问题:

I need to do CRUD on Custom Search Engines. From documentation, it looks pretty straight forward. I keep getting 401 responses though.

I am using Google.Apis.Oauth2.v2 to get a token:

String serviceAccountEmail = "blahblahblah@developer.gserviceaccount.com";

var certificate = new X509Certificate2(@"key.p12", "blah", X509KeyStorageFlags.Exportable);

var credential = new ServiceAccountCredential(
   new ServiceAccountCredential.Initializer(serviceAccountEmail)
   {
      Scopes = new[] { "https://www.googleapis.com/auth/cse" }
   }.FromCertificate(certificate));

bool result = credential.RequestAccessTokenAsync(CancellationToken.None).Result;
TokenResponse token = credential.Token;

I then add the token to the following request (Authorization: Bearer mytoken):

GET http://cse.google.com/api/<USER_ID>/cse/<CSE_ID>

There are a few things that jump at me.

1. Exact quote from documentation:

Although you can set HTTP requests to the URL http://cse.google.com/api/[USER_ID]/cse/[CSE_ID], we recommend using the following URL instead:

http://cse.google.com/api/[USER_ID]/cse/[CSE_ID]

Note that both URL's are exactly the same.

2. In authentication section, the sample is using ClientLogin, which is deprecated. No samples with OAuth 2.0.

3. In the document's example, it says:

Each Custom Search engine is identified by a unique ID created by combining a user ID with a Custom Search engine ID, separated by a colon, like this:

011737558837375720776:mbfrjmyam1g In this case, the user ID is 011737558837375720776, and the search engine ID is mbfrjmyam.

You would have noticed that the search engine ID is 2 characters short of what it looks like should be.

4. Nowhere I have seen the scope as "https://www.googleapis.com/auth/cse". I just copied it from a stackoverflow post.

I understand this is a very long question, but I hope this will help the next person to look at this and consider these points.

Anyone knows why the 401s?