subscription product worked for me. – ken Mar 28 '23 at 10:17
  • This actually worked, google needs to fix this or add some note about it because without this answer I could never solve it – karrar kazuya May 09 '23 at 11:12
  • THANK YOU! Stack Overflows is still better than ChatGPT for the really stupid things. :) – Johan Nordberg Jun 20 '23 at 07:14
  • Someone give this man a hug! – Ally Jr Jul 22 '23 at 19:38
  • No F-ing way! We've struggled with this for 14 days, manually validating people because the receipt validation didn't work after repeatedly setting it up from scratch (company reorganization and new account). Changed one letter in an in-app purchase description, and voila. Dear God, this is amateur on Google's part. – Per Aug 13 '23 at 09:19
  • 1
    Thank God for StackOverflow. I think probably 500 developer hours have been saved by this question and answer. Good work @Wojciech Kulik we all owe you! – user3413723 Aug 23 '23 at 23:10
  • 1
    @user3413723 I'm glad I was able to help you all with this dumb behavior :). I can't believe that my answer is still valid after over 3 years. I guess Google is too busy collecting user data to fix anything – Wojciech Kulik Aug 23 '23 at 23:21
78

I looked everywhere on the internet and found somewhere that you might need to wait for at least 24 hours.

Ensure you have done everything correctly as below.

  1. Go to https://console.cloud.google.com
  2. Create a project (or select existing project)
  3. Create a service account with role Pub/Sub Admin
  4. Go to https://console.cloud.google.com/apis/library and search for "Google Play Android Developer API"
  5. Enable that API
  6. Go to https://play.google.com/apps/publish
  7. Go to Settings > Developer account > API Access
  8. Link the project that you created in step 2
  9. The service account will appear that you created in step 3
  10. Grant access to it with Finance permission to the app in play console
  11. Very important: Wait for at least 24 hours for changes to take effect.
bikram
  • 7,127
  • 2
  • 51
  • 63
  • "Create a service account with role Pub/Sub Admi" I don't see how to add that role? Is this still valid? I already created the service account and I am getting the error mentioned here. – salyela Jun 13 '19 at 18:52
  • @salyela When you create a service account, after clicking next you will need to choose the role to service account (this is optional but need to add to make it work). See this https://ibb.co/5RysC1B – bikram Aug 22 '19 at 04:43
  • @Bikram Hi, Is 'Finance Permission' enough for get subscription data? (or) Need to give full permission? – DhineshYes Feb 01 '20 at 07:10
  • @DhineshYes That would be enough I guess. – bikram Feb 01 '20 at 13:14
  • This is gold! Thank you, worked like a charm. Otherwise I guess we would have to wait for 24hs – Burak Karakuş Oct 16 '21 at 19:56
  • You don't have to wait for 24 hours though. For me, it worked as soon as l made the changes – CanCoder Jun 10 '22 at 14:36
  • Instead of "11. Very important: Wait for at least 24 hours for changes to take effect." you can create new subscription, then it will work imediately. – Maxim Aug 16 '23 at 04:35
36

If you followed all what @Bikram listed and you still facing the same error. Do this, create 'Managed product' temporary and then delete them. This way, sure you don't have to wait 24 hours.

It works for me.

ihsanberahim
  • 1,051
  • 12
  • 14
  • 5
    This just literally saved me! I wish I could award this answer a bounty! – Mike Sherov Feb 29 '20 at 20:39
  • OMG. I did not believe this would work, but it did. Thank you so much! – Christian Heine Sep 24 '20 at 04:58
  • Thank you! This works now on December 18, 2020. – unemployer Dec 18 '20 at 01:19
  • That made the trick for me as well, thanks! :) – rgommezz Mar 18 '21 at 19:57
  • I have tried all the above answers, now I'm trying your answer can you please help me with that. I have subscription plans so I'm adding new subscription plan from Monetize>Products>Subscriptions .but I'm not able to delete the subscription plans. Am i doing something wrong? My account has admin access but I'm not an owner. – Subham kuswa May 28 '21 at 06:55
  • 1
    Changing something in "Main store listing", such as your app title or description for the Play Store, also updates the permissions instantly rather than having to wait 24hrs+. – nating Jan 26 '22 at 16:31
  • Changing app description updated permissions instantly. – abyesilyurt Apr 16 '22 at 08:59
22

I faced a similar issue, the problem is in the settings we do in google developer project.

Refer to create-play-service-credentials for settings. Use the same primary account with which you created your in-app products.

Make sure you remove the previous one.

Link to a Google Developer Project Your Play Developer account needs to be linked to a Google Developer Project.

1a. Open the Settings > Developer account menus and select API access

API-access

1b. Select Link to connect your Play account to a Google Developer Project

choose-project-link

1c. Agree to the terms and conditions

agree-terms-conditions

2. Create Service Account Next we need to create a service account. This is done from the Google API Console.

2a. Select Create Service Account

create-service-account

2b. Create Service account key credentials

service-account

2c. Enter details for service account

enter-service-account-details

2d. Download your JSON credential: json-credentials

3. Grant Access

3a. In Play Console, select Grant Access on the newly created service account

grant-access

3b. Grant the following permissions:

apply-permissions

After granting access, Google takes 24-48 hours to propagate all access rights for all API's, till that time you'll continue to get the same error.

