Search code examples
c#.netlabelvisual-studio-2019gmail-api

Create labels with GMail API in C#

Having spent hours looking for an answer on how to access the Gmail API with the use of a service account and saw that I can't, unless I'm using a GSuite account that it's provided with domain-wide authorization, I came here to ask you if there's a way to actually create labels using the said API and a private account. I'm using Visual Studio 2019 and C#. In the "developers.google.com" there's a tool called "Try this API" and I can create a label using my OAuth 2.0 just fine, and the .NET Quickstart found here also works in listing my labels. But why can't it let me create labels? I have enabled all of the scopes possible for this to work.

This is the error I am getting:

"Google.GoogleApiException: 'Google.Apis.Requests.RequestError Request had insufficient authentication scopes. [403] Errors [ Message[Insufficient Permission] Location[ - ] Reason[insufficientPermissions] Domain[global]" enter image description here

Solution

  • The method Lables.create requires permissions in order to create labels on the users account. The user must have consented to that permission.

    the error message

    Google.Apis.Requests.RequestError Request had insufficient authentication scopes.

    Is telling you that the user has not consented to the proper scope. The user must have consented to one of the following scopes

    enter image description here

    If you followed the quick start then you probably only included GmailService.Scope.GmailReadonly. You will need to change the scope and request authorization of the user again. Note that the tutorial you are following is not for service account authencation but rather for Oauth2 authentication.

    service account

    string ApplicationName = "Gmail API .NET Quickstart";
            const string serviceAccount = "xxxxx-smtp@xxxxx-api.iam.gserviceaccount.com";

            var certificate = new X509Certificate2(@"c:\xxxxx-api-ed4859a67674.p12", "notasecret", X509KeyStorageFlags.Exportable);

            var gsuiteUser = "xxxxx@xxxx.com";

            var serviceAccountCredentialInitializer = new ServiceAccountCredential.Initializer(serviceAccount)
            {
                User = gsuiteUser,
                Scopes = new[] { GmailService.Scope.GmailSend, GmailService.Scope.GmailLabels }

            }.FromCertificate(certificate);

            var credential = new ServiceAccountCredential(serviceAccountCredentialInitializer);
            if (!credential.RequestAccessTokenAsync(CancellationToken.None).Result)
                throw new InvalidOperationException("Access token failed.");

            var service = new GmailService(new BaseClientService.Initializer()
            {
                HttpClientInitializer = credential,
                ApplicationName = ApplicationName,
            });