I am trying to do the drive ownership transfer using API from the suspended user account to the manager email using a workflow automation tool called n8n and I am getting the error code 403 no matter.
test Use case:
Tried to achieve using service account & Oauth as well but none worked Allowed the following scopes:
.directory.user
JSON Body:
{
"newOwnerUserId": "{{ $json.id }}",
"oldOwnerUserId": "{{ $json.id }}",
"applicationDataTransfers": [
{
"applicationTransferParams": [
{
"key": "PRIVACY_LEVEL",
"value": ["SHARED", "PRIVATE"]
}
],
"applicationId": ["553547912911"]
}
]
}
Error:
{
"errorMessage": "Forbidden - perhaps check your credentials?",
"errorDescription": "Request had insufficient authentication scopes.",
"errorDetails": {
"rawErrorMessage": [
"403 - \"{\\n \\\"error\\\": {\\n \\\"code\\\": 403,\\n \\\"message\\\": \\\"Request had insufficient authentication scopes.\\\",\\n \\\"errors\\\": [\\n {\\n \\\"message\\\": \\\"Insufficient Permission\\\",\\n \\\"domain\\\": \\\"global\\\",\\n \\\"reason\\\": \\\"insufficientPermissions\\\"\\n }\\n ],\\n \\\"status\\\": \\\"PERMISSION_DENIED\\\",\\n \\\"details\\\": [\\n {\\n \\\"@type\\\": \\\"type.googleapis/google.rpc.ErrorInfo\\\",\\n \\\"reason\\\": \\\"ACCESS_TOKEN_SCOPE_INSUFFICIENT\\\",\\n \\\"domain\\\": \\\"googleapis\\\",\\n \\\"metadata\\\": {\\n \\\"service\\\": \\\"admin.googleapis\\\",\\n \\\"method\\\": \\\"ccc.hosted.frontend.datatransfer.v1.DatatransferTransfers.Insert\\\"\\n }\\n }\\n ]\\n }\\n}\\n\""
],
"httpCode": "403"
},
"n8nDetails": {
"nodeName": "HTTP Request3",
"nodeType": "n8n-nodes-base.httpRequest",
"nodeVersion": 4.2,
"itemIndex": 0,
"time": "2/28/2025, 11:32:54 AM",
"n8nVersion": "1.66.0 (Self Hosted)",
"binaryDataMode": "default",
"stackTrace": [
"NodeApiError: Forbidden - perhaps check your credentials?",
" at Object.requestWithAuthentication (/usr/lib/node_modules/n8n/node_modules/n8n-core/src/NodeExecuteFunctions.ts:2000:10)",
" at processTicksAndRejections (node:internal/process/task_queues:95:5)",
" at Object.requestWithAuthentication (/usr/lib/node_modules/n8n/node_modules/n8n-core/src/NodeExecuteFunctions.ts:3302:11)"
]
}
}
Images attached to the case show the error message and Client ID, Service Account used also and Drive API scopes currently used.
Look forward to your assistance with the correct scope for Drive.
I am trying to do the drive ownership transfer using API from the suspended user account to the manager email using a workflow automation tool called n8n and I am getting the error code 403 no matter.
