Google Cloud Platform API call steps

Dear Genesys Enthusiast,
I'm trying to use Google cloud platform API in Architect.

  1. I've created a Google Data action integration
    2.I'm stuck at the step of generating Auth token, as in Genesys Data Action has single url to call and generate a token. In this Google API we've given 2 URI's as auth and token uri.

I appreciate your effort in this request. Thank you

The following has been shared from API Team to generate a token:
private_key_id
private_key
client_email
client_id
auth_uri
token_uri
auth_provider_x509_cert_url
client_x509_cert_url

Hi Viswanathan_Cinnaiah,

Can you provide a link to the documentation for the Google API that you are attempting to use? We support 2 specific types of Google API authentication, so we may or may not currently have support for the API you are trying to use.

--Jason

Thank you for your quick response Jason. Please let me know if this API is supported or if we've in roadmap currently.

Here is the info related to the API. *For our API’s, authentication is done using an OIDC token obtained by using service account credentials. The below link is Google’s documentation on programmatic authentication using OpenID Connect (OIDC). *

Programmatic authentication  |  Identity-Aware Proxy  |  Google Cloud

Access tokens periodically expire and become invalid credentials for a related API request. You can refresh an access token without prompting the user for permission (including when the user is not present) if you requested offline access to the scopes associated with the token.

OpenID Connect | Google Identity | Google Developers

Thank you Again :slight_smile:

Thank you for the additional information. I put up a ticket on our board to dig into this question, however due to staffing this week I doubt that we will have a response to you until next week.

--Jason

Hi Viswanathan_Cinnaiah,

I don't see in this thread the Google API you are trying to use.

I see you providing links to authentication, but we handle that via a service account authentication. Setting that up is described in using the docs for our Cloud Functions example - Setup for Google Cloud Functions - Genesys Cloud Resource Center

Unless you are using a new API that does not support the service account authentication, this should work for any google cloud API.

Thank you for responding Greg. I've created integration.

The problem here is with the Authentication/getting token & refresh token. This can be done easily by coding(ex java/.Net). We have use Auth URI and Token URI. We also need to get refresh token after 24 hours. In the Genesys custom action, we've place for single URI.

I don't think this can be done in Genesys custom action currently. Please take a look and let me know. I appreciate your help.

When using a Google Cloud integration with Google credentials, we re-authenticate whenever we token expires.

We are getting the following error. Please take a look.
{
"message": "Substitution values invalid in action config. Variable $credentials has not been set at HeadersTemplate:Authorization[line 1, column 48] A common reason for this error is needing to prepend the variable with 'input.' or 'credentials.'",
"code": "invalid.substitution",
"status": 400,
"messageParams": {},
"contextId": "3cf0a361-bfc3-405a-8c8b-504b482fad8b",
"details": [
{
"errorCode": "ACTION.PROCESSING"
}
],
"errors": []
}

Here the request JSON:
{
"requestUrlTemplate": "https://**********/token",
"requestType": "POST",
"headers": {
"Cache-Control": "no-cache",
"Authorization": "Basic encoding.base64("{credentials.client_id}:${credentials.client_email}:${credentials.private_key_id}:${credentials.private_key}")",
"Content-Type": "application/x-www-form-urlencoded"
},
"requestTemplate": "grant_type=refresh_token"
}

What you are trying to do is not supported. We do the authentication using the credential information if using Google Cloud or GSuite. The action type is intended for use accessing GSuite APIs and not for doing your own authentication.

I've also tried action created for the endpoint. But getting the following error message.

Message: Request to backend service failed. Response from web service: Invalid IAP credentials: Unable to parse JWT.

There is Genesys guide for Genesys Cloud action. Could you please check on this.

Please send the following for us to look at.

  1. Full config of action showing the endpoint.
  2. Type of integration and authentication type configured.
  3. Output from test showing the complete error and correlation id.
  4. Region you are using.

Here is the request info.

