My Business
4.9K members online now
4.9K members online now
For developers who are using the Google My Business API to manage locations
Guide Me
star_border
Reply

rights over a location based on an access token

[ Edited ]
Follower ✭ ✭ ☆
# 1
Follower ✭ ✭ ☆

Hi,

 

We're implementing the following flow for authentication:

  • user authenticates our app on Google, we request for the mybusiness scope
  • we request all the locations managed by the user under their accounts
  • the user selects one location to use
  • we make edits to this location

Now, the authentication is not useful for us unless the user has "write" permissions to this location on GMB. Is there a way to verify if a write to a particular location ID with an access token will succeed? In other words, is it possible to fetch the location specific permission of the acting user? (the acting user being the bearer of the access token).

We understand that one can fetch the list of admins to a location, but that means asking the user to select one of the admins indicating which one he is, and that is ofcourse not fool proof.

 

 

 

1 Expert replyverified_user

Re: rights over a location based on an access token

Google Employee
# 2
Google Employee

Hi @Ashesh A,

 

When you request user consent with scope for the Google My Business API to obtain an OAuth 2.0 access token for making authorized requests via the API, you are granting permission for your application to “View and manage your business listing on Google” for a particular Google Account. This process grants read/write access to all available locations within the Google Account with different permission levels depending on the admin role of that particular Google Account user for your application to work with the OAuth 2.0 credentials. Please note that you have to be added as the owner or manager of an existing listing for you to make edits to that business listing even if you have the locationId of that particular location.

 

You will generally get a 403 Forbidden error with the message "Insufficient access (no AdminRole permissions) to perform this action." if you try to send a request to modify a location but you lack the permission to do so.

 

When you send a GET request to list admins for an account or location, you will get back a list of Admin objects with their respective name fields.

 

For account admins, the name field is in the form:

accounts/{account_id}/admins/{admin_id}

 

For location admins, the name field is in the form:

accounts/{account_id}/locations/{location_id}/admins/{admin_id}

 

The admin_id numeric string is exactly the account_name of a personal account for a particular Google Account user. If you compare the admin_id with the account_name of your personal account (which you can get by sending a GET request to list all accounts), you should be able to figure out the permission levels of your authenticated Google Account by checking the role field of the Admin object with admin_id that matches the account_name of your personal account.

 

For an intuitive example, I’m providing the following code snippet for listing all admins for the specified location and specifying your account role with the Java client library:

 private static String getPersonalAccountName(List<Account> accounts) {

   for (Account account : accounts) {

     if (account.getType().equalsIgnoreCase("PERSONAL")) {

       return account.getName().substring(account.getName().lastIndexOf('/') + 1);

     }

   }

   throw new RuntimeException("All users should have an associated PERSONAL account");

 }

 

// Prints all admins for the specified location and specifies your account role

 public static void printLocationAdmins(

     String locationResourceName, List<Admin> admins, List<Account> accounts) throws IOException {

   if (admins != null) {

     String personalAccountName = getPersonalAccountName(accounts);

 

     View.header2("List Location Admins");

     for (Admin admin : admins) {

       System.out.println(admin.toPrettyString());

       if ((admin

           .getName()

           .substring(admin.getName().lastIndexOf('/') + 1)

           .equals(personalAccountName))) {

         System.out.printf(

             "The above is your account and your AdminRole is '%s' for this location.\n",

             admin.getRole());

       }

     }

   } else {

     System.out.printf("Location '%s' has no admins.", locationResourceName);

   }

 }

 

I hope this answers your questions. Please let me know if you have any concerns.

 

For more information about the permission levels for owners and managers of business accounts, please check out this article in the Google My Business Help Center.

 

For more information about the permission levels for owners and managers of listings, please check out this article in the Google My Business Help Center.

 

Thanks,

Terry