Gmail API Signature Server Side

I want to change all signatures from my Gmail domain. This domain has many accounts, and I need to change it from server-side.

I’m using php, and I started my project with: php composer.phar require google/apiclient:2.0

I wrote one code, but when I try to update one email (like teste@mydomain.com), I receive:

{ "error": { "errors": [ { "domain": "global", "reason": "insufficientPermissions", "message": "Insufficient Permission" } ], "code": 403, "message": "Insufficient Permission" } }

JavaScript
​x
 
{ "error": { "errors": [ { "domain": "global", "reason": "insufficientPermissions", "message": "Insufficient Permission" } ], "code": 403, "message": "Insufficient Permission" } }​

My code (using API client library) is something like:

<?php

// initialize gmail
function getService() {
    try {
        include_once __DIR__ . '/vendor/autoload.php';

        $client = new Google_Client();

        $credentials_file = __DIR__ . '/credentials/gmailAPI.json';

        // set the location manually. Credential server-side
        $client->setAuthConfig($credentials_file);

        $client->setApplicationName("GmailAPI");
        $client->setScopes(['https://apps-apis.google.com/a/feeds/emailsettings/2.0/']);

        $gmail = new Google_Service_Gmail($client);

        return $gmail;
    } catch (Exception $e) {
        throw new Exception($e->getMessage());
    }
}

function updateSignature(&$gmail) {
    try {
        // Start sendAs
        $signature = new Google_Service_Gmail_SendAs();
        // Configure Signature
        $signature->setSignature("Any HTML text here.");

        // Update account and print answer
        var_dump($gmail->users_settings_sendAs->update("someEmail@myDomain.com.br","someEmail@myDomain.com.br",$signature));
    } catch (Exception $e) {
        throw new Exception($e->getMessage());
    }

}

try {
    $gmail = getService();
    updateSignature($gmail);
} catch (Exception $e) {
    echo $e->getMessage();
}

?>

JavaScript
 
<?php​// initialize gmailfunction getService() {    try {        include_once __DIR__ . '/vendor/autoload.php';​        $client = new Google_Client();​        $credentials_file = __DIR__ . '/credentials/gmailAPI.json';​        // set the location manually. Credential server-side        $client->setAuthConfig($credentials_file);​        $client->setApplicationName("GmailAPI");        $client->setScopes(['https://apps-apis.google.com/a/feeds/emailsettings/2.0/']);​        $gmail = new Google_Service_Gmail($client);​        return $gmail;    } catch (Exception $e) {        throw new Exception($e->getMessage());    }}​function updateSignature(&$gmail) {    try {        // Start sendAs        $signature = new Google_Service_Gmail_SendAs();        // Configure Signature        $signature->setSignature("Any HTML text here.");​        // Update account and print answer        var_dump($gmail->users_settings_sendAs->update("someEmail@myDomain.com.br","someEmail@myDomain.com.br",$signature));    } catch (Exception $e) {        throw new Exception($e->getMessage());    }​}​try {    $gmail = getService();    updateSignature($gmail);} catch (Exception $e) {    echo $e->getMessage();}​?>​

My credential file (gmailAPI.json) is one service account key, and I’m using Google for Work.

I created this credential using one administrator account from this domain.

My credential file is:

{
  "type": "service_account",
  "project_id": "myProjectId",
  "private_key_id": "myPrivateKeyid",
  "private_key": "myPrivateKey",
  "client_email": "gmailapi@projectid.iam.gserviceaccount.com",
  "client_id": "myId",
  "auth_uri": "url",
  "token_uri": "url",
  "auth_provider_x509_cert_url": "url",
  "client_x509_cert_url": "url"
}

JavaScript
 
{  "type": "service_account",  "project_id": "myProjectId",  "private_key_id": "myPrivateKeyid",  "private_key": "myPrivateKey",  "client_email": "gmailapi@projectid.iam.gserviceaccount.com",  "client_id": "myId",  "auth_uri": "url",  "token_uri": "url",  "auth_provider_x509_cert_url": "url",  "client_x509_cert_url": "url"}​

Edit 1

I changed the scopes as instructed, and now my scopes are:

$client->setScopes([‘https://www.googleapis.com/auth/gmail.settings.basic‘,’https://www.googleapis.com/auth/gmail.settings.sharing‘]);

I also added permision on Google (/AdminHome?chromeless=1#OGX:ManageOauthClients) to my service account key.

I tried API explorer and it works. When i changed the scopes, the error changed to:

{ “error”: { “errors”: [ { “domain”: “global”, “reason”: “failedPrecondition”, “message”: “Bad Request” } ], “code”: 400, “message”: “Bad Request” } }

I’m using this command:

var_dump($gmail->users_settings_sendAs->update(“someEmail@myDomain.com.br”,”someEmail@myDomain.com.br”,$signature));

I tried also

var_dump($gmail->users_settings_sendAs->get(“someEmail@myDomain.com.br”,”someEmail@myDomain.com.br”));

But I received same error.

Answer

Thank You everyone.

I tried a lot of codes, and finally found one that works.

include_once __DIR__ . '/vendor/autoload.php';
// credential file (service account)
$credentials_file = __DIR__ . '/credentials/gmailAPI.json';
putenv('GOOGLE_APPLICATION_CREDENTIALS='.$credentials_file);
// Initialize Google Client
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
// scopes to change signature
$client->setScopes(['https://www.googleapis.com/auth/gmail.settings.basic','https://www.googleapis.com/auth/gmail.settings.sharing']);
// *important* -> Probably because delegated domain-wide access.
$client->setSubject("admEmailHere@test.com");
// Initialize Gmail
$gmail = new Google_Service_Gmail($client);
// set signature
$signature = new Google_Service_Gmail_SendAs();
$signature->setSignature("HTML code here.");
// update signature
$response = $gmail->users_settings_sendAs->update("admEmailHere@test.com","admEmailHere@test.com",$signature)->setSignature();
// get signature
$response = $gmail->users_settings_sendAs->get("admEmailHere@test.com","admEmailHere@test.com")->getSignature();
echo json_encode($response);

JavaScript
 
include_once __DIR__ . '/vendor/autoload.php';// credential file (service account)$credentials_file = __DIR__ . '/credentials/gmailAPI.json';putenv('GOOGLE_APPLICATION_CREDENTIALS='.$credentials_file);// Initialize Google Client$client = new Google_Client();$client->useApplicationDefaultCredentials();// scopes to change signature$client->setScopes(['https://www.googleapis.com/auth/gmail.settings.basic','https://www.googleapis.com/auth/gmail.settings.sharing']);// *important* -> Probably because delegated domain-wide access.$client->setSubject("admEmailHere@test.com");// Initialize Gmail$gmail = new Google_Service_Gmail($client);// set signature$signature = new Google_Service_Gmail_SendAs();$signature->setSignature("HTML code here.");// update signature$response = $gmail->users_settings_sendAs->update("admEmailHere@test.com","admEmailHere@test.com",$signature)->setSignature();// get signature$response = $gmail->users_settings_sendAs->get("admEmailHere@test.com","admEmailHere@test.com")->getSignature();echo json_encode($response);​

I commented all code, and I used https://developers.google.com/api-client-library/php/auth/service-accounts to create it.

Atention -> You need to give permission on Gmail, and create server key (with domain-wide access).

Advertisement

Answer