Search code examples
node.jsgoogle-apigoogle-search-consolegoogle-api-nodejs-client

Google Search Console API: How do I Solve "User does not have sufficient permission for site"? (When User Has Permissions)

I'm trying to use Google's Search Console API via their Node package, and my code looks like the following:

const auth = new GoogleAuth({
  scopes: 'https://www.googleapis.com/auth/webmasters.readonly',
});
const webmasters = google.webmasters('v3');
const params = {
  auth,
  siteUrl: 'example.com',
  resource: {
    startDate: '2015-08-25',
    endDate: '2015-08-25',
    dimensions: ['query', 'page'],
    rowLimit: 10,
  },
  aggregationType: 'byPage',
};
const res = await webmasters.searchanalytics.query(params);
console.log(res.data);

... except that in my version example.com has been replaced with my actual domain.

I'm invoking it at the command line with:

GOOGLE_APPLICATION_CREDENTIALS="/path/to/service_key.json" node index.js

I have a service account created, and the service key JSON file is from it. That service account has access to my Search Console account. When I look at https://search.google.com/search-console/users I see the service user there, and in the Permission column it has "Full".

Can anyone help me understand why I'm getting the following error when I run my code?

{
  message: "User does not have sufficient permission for site 'http://example.com'. See also: https://support.google.com/webmasters/answer/2451999.",
  domain: 'global',
  reason: 'forbidden'
}

The URL mentioned, https://support.google.com/webmasters/answer/2451999, simply links me to the search console users page ... which (again) says the service user has full permissions.

Solution

  • After rooting in google forums and rest of internet I have figured out why it happen.

    1. Need to copy Service account email, long weird format(example: whiskey-tango-foxtrot@certain-something-0123456.iam.gserviceaccount.com) from Google Cloud: https://console.cloud.google.com/apis/credentials to Search Console https://search.google.com/u/1/search-console/users, as a "Full site" user.

    2. Make sure you have added that site(as from on Search Console) via your API or with this tool: https://developers.google.com/webmaster-tools/v1/sites/add

    3. Then, when you perform "list_sites" request, your site should be listed ere and permission_level is "siteFullUser"(according to step 1)

    4. When you add_site or perform query API requests, make sure to set siteUrl according to steps above, eg: http://www.example.com/ (for a URL-prefix property) or sc-domain:example.com (for a Domain property) Happy coding