  1. {
    "requestUrlTemplate": "https://test2-patient-context-dot-hcs-phffmt-apis-npe-30b0.uc.r.appspot.com/api/v1",
    "requestType": "PUT",
    "headers": {},
    "requestTemplate": "{\n\n\t"sourceApplication": "${input.sourceApplication}",\n\n\t"userId": "${input.userId}",\n\n\t"requestTime": "${input.requestTime}",\n\n\t"organizationPatientId": "${input.organizationPatientId}",\n\n\t"organization": "${input.organization}",\n\n\t"pharmacies": [\n\n\t\t{\n\n\t\t\t"pharmacyNPI": "${input.pharmacyNPI}",\n\n\t\t\t"finance": {\n\n\t\t\t\t"paymentCards": [\n\n\t\t\t\t\t{\n\n\t\t\t\t\t\t"type": "${input.type}",\n\n\t\t\t\t\t\t"expirationMonth": "${input.expirationMonth}",\n\n\t\t\t\t\t\t"expirationYear": "${input.expirationYear}",\n\n\t\t\t\t\t\t"firstName": "${input.firstName}",\n\n\t\t\t\t\t\t"lastName": "${input.lastName}",\n\n\t\t\t\t\t\t"middleName": "${input.middleName}",\n\n\t\t\t\t\t\t"active": true,\n\n\t\t\t\t\t\t"autoCharge": true,\n\n\t\t\t\t\t\t"spendingAccount": false,\n\t\t\t\t\t\t"tokenKey": "${input.tokenKey}"\n\n\t\t\t\t\t}\n\n\t\t\t\t]\n\n\t\t\t}\n\n\t\t}\n\n\t]\n\n}"
    }

  2. Integration: Google Data Actions
    Credential Type: GoogleCloudPlatformServiceAccount
    3.{
    "message": "No authentication bearer token specified in authorization header.",
    "code": "authentication.required",
    "status": 401,
    "messageParams": {},
    "contextId": "e224d50a-adfb-4550-9ad0-ebb794b386ca",
    "details": [
    {
    "errorCode": "ACTION.REMOTE_ENDPOINT"
    }
    ],
    "errors": [
    {
    "message": "REST call for action execute failed. Message: Request to backend service failed. Response from web service: Invalid IAP credentials: Unable to parse JWT [e224d50a-adfb-4550-9ad0-ebb794b386ca]",
    "code": "AUTHENTICATION_REQUIRED",
    "status": 401,
    "messageParams": {},
    "details": [],
    "errors": []
    }
    ]
    }

  3. Region : Aws west

Thank you.

AppSpot is not something we have done any testing with. Can you send us a link to the specific documentation within google that documents rest calls to this and how it authenticates. I have not had any luck finding that in google doc set.

There is a good chance that we are not going to be able to support this directly and that you will need to write a Cloud Function that calls your AppSpot interface.

Here it is:

  1. generate the token using IAP
  2. use the token to call the API

Thanks! That helped greatly. I can see from that doc why our JWT does not work. If you are using idenity-aware proxy, then our JWT will fail because it does not contain "target_audience".
At this time we do not support any authentication that needs that value. The only API we currently test and can say works 100% is the Function API. I will discuss adding the target_audience to our credential configuration with our Product Manager and Development team, but I think it is unlikely we are going to make the change because supporting every variant of Google's APIs is looking very problematic from a permutation comlexity and texting perspective.

1 Like

ok, Thank you for your effort Greg. Please keep us posted here.

Hi Viswanathan_Cinnaiah,

Are you able to create a Google Function to handle your API needs, and then call that Function from a Data Action? That is likely to be our recommended solution to situations like yours.

--Jason

Jason,

  1. Are you suggesting to create a Google function(like proxy) to call the API that uses IAP.

Could you please explain or share a document/link on creating a Google function.

Thank you

This is our document on Cloud Function Setup for Google Cloud Functions - Genesys Cloud Resource Center

Thank you Greg.

Are you suggesting to create a Google function(like proxy) to call the API that uses IAP.