Huawei AppGallery Connect API - 403 client token authorization fail

Question

I am trying to automate the app publishing process to the Huawei store using the REST APIs as mentioned in the link. https://developer.huawei.com/consumer/en/doc/development/AppGallery-connect-Guides/agcapi-overview

I successfully received an access token but other operations(ex: getting the app info, getting the upload URL) are getting failed with the below status code and error.

403 client token authorization fail.

I did not write any code, I simply used the below sample code and updated clientId, clientSecret, appId.

https://developer.huawei.com/consumer/en/doc/development/AppGallery-connect-Examples/agcapi-publish_api_code

What could go wrong?

Answer 1

As said in this comment, Once I set the project to NA it started working.

Thanks to @shirley

Answer 2

Update:

• Set Project to N/A to define the API client as a team-level one.
• Set Roles to Administrator

1. Please check whether your client role is Administrator.

The role of a member determines the permissions in AppGallery Connect. Administrator has most operation permissions, being able to add member accounts and assigning permissions to them. For details about the mapping between roles and permissions, please refer to Roles and Permissions.

2. Work with AppGallery Connect API

To call the AppGallery Connect API, you need to obtain authorization from the AppGallery Connect server in advance using either of the following modes: API client mode and OAuth client mode. To call the AppGallery Connect API in the API client mode, you need to manage your API client in AppGallery Connect. An API client can be managed only by your team account holder. The basic process is as follows:

A. Creating an API Client

• Sign in to AppGallery Connect and select Users and permissions.
• Go to Api Key > AppGalleryConnect API from the navigation tree on the left and click Create.
• Set Name to a customized client name, set Roles to the corresponding role, and click Confirm.
• After the client is successfully created, record the values of Client ID and Key in the client information list.

Check the screenshot below:

B. Obtaining the Token for Accessing the API

After an API client is created, the API client needs to be authenticated in AppGallery Connect. After the authentication is successful, the API client obtains an access token for accessing the AppGallery Connect API. With this access token, you can access the AppGallery Connect API.

To obtain an access token, you need to add the code for calling the Obtaining a Token API to your app program.

public static String getToken(String domain, String clientId, String clientSecret) {

    String token = null;

    try {

        HttpPost post = new HttpPost(domain + "/oauth2/v1/token");

        JSONObject keyString = new JSONObject();

        keyString.put("client_id", "18893***83957248");

        keyString.put("client_secret", "B15B497B44E080EBE2C4DE4E74930***52409516B2A1A5C8F0FCD2C579A8EB14");

        keyString.put("grant_type", "client_credentials");

        StringEntity entity = new StringEntity(keyString.toString(), Charset.forName("UTF-8"));

        entity.setContentEncoding("UTF-8");

        entity.setContentType("application/json");

        post.setEntity(entity);

        CloseableHttpClient httpClient = HttpClients.createDefault();

        HttpResponse response = httpClient.execute(post);

        int statusCode = response.getStatusLine().getStatusCode();

        if (statusCode == HttpStatus.SC_OK) {

            BufferedReader br =

                new BufferedReader(new InputStreamReader(response.getEntity().getContent(), Consts.UTF_8));

            String result = br.readLine();

            JSONObject object = JSON.parseObject(result);

            token = object.getString("access_token");

        }

        post.releaseConnection();

        httpClient.close();

    } catch (Exception e) {

    }

    return token;

}

After obtaining an access token, you can use the access token for identity authentication when accessing the AppGallery Connect API. The default validity period of an access token is 48 hours. If an access token expires, you need to obtain a new access token.

C. Accessing the API

After obtaining an access token, you can use the access token to call the AppGallery Connect API to complete function development.

Answer 3

In my case, the issue stemmed from incorrectly entering the App ID in the CI/CD platform I was using. Once I corrected it, the error was resolved.