Ankit Jindal
  • 3,672
  • 3
  • 25
  • 37
  • Do we first need to select add app to grant permission or not ? Here in 3b steps it is asking to Me to invite user on my service account email ? do we need to do that or we need to enter any valid gmail account email because when i go to grant access it shows me invite user ? Any help will be appreciated as stuck on this.. – Jay Rathod Dec 11 '20 at 12:31
  • For granting permissions to user you need to add the email and then set role as Editor, Admin etc. For grant permissions to app, you need to add that app first. – Ankit Jindal Dec 12 '20 at 05:57
  • But while i am granting permission it is taking email as service account id as last screen shot 3a in your answer so we should give it permission to that right ? – Jay Rathod Dec 14 '20 at 06:35
  • 1
    Thanks for taking the effort to add screenshots. Google's systems are so ass backward and broken it is hard to know exactly which screen(s) you should be on otherwise. – Meekohi Apr 16 '21 at 17:28
  • Yea, I have to spend like few days just to figure out this mess. We generally some generic errors with which sometimes it is difficult to find what could be wrong. – Ankit Jindal May 29 '21 at 14:18
  • 2
    Adding the Financial permission to the service account did the trick (3b. Grant the following permissions)! Thank you very much! – RodneyRd Aug 31 '22 at 20:53
17

After adding a new user in the Google Play Console, Google needs up to 24 hours to propagate all access rights for all apis.

I ran into the same issue, when I've tried to using the oauth2 flow to access the Inapp purchases status api. It's not official documented, but this github comment helped me to figure this out.

gridsquare
  • 183
  • 1
  • 6
  • 1
    I'd been suffered hard for a whole day before I found this answer. THANKS a lot! This answer should be accepted as a right one! – ttmask Apr 29 '19 at 09:52
7

Wait up to 24h OR create/edit any In-App product to force permission update,it takes 1-2 minutes to update and no need to wait 24h.

Enakhi
  • 1,143
  • 10
  • 16
4

For someone who is facing this exact issue then the simple answer is to check the permissions to the service account which is linked in the Google Developer Console.

1.Open the Settings > Developer account menus and select API access 2.Choose the service account and check the permissions- REMEMBER FINANCE PERMISSION IS MUST FOR THIS ACTION

enter image description here

And after giving the permission update your subscription/package and make a new purchase then try again.

Happy Coding!

Shivam Yadav
  • 958
  • 11
  • 23
3

For my scenario:

If you are using service account to verify purchase via Google Play Developer API. Ensure you also click the View app information and download bulk reports (read only) permission besides the Financial data permissions.

enter image description here

After edited the permissions, update the in-app products and subscription (eg. change the descriptions).

Then wait for around 30 mins, the permission error gone.

JT501
  • 1,407
  • 15
  • 12
2

I used service key and created it in Google APIs Credentials Cloud Platform, and I had the same issue until I added my created service key to Google Developer Console with all access.

I understood that you already created credentials in Google Developer Console, but maybe my experience will help someone else

panser
  • 1,949
  • 22
  • 16
  • 4
    I finally found that my email using for authentication need to be also granted permission on the Google play store project to use the API(s). – Nguyen Hoang Dec 09 '17 at 05:25
0

For me the reason i had this issue because I did not check the permission to Release to production, exclude devices and use app signing by Google Play in Google Playstore console for the service account I created to manage app creation and management.

So check Users and Permission in the Google Play store console and check if the appropriate permission is checked.

Dharman
  • 30,962
  • 25
  • 85
  • 135
CanCoder
  • 1,073
  • 14
  • 20
0

It will automatically be fixed after 24 hrs, don't waster your time and energy with hacks, just wait and watch.

Shoaib Ahmed
  • 747
  • 12
  • 28
0

Unfortunately for me, I didn't find the answer anywhere. The error still appeared. My problem got resolved when I changed the scope to: https://www.googleapis.com/auth/androidpublisher. This gives the correct OAuth credentials. After changing the scope, I started using the "purchases.subscriptionsv2.get" method (url: https://androidpublisher.googleapis.com/androidpublisher/v3/applications/{packageName}/purchases/subscriptionsv2/tokens/{token}?access_token=your_access_token) instead of purchases.subscriptions.get (url:https://androidpublisher.googleapis.com/androidpublisher/v3/applications/{packageName}/purchases/subscriptions/{subscriptionId}/tokens/{token}?access_token=your_access_token) . It was somehow screwed up and now everything works! I hope I helped to someone

Snuiper228
  • 21
  • 4
0

For those who are still trying to find exactly where the permissions have to be set, once you already configured all the other things, you can reach that section following these steps:

  1. log to https://play.google.com/console
  2. click on "Users and permissions", then click on the email address that corresponds to the service account (or click on "Manage" to the right of it)
  3. click on tab "Account permissions".

As explained from previous comments, you only need to check "View app information and download bulk reports (read only)" and "View financial data, orders and cancellation survery responses", even if that makes no sense at all. Then wait for some hours, because not always the permissions get refreshed, even after following all the other suggestions. In my case, I waited overnight.

Kelton Temby
  • 825
  • 10
  • 20
BitQuestions
  • 651
  • 7
  • 14