Hello, Yeah, this is tricky...we ran into the same...here's some info from past emails on the matter...
=============== First, we had to get the ACLs setup... ----- The error you're receiving is due to the pull queue configuration rather than the explicit enabling in the developer's console: https://developers.google.com/appengine/docs/java/config/queue#Defining_Pull_Queues Are the identities you're using to interact with the queue via the API interface specified in the queue's ACL configuration? ----- and after we got past that and setup the ACLs, then needed certain scopes to work with OAuth ---- The problem was this doc: https://developers.google.com/appengine/docs/java/taskqueue/rest/about_auth Specifically: Here's the OAuth 2.0 scope information for the Google App Engine Task Queue: ScopeMeaninghttps://www.googleapis.com/auth/taskqueueRead/write access. https://www.googleapis.com/auth/taskqueue.consumerRead-only access. These work OK if you want to create per-user Access/Refresh tokens against your App ID. The thing is, we didn't want to hard code these. We were assuming that, like all the other Google Cloud * APIs we could use our app's Service Account/PK (which is talked about on the OAuth details page the auth page links to for "more info") to talk to this. We tried adding the ACL entries, but using the Service Account without a user gave us the "This looks disabled" error. If we specified a user to talk on behalf of we got an "Invalid Scope" error. Our breakthrough came when we saw this page: https://developers.google.com/appengine/docs/java/taskqueue/rest/taskqueues/get Where it has additional scopes: This request requires authorization with at least one of the following scopes (read more about authentication and authorization< https://developers.google.com/appengine/docs/java/taskqueue/rest/about_auth> ). Scope https://www.googleapis.com/auth/taskqueue https://www.googleapis.com/auth/cloud-taskqueue https://www.googleapis.com/auth/taskqueue.consumer https://www.googleapis.com/auth/cloud-taskqueue.consumer (With the link back to the other page). Turns out the cloud-* scopes work just fine with the cloud service token. However, it was dumb luck we found they existed on this page. They are also not part of the static final Strings on the ComputeScopes class in the packaged client library. Once we hard coded the cloud-* scope strings into our app, everything started working as expected. On Wednesday, June 18, 2014 12:25:28 AM UTC-4, poke wrote: > > Anyone here can use TaskQueue Rest Api . > I can't even in API explorer > > https://developers.google.com/apis-explorer/#p/taskqueue/v1beta2/taskqueue.tasks.list > > 403 Forbidden > > - Show headers - > > { > "error": { > "errors": [ > { > "domain": "global", > "reason": "forbidden", > "message": "you are not allowed to make this api call" > } > ], > "code": 403, > "message": "you are not allowed to make this api call" > } > } > > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