test Use case:
Tried to achieve using service account & Oauth as well but none worked Allowed the following scopes:
https://www.googleapis/auth/drive
https://www.googleapis/auth/admin.directory.user
JSON Body:
{
"newOwnerUserId": "{{ $json.id }}",
"oldOwnerUserId": "{{ $json.id }}",
"applicationDataTransfers": [
{
"applicationTransferParams": [
{
"key": "PRIVACY_LEVEL",
"value": ["SHARED", "PRIVATE"]
}
],
"applicationId": ["553547912911"]
}
]
}
Error:
{
"errorMessage": "Forbidden - perhaps check your credentials?",
"errorDescription": "Request had insufficient authentication scopes.",
"errorDetails": {
"rawErrorMessage": [
"403 - \"{\\n \\\"error\\\": {\\n \\\"code\\\": 403,\\n \\\"message\\\": \\\"Request had insufficient authentication scopes.\\\",\\n \\\"errors\\\": [\\n {\\n \\\"message\\\": \\\"Insufficient Permission\\\",\\n \\\"domain\\\": \\\"global\\\",\\n \\\"reason\\\": \\\"insufficientPermissions\\\"\\n }\\n ],\\n \\\"status\\\": \\\"PERMISSION_DENIED\\\",\\n \\\"details\\\": [\\n {\\n \\\"@type\\\": \\\"type.googleapis/google.rpc.ErrorInfo\\\",\\n \\\"reason\\\": \\\"ACCESS_TOKEN_SCOPE_INSUFFICIENT\\\",\\n \\\"domain\\\": \\\"googleapis\\\",\\n \\\"metadata\\\": {\\n \\\"service\\\": \\\"admin.googleapis\\\",\\n \\\"method\\\": \\\"ccc.hosted.frontend.datatransfer.v1.DatatransferTransfers.Insert\\\"\\n }\\n }\\n ]\\n }\\n}\\n\""
],
"httpCode": "403"
},
"n8nDetails": {
"nodeName": "HTTP Request3",
"nodeType": "n8n-nodes-base.httpRequest",
"nodeVersion": 4.2,
"itemIndex": 0,
"time": "2/28/2025, 11:32:54 AM",
"n8nVersion": "1.66.0 (Self Hosted)",
"binaryDataMode": "default",
"stackTrace": [
"NodeApiError: Forbidden - perhaps check your credentials?",
" at Object.requestWithAuthentication (/usr/lib/node_modules/n8n/node_modules/n8n-core/src/NodeExecuteFunctions.ts:2000:10)",
" at processTicksAndRejections (node:internal/process/task_queues:95:5)",
" at Object.requestWithAuthentication (/usr/lib/node_modules/n8n/node_modules/n8n-core/src/NodeExecuteFunctions.ts:3302:11)"
]
}
}
Images attached to the case show the error message and Client ID, Service Account used also and Drive API scopes currently used.
Look forward to your assistance with the correct scope for Drive.
1 Answer
Reset to default 0The error code 403 occurs because the user is suspended. It should be active in order to transfer ownership from one account to another.
The Data Transfer API overview doesn't explicitly state this. However, I found the documentation of Transfer Drive files to a new owner as an admin, where it states that one should Have an active account, not suspended, archived, or deleted and If you suspended the current owner’s account, restore the suspended user’s account.
Alternatively, if that doesn't work, make sure that 553547912911 is also available as an applicationId for the Google Workspace account. You can check what can be used by doing a Method: applications.list with the Customer ID from the Admin console. You may get it by going to Account > Account Settings > Profile or by going to this Admin console link. It should return something like this:
{
"kind": "admin#datatransfer#applicationsList",
"etag": "\"6gJ8FoxdqGNyNxXYrlQh-KP52AygR_AihQSbYcusikU/6myfN-ORcGDrZoShvKPtdjYgnzs\"",
"applications": [
{
"kind": "admin#datatransfer#ApplicationResource",
"etag": "\"6gJ8FoxdqGNyNxXYrlQh-KP52AygR_AihQSbYcusikU/0ydvSpohUe9ss24TIeRFHAbUuKU\"",
"id": "810260081642",
"name": "Looker Studio",
"transferParams": [
{
"key": "PRIVACY_LEVEL",
"value": [
"SHARED",
"PRIVATE"
]
}
]
},
{
"kind": "admin#datatransfer#ApplicationResource",
"etag": "\"6gJ8FoxdqGNyNxXYrlQh-KP52AygR_AihQSbYcusikU/9zl83IlL6mLTPmGNRd8syt7bcmE\"",
"id": "435070579839",
"name": "Calendar",
"transferParams": [
{
"key": "RELEASE_RESOURCES",
"value": [
"TRUE"
]
}
]
},
{
"kind": "admin#datatransfer#ApplicationResource",
"etag": "\"6gJ8FoxdqGNyNxXYrlQh-KP52AygR_AihQSbYcusikU/gpdrCNQ6mHfz_maHZIl4SYFeWYk\"",
"id": "55656082996",
"name": "Drive and Docs",
"transferParams": [
{
"key": "PRIVACY_LEVEL",
"value": [
"SHARED",
"PRIVATE"
]
}
]
}
]
}
You'll also need to change 553547912911 to 55656082996 in order to transfer Google Docs and Google Drive files since I don't see where the other one would be used for in Transfer parameters.
The payload for the API call should look like this:
{
"oldOwnerUserId": "{{ $json.id }}",
"newOwnerUserId": "{{ $json.id }}",
"applicationDataTransfers": [
{
"applicationId": "55656082996",
"applicationTransferParams": [
{
"key": "PRIVACY_LEVEL",
"value": [
"SHARED", "PRIVATE"
]
}
]
}
]
}
REFERENCE
- Find your customer ID