blog post, Google Apps Script does not support CORS (cross origin resource sharing) to allow access from cross domain client apps. The API uses JSONP for GET requests to get over this, but POST requests would need CORS to be implemented (or use a proxy). Because of this, I have not released oAuth2 support yet (although it is implemented in scriptDB API for JavaScript). As per this If you need to do POSTS using the API, the handler webapp needs to be set to 'anyone, even anonymous' for now until this issue is resolved or I figure out a workaround. You can protect from writing by using the method described in setting up GAS API for handler. This describes how you can create multiple handlers which allow different kinds of operations. Specifically then, you could set permissions on a readonly handler how you want, limit the operations it could perform, and distribute it to anyone who needed readonly access, whilst also protecting it with Google Sharing permissions. Another handler, whose url you would not distribute widely, would allow writing, but would need its permissions to be 'anyone, even anonymous'. This is not ideal, but is ok to get started I guess. Additional keys passed as headersAs described in A VBA API for scriptDB, parse.com - nosql database for VBA and parse.com - noSQL database for GAS there are additional keys that can be passed as headers that can be used for further protection in the request headers, but in another quirk of GAS fate, UrlFetch() cannot access any headers passed to it. I hope this will be resolved in the future too. Setting up a PC for accessJust as A VBA API for scriptDB uses the registry to store authentication keys and urls, so does scriptDB API for JavaScript use cookies. These only need to be created once, and are created like this. This example shows a one time registration to a readonly handler to a scriptDB associated with the library scriptDBPrimer. Once the pc is registered there is no need to do this again. var gasHandlerEndPoints = { scriptdbreadhandler : "https://script.google.com/macros/s/AKfycbx7_gPpc38Map4QqHOQrzx_kvIX00nfYGO9OLq8_cMD486Va6M/exec" } ; function firstTimeReadonly() { // read access to scriptDBPrimer database, no oAuth required - uses scriptDBreadhandler new cScriptDbCom().setScriptCredentials( { endPoint : gasHandlerEndPoints.scriptdbreadhandler, restAPIKey : 'xliberationApp', scopeEntry : 'rest', credentialsEntry: 'primer', clientKey:'xliberation', library: 'scriptDBPrimer', needDebug: false, needOauth: false } ); } From now on this particular entry can be accessed using var dbCustomer = getScriptDb("VBAParseCustomers","primer"); and the permissable operations will be those allowed by the GAS handler to which it refers. You can get me on Google plus, Twitter or this forum, and compare this topic with A VBA API for scriptDB For help and more information join our forum, follow the blog, follow me on twitter |
Services > Desktop Liberation - the definitive resource for Google Apps Script and Microsoft Office automation > Things that have been deprecated > Google Apps ScriptDB > scriptDB API for JavaScript >