I've recently been accessing the Google Analytics Core Reporting API using the client login (username & password) method rather than OAuth2.

All was working find with my integration and then out of the blue I started receiving this error message (formatted for easy reading):

[INFO] [talledLocalContainer] com.google.gdata.util.ServiceForbiddenException: Forbidden
[INFO] [talledLocalContainer]
<?xml version="1.0" encoding="UTF-8"?>
<errors xmlns="http://schemas.google.com/g/2005">
<internalReason>User does not have sufficient permissions for this profile.</internalReason>

Of course this looked like nonsense. My account is just fine, right?

Wrong. Turns out that I've been using a VPN to appear to be located in the USA. Google assumes that I should be authenticating from the UK and flags this up as suspicious activity on my account, which in turn breaks the integration.

The fix is to browse here: https://accounts.google.com/b/0/DisplayUnlockCaptcha or go and check for any suspicious activity on your account.

Alternatively, simply implement OAuth2 for the integration instead and presumably this won't happen again.