![]() That’s handled in the first several methods of the driveAPI.js we are constructing to handle all of our interactions with the API. We can start from a modified version of the Node.js quickstart sample, adjusted to use our new service account instead of client OAuth. Now that we’re in, we’re ready to start tinkering with what the Drive API is capable of. For the sake of brevity, let’s fast-forward to immediately after a successful authentication of a service account. That process is well documented in Google’s developer resources, and in addition it’s described in step-by-step detail in the companion repo of this article on GitHub. Perfect! Creating a service accountĪ service account can be created (for free) from the Google Cloud Platform Console. Now the service account can see only the files or folders we’ve explicitly shared with it, and that access can be modified or revoked at any time. When we go to display a doc or sheet on the website, we simply hit the “Share” button and paste in that email address. The big win here is that we make files available to this dummy service account just like any other user - by sharing the file with the service account’s email address, which looks something like this: However, it behaves like a first-class Google account it has its own email address, its own tokens for authentication, and its own permissions. ![]() Think of a service account like a dummy Google account used exclusively by APIs and bots. Instead, we can make use of a slightly less common authentication method: a Google service account. This is potentially alarming for a user, and more to the point, it is a potential security weakness on any central developer/admin Google account that manages the website content anything they can access is exposed through the site’s CMS back end, including their own documents and anything shared with them. That’s exactly what it says on the consent screen. ![]() See and download all your Google Drive files. Plus, it’s a bit tricky to provide access to only particular files or folders. The most common is OAuth, which prompts the user with a Google-branded screen saying, “ wants to access your Google Drive” and waits for user consent - not exactly what we need here, since we’d like to access files in a single central drive, rather than the user’s drive. Google supports several methods of doing this. That’s a requirement to use the Drive API even if the files in question are publicly shared (with “link sharing” turned on). The first step is to establish a connection to Google Drive’s API, and for that, we will need to do some kind of authentication. Just a few things you may want to check out as we get started: Of course we can! Here’s how we did it where I work. ![]() Could we utilize Google Drive’s API to import a Google Doc directly into a site as raw HTML, with a simple REST request? Many of the places where I have worked use Google Drive to organize and share files, and that includes things like blog and landing page content drafts. What if we could pull content from where it already is? That’s what we’re getting at here. The bloat of all this setup may end up cramping your tech in a way which is counterproductive to the actual purpose of the website. Custom or third-party plugins may need to be to vetted, installed, and configured for unique use cases - and each of these is yet another source of complexity, friction, technical debt, and risk. It requires creating templates, a format with its own syntax and idiosyncrasies. But this comes with its own set up of disadvantages: it’s a new platform for your team to juggle, a new interface to learn, and a new vector for potential attackers. That’s what a good content management system is for, right? Maybe something like WordPress. So what happens when a new non-technical partner needs to gain edit access? This could be a designer, a product manager, a marketing person, a company executive, or even an end customer. But… why?Īt some point in the development of a website, a crossroads is reached: how is content managed when the person managing it isn’t technically savvy? If the content is managed by developers indefinitely, pure HTML and CSS will suffice - but this prevents wider team collaboration besides, no developer wants to be on the hook for content updates in perpetuity. A ready-to-use npm package, Git repo, and Docker image are provided throughout the article. We’ll examine the step-by-step implementation, as well as how to utilize server-side caching to avoid the major pitfalls to avoid such as API usage limits and image hotlinking. We’re going to walk through the technical process of hooking into Google Drive’s API to source content on a website.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |