ErrorNotes

Solving the 403 PermissionDenied Error: Vertex AI API Not Enabled

intermediate🧠 AI Tools2026-06-22| Python 3.9+, google-cloud-aiplatform library, Google Cloud Platform (GCP), Linux/macOS/Windows

Error Message

google.api_core.exceptions.PermissionDenied: 403 Vertex AI API has not been used in project PROJECT_ID before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/aiplatform.googleapis.com/overview?project=PROJECT_ID
#vertex-ai#google-cloud#gcp#gemini#iam#python

The 2 AM Deployment Wall

You just finished writing a Python script to integrate Gemini 1.5 Pro via Vertex AI. Everything looks perfect in your IDE. You run the code, expecting a brilliant AI response, but your terminal crashes with a 403 error instead. It is frustrating, but the fix is usually just a few clicks or a single command away.

The Exact Error Message

google.api_core.exceptions.PermissionDenied: 403 Vertex AI API has not been used in project PROJECT_ID before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/aiplatform.googleapis.com/overview?project=PROJECT_ID

You will see this most often when spinning up a new Google Cloud project. By default, GCP keeps most services dormant. It is a security measure that also prevents accidental billing, but it means you cannot just start hitting endpoints without a bit of setup.

Debugging the 403 Error

Double-check your PROJECT_ID first. It sounds simple, but developers frequently use the default project set in their gcloud config, which might be an old sandbox or a completely different client account. One wrong string here and nothing will work.

Run this command to see which project your CLI is currently targeting:

gcloud config get-value project

If the ID is correct, the issue is administrative. The API is simply turned off. Google Cloud requires you to explicitly opt-in to every service before it will handle requests, even if you are the project owner with full permissions.

The Solution: Enabling the API

You have two ways to fix this. The console is great for a one-time fix, while the CLI is better for automation.

Method 1: The Google Cloud Console

  • Copy the specific URL from your error message. It usually includes your unique project ID.
  • Paste it into your browser. Make sure you are logged into the correct Google account, as multi-account sessions often redirect to the wrong project dashboard.
  • Click the Enable button.
  • Wait about 60 to 90 seconds. API activation needs a moment to propagate across Google's global edge locations.

Method 2: Using gcloud CLI

Terminal fans can skip the browser entirely. This method is much faster when you are managing multiple projects or working on a remote server via SSH.

# Authenticate your session
gcloud auth login

# Ensure you are working in the right project
gcloud config set project YOUR_PROJECT_ID

# Enable the Vertex AI service
gcloud services enable aiplatform.googleapis.com

Fixing IAM Permissions

Enabling the API is only half the battle. If you still see a 403 error after enabling the service, your identity—whether it is your personal email or a Service Account—likely lacks the right permissions. For Vertex AI work, you generally need the roles/aiplatform.user role.

Grant this permission quickly via the CLI:

gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
    --member="serviceAccount:your-service-account@YOUR_PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/aiplatform.user"

If you are running the script locally and haven't set up a service account key, make sure you've refreshed your local credentials:

gcloud auth application-default login

Verifying the Fix

Test your connection with this minimal Python snippet. It attempts to initialize the Vertex AI SDK and generate a simple response. If this works, your environment is officially ready for production.

import vertexai
from vertexai.generative_models import GenerativeModel

PROJECT_ID = "your-project-id"
REGION = "us-central1"

vertexai.init(project=PROJECT_ID, location=REGION)

try:
    model = GenerativeModel("gemini-1.5-flash")
    response = model.generate_content("Confirm API is active.")
    print(f"Success! Response: {response.text}")
except Exception as e:
    print(f"Verification failed: {e}")

Lessons Learned & Prevention

GCP is "secure by default." Nothing is turned on until you ask for it. When building new AI infrastructure, always include an API enablement step in your Terraform scripts or setup documentation. This prevents your team from hitting the same 403 wall later.

If you are deploying to a Linux VM, keep an eye on file permissions for your JSON keys. I have seen developers spend hours debugging 403 errors that were actually just the OS blocking the app from reading the service account key. Using a Unix Permissions Calculator can help you verify that your keys are set to 600—private and secure, yet readable by your application. This small check saves massive headaches during a production push.

Your new project checklist should always include:

  • Enable aiplatform.googleapis.com.
  • Enable generativelanguage.googleapis.com for specific Gemini features.
  • Assign Vertex AI User roles to the relevant service account.
  • Refresh application-default credentials on your local machine.

Related Error Notes

Fixing 'OSError: [Errno 28] No space left on device' for Hugging Face Downloads

OSError: [Errno 28] No space left on device

Fix AWS Bedrock AccessDeniedException: User Not Authorized to Perform bedrock:InvokeModel

botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the InvokeModel operation: User: arn:aws:iam::123456789012:user/dev is not authorized to perform: bedrock:InvokeModel

Fix 'bitsandbytes was compiled without GPU support' RuntimeError in Quantization

RuntimeError: bitsandbytes was compiled without GPU support. 8-bit optimizers and quantization require a GPU to function.