1

I have been trying to use the API to retrieve my activities but I'm receiving the following JSON error.

{
    "error": {
        "code": 403,
        "message": "The request is not properly authorized.",
        "errors": [
            {
                "message": "The request is not properly authorized.",
                "domain": "youtube.activity",
                "reason": "forbidden"
            }
        ]
    }
}

, although I use https://www.googleapis.com/youtube/v3/activities?mine=true&key={my_api_key}&part=contentDetails and I use OAuth2 client to get an access token which I use on calling the API.

I tried to use the samples but I'm receiving the same error. error ocurring on using the sample

Is this a bug or I'm doing something wrong?

More details I use the given link in postman with the GET method and I put a valid access token in the token field with TYPE=OAuth2 and Prefix=Bearer

asmmo
  • 6,922
  • 1
  • 11
  • 25

1 Answers1

1

According to the official specification of the Activities.list API endpoint, for to be able to use its mine request parameter, you have to issue the call to the endpoint while passing to it proper credentials:

mine (boolean)
This parameter can only be used in a properly authorized request. Set this parameter's value to true to retrieve a feed of the authenticated user's activities.

Therefore, using an API key is not sufficient (neither is required when issuing a properly authorized request).

Do note that the JSON error response obtained from the API agrees entirely with the specification quoted above.

According to the official (programming language agnostic) procedure, for to obtain a valid fresh access token from the API, issue a simple curl instance as follows:

$ curl \
--data 'grant_type=refresh_token' \
--data-urlencode "client_id=$CLIENT_ID" \
--data-urlencode "client_secret=$CLIENT_SECRET" \
--data-urlencode "refresh_token=$REFRESH_TOKEN" \
https://oauth2.googleapis.com/token

Above, $CLIENT_ID and $CLIENT_SECRET are the values of the corresponding properties of your client secrets JSON file you've got from Google's developers console. The $REFRESH_TOKEN is your (long-lived) refresh token you've obtained upon running a successful OAuth2 authentication/authorization flow.

The output obtained from curl when successful would look like:

{
  "access_token": "...",
  "expires_in": 3599,
  "scope": "...",
  "token_type": "Bearer"
}

A call to the Activities.list endpoint as yours above using curl is immediate:

$ curl \
--header "Authorization: Bearer $ACCESS_TOKEN" \
'https://www.googleapis.com/youtube/v3/activities?mine=true&part=contentDetails&maxResults=25'

The parameter $ACCESS_TOKEN above is your freshly obtained valid access token; the output of curl would look like:

{
  "kind": "youtube#activityListResponse",
  "etag": "...",
  "items": [
    {
      "kind": "youtube#activity",
      "etag": "...",
      "id": "...",
      "contentDetails": {
        ...
      }
    },
    ...
  ],
  "pageInfo": {
    "totalResults": ...,
    "resultsPerPage": 25
  }
}

For to run the above curl commands on a Windows machine under CMD.exe -- assuming that you've substitued the $-variables yourself manually --, do replace the backslash character at the end of each line above with the caret character, ^. The percent character % should be doubled, i.e. should be replaced with %%, and the single quote characters ' should be replaced with double-quote characters ".

stvar
  • 6,551
  • 2
  • 13
  • 28
  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackoverflow.com/rooms/226522/discussion-on-answer-by-stvar-calling-activitieslist-fails-on-using-parameter). – Samuel Liew Dec 28 '20 at 15:53
  • @stvar plz, see https://stackoverflow.com/questions/65519158/youtube-data-api-quota-on-using-the-same-google-client-on-different-devices – asmmo Dec 31 '20 at 09:58