# Google Drive API Credentials Setup ## What is the Credentials File? The credentials file is a **JSON file** that you download from Google Cloud Console when you create a Service Account. It contains: - Service account email address - Private key for authentication - Project information - Other authentication details **File name example:** `el-paraiso-drive-transfer-abc123def456.json` (Google generates this name) ## Where to Store It ### Recommended Location (Outside Web Root) The credentials file should be stored **outside** the web-accessible directory for security. **Recommended path:** `/var/www/html/wordpress6/secure/google-drive-credentials.json` ### Step-by-Step Setup 1. **Create the secure directory:** ```bash sudo mkdir -p /var/www/html/wordpress6/secure sudo chmod 700 /var/www/html/wordpress6/secure ``` 2. **Download the credentials file from Google Cloud Console:** - Go to Google Cloud Console → IAM & Admin → Service Accounts - Click on your service account - Go to "Keys" tab - Click "Add Key" → "Create new key" - Choose "JSON" format - Download the file 3. **Move and rename the file:** ```bash # Move the downloaded file to the secure directory sudo mv ~/Downloads/your-service-account-*.json /var/www/html/wordpress6/secure/google-drive-credentials.json ``` 4. **Set secure permissions:** ```bash sudo chmod 600 /var/www/html/wordpress6/secure/google-drive-credentials.json sudo chown www-data:www-data /var/www/html/wordpress6/secure/google-drive-credentials.json ``` 5. **Verify the file:** ```bash ls -la /var/www/html/wordpress6/secure/ # Should show: -rw------- (600 permissions) ``` ## Alternative Locations If you can't create the directory at `/var/www/html/wordpress6/secure/`, you can use: 1. **User home directory:** ``` /home/scala4/.google-credentials/google-drive-credentials.json ``` - Create: `mkdir -p ~/.google-credentials` - Set permissions: `chmod 700 ~/.google-credentials` 2. **System-wide secure location:** ``` /etc/google-drive-credentials.json ``` - Requires root access - Set permissions: `chmod 600 /etc/google-drive-credentials.json` 3. **Inside EP directory (less secure, but protected):** ``` /var/www/html/wordpress6/wordpress/EP/config/google-drive-credentials.json ``` - Create: `mkdir -p /var/www/html/wordpress6/wordpress/EP/config` - Add `.htaccess` to deny web access: ```apache Deny from all ``` ## Update the Path in Code After placing the file, update `event-drive-file-transfer.php`: ```php $credentialsPath = '/var/www/html/wordpress6/secure/google-drive-credentials.json'; ``` Or if using an alternative location, update accordingly. ## Security Checklist - [ ] File is outside web root (or protected with .htaccess) - [ ] File permissions are 600 (read/write owner only) - [ ] Directory permissions are 700 (owner only) - [ ] File is owned by web server user (www-data) - [ ] File is NOT in version control (.gitignore) - [ ] Backup is stored securely ## Verify Setup The file transfer page will show: - ✅ "API Configured" message if credentials are found - ⚠️ "API Not Configured" warning if credentials are missing ## Troubleshooting **"Permission denied" error:** - Check file permissions: `ls -la /var/www/html/wordpress6/secure/` - Ensure web server user can read: `sudo chown www-data:www-data google-drive-credentials.json` **"File not found" error:** - Verify the path in `event-drive-file-transfer.php` - Check file exists: `ls -la /var/www/html/wordpress6/secure/google-drive-credentials.json` **"Invalid credentials" error:** - Verify the JSON file is valid: `cat google-drive-credentials.json | python -m json.tool` - Ensure you downloaded the correct service account key - Check that the service account has access to the Drive folders