General troubleshooting

Learn about troubleshooting steps that you might find helpful if you run into problems using Pub/Sub.

Cannot create a topic

Verify that you have the necessary permissions. To create a Pub/Sub topic, you need the Pub/Sub Editor (roles/pubsub.editor) Identity and Access Management role on the project. If you don't have this role, contact your administrator. For more troubleshooting information regarding topics, see Troubleshooting topics and Troubleshooting import topics.

Cannot create a subscription

Check that you have done the following:

  • Verify that you have the necessary permissions. To create a Pub/Sub subscription, you need the Pub/Sub Editor (roles/pubsub.editor) IAM role on the project. If you don't have this role, contact your administrator.

  • Specified a name for the subscription.

  • Specified the name of an existing topic to which you want to attach the subscription.

  • If creating a push subscription, specified https:// in lower case (not http:// or HTTPS://) as the protocol for your receiving URL in the pushEndpoint field.

For more troubleshooting information about subscriptions, see Troubleshooting pull subscriptions, Troubleshooting push subscriptions, Troubleshooting BigQuery subscriptions, and Troubleshooting Cloud Storage subscriptions.

403 (Forbidden) error

If you get this error, do the following:

  • Make sure you've enabled the Pub/Sub API in the Google Cloud console.
  • Make sure that the principal making the request has the required permissions on the relevant Pub/Sub API resources, especially if you are using Pub/Sub API for cross-project communication.

  • If you're using Dataflow, make sure that both {PROJECT_NUMBER}@cloudservices.gserviceaccount.com and the Compute Engine Service account {PROJECT_NUMBER}-compute@developer.gserviceaccount.com have the required permissions on the relevant Pub/Sub API resource. For more information, see Dataflow Security and Permissions.

  • If you're using App Engine, check your project's Permissions page to see if an App Engine Service Account is listed as a Pub/Sub Editor. If it is not, add your App Engine Service Account as a Pub/Sub Editor. Normally, the App Engine Service Account is of the form <project-id>@appspot.gserviceaccount.com.

Using excessive administrative operations

If you find that you're using up too much of your quota for administrative operations, you might need to refactor your code. As an illustration, consider this pseudo-code. In this example, an administrative operation (GET) is being used to check for the presence of a subscription before it attempts to consume its resources. Both GET and CREATE are administrator operations:

if !GetSubscription my-sub {
  CreateSubscription my-sub
}
Consume from subscription my-sub

A more efficient pattern is to try to consume messages from the subscription (assuming that you can be reasonably sure of the subscription's name). In this optimistic approach, you only get or create the subscription if there is an error. Consider this example:

try {
  Consume from subscription my-sub
} catch NotFoundError {
  CreateSubscription my-sub
  Consume from subscription my-sub
}