Developer uncovers Google Apps Script's confusing 'Anyone' access setting causing 401 errors

Developer Maneshwar built a Chrome extension called ProfileKit to scrape LinkedIn profile data and sync it to a Google Sheet via a Google Apps Script web app acting as a free backend API. After fixing a fragile company-name matching bug, he redeployed the script only to face persistent 401 authentication errors on every sync attempt. Despite the deployment settings clearly showing 'Who has access: Anyone,' requests from the extension were being rejected because the underlying API value 'ANYONE' only permits logged-in Google account holders. The actual setting for truly public, unauthenticated access — including automated requests — is a separate value called 'ANYONE_ANONYMOUS,' which the UI does not make obvious. The experience led him to adopt the command-line tool clasp for managing Apps Script deployments, giving him direct control over the manifest and avoiding the misleading interface.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in