I am trying to update a signature through the Google email settings api. The domain is an EDU account, the user in question is a super admin. After successfully retrieving an OAuth 2.0 token, i issue this php curl code:
$mydomain = '<mydomain.com>';
$myuser = '<myusername>';
$token = '<mytoken>';
$url = 'https://apps-apis.google.com/a/feeds/emailsettings/2.0/'.$mydomain.'/'.$myuser.'/signature'
$data = '<?xml version="1.0" encoding="utf-8"?>
<atom:entry xmlns:atom="http://www.w3.org/2005/Atom" xmlns:apps="http://schemas.google.com/apps/2006">
<apps:property name="signature" value="blabla" />
</atom:entry>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/atom+xml', 'Authorization: Bearer '.$token));
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec ($ch);
curl_close ($ch);
Which results in:
You are not authorized to access this API. Error 403
Because of other issues mentioned here about the client_id when getting authorized, i have tried the above with both the gserviceaccount.com address and the googleusercontent.com address, with the same results.
What am i doing wrong here?
To answer my own question: after speaking to a Google rep i have learned that the email settings api cannot be used through standard "web app" authorization but needs to be used through a "service account":
https://developers.google.com/identity/protocols/OAuth2ServiceAccount