Is it correct that Google Drive API requires a restricted scope to access a publicly-visible file?

Question

I observe Google API service account getting a 404 when it tries to read a file (i.e. call the files.get method https://developers.google.com/drive/api/reference/rest/v3/files/get )

This happens even though the file's sharing is set to "Anyone with the link can view",

This happens if using only non-restricted scopes i.e. drive.file rather than the restricted-level drive.readonly.

Recent tightening of certification requirements mean that using drive.readonly now requires a security assessment at CASA Level 3, which is enterprise level.

It does just seem a bit odd that it should be so difficult to allow an app to read a file that a user has made publicly available? I can't find anywhere this is stated clearly, so I'm wondering if I have misunderstood something.

Answer 1

This happens even though the file's sharing is set to "Anyone with the link can view",

If you go to the google drive web application and share a file with someone and grab the link. This link allows them to view the file in the google drive web app it has nothing to do with the underlaying permissions of the file itself. The service account will not be able to use this.

Recent tightening of certification requirements mean that using drive.readonly now requires a security assessment at CASA Level 3, which is enterprise level.

service accounts dont require verification as they dont have a consent screen.

It does just seem a bit odd that it should be so difficult to allow an app to read a file that a user has made publicly available?

If the file is public this is something different the file will need to be set to public. Then you will need to grab the file id from the url bar and the service account will be able to read it.

This sets a file public:

For the api you need the file id to access it. You can get that from the URL bar.

https://docs.google.com/document/d/[THIS IS THE FILE ID]/edit#heading=h.in4bminrdc6r