Search code examples
google-apps-scriptgoogle-cloud-platformhttp-headersuser-agent

What is this ID that you can retreive from a Google App Script UrlFetchApp request?

A pretty straightforward question.

What is UAEmdDd8-EFiXubNCcQqNSsoe9JR3TFSawg ID from User-Agent: Mozilla/5.0 (compatible; Google-Apps-Script; beanserver; +https://script.google.com; id: UAEmdDd8-EFiXubNCcQqNSsoe9JR3TFSawg) that can be gained from a Google App Script UrlFetchApp request?

Background

I want to restrict request from any client other than Google App Script request to my server, and I decided to analyze the request header from Google App Script UrlFetchApp request, to which I get this result (using NGROK).

Host: dbc2-103-154-151-44.ngrok.io
User-Agent: Mozilla/5.0 (compatible; Google-Apps-Script; beanserver; +https://script.google.com; id: UAEmdDd8-EFiXubNCcQqNSsoe9JR3TFSawg)
Accept-Encoding: gzip, deflate, br
X-Forwarded-For: <hidden>
X-Forwarded-Proto: http

I decided to use User-Agent to restrict other requests, but I have questions on whether the ID in question is a unique identifier of the script file or not.

Solution

  • I have investigated User-Agent of UrlFetchApp before. In that case, I understood that it seems that the value of UAEmdD### like UAEmdDd8-EFiXubNCcQqNSsoe9JR3TFSawg is the unique value depending on the Google Apps Script project. For example, it is considered the following situation.

    1. Create a new Google Apps Script project of a standalone type and UrlFetchApp is used, User-Agent is as follows.

       Mozilla/5.0 (compatible; Google-Apps-Script; beanserver; +https://script.google.com; id: {###ID1###})

    2. Create another new Google Apps Script project of a standalone type and UrlFetchApp is used, User-Agent is as follows.

       Mozilla/5.0 (compatible; Google-Apps-Script; beanserver; +https://script.google.com; id: {###ID2###})

    3. Create a new Google Apps Script project of a container-bound script type on Google Spreadsheet, and UrlFetchApp is used, User-Agent is as follows.

       Mozilla/5.0 (compatible; Google-Apps-Script; beanserver; +https://script.google.com; id: {###ID3###})

    Here, it seems that when UrlFetchApp is used in the same Google Apps Script project, the same User-Agent with {###} is always used.

    From this situation, for example, when you want to permit the request from only the specific Google Apps Script project by User-Agent at the server side, please set a value like Mozilla/5.0 (compatible; Google-Apps-Script; beanserver; +https://script.google.com; id: {###ID###}). By this, only the specific Google Apps Script project can access the server.

    On the other hand, when you want to permit the request from the Google Apps Script project by User-Agent, please set a value like Mozilla/5.0 (compatible; Google-Apps-Script; beanserver; +https://script.google.com by removing the ID. By this, only the users using UrlFetchApp can access the server.

    Note:

    • I'm not sure whether this specification is changed in the future update. So, when you confirmed that the restriction of User-Agent was not your expected result after you set it, please confirm the value of User-Agent again.