As per this blog post, Google Apps Script does not support CORS (cross origin resource sharing) to allow access from cross domain client apps. The API uses JSONP for GET requests to get over this, but POST requests would need CORS to be implemented (or use a proxy). Because of this, I have not released oAuth2 support yet (although it is implemented in scriptDB API for JavaScript).
If you need to do POSTS using the API, the handler webapp needs to be set to ‘anyone, even anonymous’ for now until this issue is resolved or I figure out a workaround. You can protect from writing by using the method described in setting up GAS API for handler. This describes how you can create multiple handlers which allow different kinds of operations. Specifically then, you could set permissions on a readonly handler how you want, limit the operations it could perform, and distribute it to anyone who needed readonly access, whilst also protecting it with Google Sharing permissions. Another handler, whose url you would not distribute widely, would allow writing, but would need its permissions to be ‘anyone, even anonymous’. This is not ideal, but is ok to get started I guess.
Additional keys passed as headers
Setting up a PC for access
var gasHandlerEndPoints = { scriptdbreadhandler : "https://script.google.com/macros/s/AKfycbx7_gPpc38Map4QqHOQrzx_kvIX00nfYGO9OLq8_cMD486Va6M/exec" } ; function firstTimeReadonly() { // read access to scriptDBPrimer database, no oAuth required - uses scriptDBreadhandler new cScriptDbCom().setScriptCredentials( { endPoint : gasHandlerEndPoints.scriptdbreadhandler, restAPIKey : 'xliberationApp', scopeEntry : 'rest', credentialsEntry: 'primer', clientKey:'xliberation', library: 'scriptDBPrimer', needDebug: false, needOauth: false } ); }
From now on this particular entry can be accessed using
var dbCustomer = getScriptDb("VBAParseCustomers","primer");
and the permissable operations will be those allowed by the GAS handler to which it refers.
For help and more information join our forum, follow the blog or follow me on Twitter