I’m working with a Google Drive OAuth2 application that downloads files from customer Drive folders. The app has been verified by Google’s OAuth team, but I’m running into issues when trying to download certain file types like CSV, XLS, and XLSX files.
Here’s what I’m trying to do:
GET https://www.googleapis.com/drive/v3/files/ABC123XYZ789?alt=media&access_token=TOKEN_HERE
Instead of getting the file content, I get this HTML error response:
<!DOCTYPE html>
<html>
<head><title>Error</title></head>
<body>
<h1>We're sorry...</h1>
<p>Your computer or network may be sending automated queries. We can't process your request right now.</p>
</body>
</html>
This started happening around early February 2020. Before that, everything worked perfectly. The weird thing is that using the export endpoint for Google Docs files still works without any problems.
I’ve already gone through OAuth verification and passed it. I’ve also regenerated new access and refresh tokens, but the same error keeps showing up. My production server doesn’t have any VPN or malware issues that could cause this.
Has anyone else experienced this problem? What could be causing Google to think my legitimate API calls are automated queries?
g00d to know i’m not alone. i faced this too. adding user-agent and referer headers really helped me out. googles bot detect is a pain! check if your ip might be flagged. hope this helps a bit!
Same thing happened to us around that time. We switched to the Drive API’s files.get method with the downloadUrl parameter - worked way better than alt=media. Google’s gotten stricter with anti-bot detection and flags certain request patterns, even for legit apps. We found that too many concurrent requests from one session triggered their automated query detection. Fixed it by switching to sequential downloads instead of parallel, plus added random delays of 500-1500ms between API calls. Authentication wasn’t our problem either - just how we were making requests. Also worth checking if your server IP got flagged by testing manually from different locations.
I encountered a similar issue with my sync service last year. The problem stemmed from the frequency of requests and the user agent headers—Google’s bot detection has indeed tightened up recently. To resolve it, we implemented exponential backoff between our requests and ensured we included clear user agent headers that correctly identified our application. Additionally, we moved away from using the alt=media parameter to the files.get method with proper MIME type management. It’s worth checking if you’re on shared hosting or within cloud services, as other applications running on the same IP range may be triggering rate limits. Even if you’ve authenticated through OAuth, Google monitors request patterns by IP. Try spacing your downloads by 1 to 2 seconds to see if that alleviates the issue. The export function likely works because it operates under different rate-limiting rules on Google’s side.