I want to get a list of intents via the Dialogflow API. I send a GET request to this URL https://dialogflow.googleapis.com/v2/projects/my_project_id/agent/entityTypes. And for the Bearer token I use the result of the following command: gcloud auth application-default print-access-token. But I get such error:

"error": {
    "code": 403,
    "message": "IAM permission 'dialogflow.entityTypes.list' on 'projects/my_project_id/agent' denied.",
    "status": "PERMISSION_DENIED"

Then, I opened this APIs explorer, sent request, and just extract a token from the Authorization header click to open image And this is a valid token. But, unfortunately, it expires every 20 minutes. So, my question is why does gcloud auth application-default print-access-token return the wrong token, and how can I get a token permanently? I have these roles:

  • Dialogflow API Client
  • Dialogflow API Reader
  • Editor
  • You may want to check the role/s assigned to the service account whether it has the necessary DialogFlow permissions – Christopher Jun 7 at 10:30
  • Example: dialogflow.com/docs/reference/v2-auth-setup – Christopher Jun 7 at 10:30
  • This is not a service account. I do it with my account. And I have the necessary roles. I updated my question – Anton Jun 7 at 10:35
  • You should use a service account then, and generate a service account key file as indicated in the example in my previous comment – Christopher Jun 7 at 10:41
  • You are using the wrong CLI command. Use gcloud auth print-access-token. This command generates an OAuth Access Token. All Google OAuth tokens expire. You will need to learn how to program using Service Accounts. Lots of examples on the Internet. Google has good documentation on this subject. – John Hanley Jun 7 at 16:25

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Browse other questions tagged or ask your own question.