How do I get around HttpError 403 Insufficient Permission? (gmail api, python)

Question

I keep getting the following error when I execute my code:

An error occurred: 

        

Answer 1

Even though the accepted answer is 100% correct. I think it's worth pointing out that why that's the case.

When you authorize a gmail service client, you can specify several different scopes: All, compose, labels, etc...

These are all listed here: https://developers.google.com/gmail/api/auth/scopes

The scope mentioned in the answer provides complete gmail access.

Answer 2

If you run the official "gmail-python-quickstart" before, please delete the file "gmail-quickstart.json" in your system. Rerun your program again so that you can set the priviledge as you want.

Answer 3

Gmail API has these scopes:

For sending emails, https://www.googleapis.com/auth/gmail.send is needed or full access https://mail.google.com/.

The scopes taken from here.

Answer 4

If you used google's official example, there should be a folder in ~/.credentials/ directory which is old, remove everything inside that directory and re-run your code. then you have to add new permissions and then everything is OK!

Answer 5

In Addition to the answers from:

1. ccy
2. apadana
3. ragnampiza

and as a furtherance of ccy's answer...

---

Solution 1...

... a hack fix

If you're using the original gmail-python-quickstart code, make sure to also update the following:

1. CLIENT_SECRET_FILE = '/path/to/your/secret_client.json'
2. Force get_credentials() to use the failed credentials logic path...

if True:
    flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
    flow.user_agent = APPLICATION_NAME
    if flags:
        credentials = tools.run_flow(flow, store, flags)
    else: # Needed only for compatibility with Python 2.6
        credentials = tools.run(flow, store)
    print('Storing credentials to ' + credential_path)

to force True so that the logic operation will definitely work the client.flow operations:

if True:
    flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
    flow.user_agent = APPLICATION_NAME
    if flags:
        credentials = tools.run_flow(flow, store, flags)
    else: # Needed only for compatibility with Python 2.6
        credentials = tools.run(flow, store)
    print('Storing credentials to ' + credential_path)

This is a hacky fix, but will get you up and going in short time.

The Problem...

• The problem with this approach is that it forces the flow code, which opens up the authentication window browser and requires that the end user accept the security protocol before sending the email.
• This obviously breaks the concept of automated email generation and sending.

---

Solution 2...

...a stable, more automated solution

I found that doing the following works:

1. Copy the downloaded the secret-client-####.html.json file to the directory defined in the first block of code from the get_credentials() method. Basically, copy it to your user/.credentials directory
2. Delete the current gmail-python-quickstart.json
3. Rename your downloaded file to gmail-python-quickstart.json

Run your code, and then it should work fine.

Benefits...

• The authentication page does not show up
• The email is sent automatically

Answer 6

Solved it by changing the SCOPES line to:

SCOPES = 'https://mail.google.com/'

Email sending works perfectly