Do you have to use the service account email address that is given to you or can you use an existing email address that is connected to the accounts you have access to?
service account credentials are a specific type of credentials created on google cloud console and are used to denote your application. Service accounts also allow for pre-authorized Access to private under data by in the case of google analytics adding the service account email address as a user in google analytics.
No you can't use a standard gmail user account as a service account.
You would need to use oauth2 to request consent of the owner or user of the google analytics account to access it.
Related
When trying to pull GA4 data from the api, it says the user doesn't have permission. I'm having no issues with the UA accounts.
However, my GA4 accounts are both:
tied to the same account as my Universal accounts
the api service email account is also attached to those account.
I'm wondering if perhaps the property id isn't what i use for ga4, as I did for the Univsal code.
Has anyone had this issue?
I have tried using both the property ID, the Stream ID and the Measurement ID with no luck.
user doesn't have permission
means exactly that the user you are authenticating with does not have permission to access the google analytics account you are trying to access.
You need to go into the GA4 account via the admin section on the website and grant it access
Its under property and access management, add the service account in there.
Background
We are building an app which authenticates end user using Firebase Authentication (backed by GCP Identity Platform). At the same time, we leverage some Google API of which permission is set based on IAM Role/Principal. That means the API call is valid only if the caller calls the API with a valid access token of authorized IAM Principal.
According to Doug in this post: How to add Firebase auth user to GCP IAM access policy "IAM doesn't know anything about Firebase Authentication users."
Already tried: Add the Firebase user as an IAM Principal when it's created. It works only for the user signs in user Google account. Otherwise, IAM will throw error "Email addresses and domains must be associated with an active Google Account, Google Workspace account, or Cloud Identity account."
Question: Is there any recommended way to authorize Firebase user accessing Google API? Do I need to build a customized authorization layer in Firebase to keep track of who can access what. Then, use that as a guard to relay the requests to the underlying Google API only if the user is authorized by the authorization logic?
we are provide saas plugin to our customers, we need to get events for each customer's website without creating seperate GTM container and GA property , All the process will takes place in background.
There should be no login requried ,insted we will send the username and password to Google Aalytics through code(JavaScript).
so we need to use google analytics Api without google sign in
is there a way to do this
we are provide saas plugin to our customers, we need to get events for each customer's website
If you want to connect to the analytics accounts for your customers websites they you need to be authorized to access their private data.
no login requried ,insted we will send the username and password to Google Aalytics through code(JavaScript).
You can not login to anyones google account using login and password that was called client login and google disabled that in 2015. You will need to use Oauth2 request consent and gain authorization to access their private data.
so we need to use google analytics Api without google sign in
Sign in is authentication, the Google analytics api operations on authorization. The user needs to consent and grate you authorization to access their data.
is there a way to do this
No you can not access private user data without the owner of that data authorizing your access to that data.
A client can directly give his own analytics account access to another manager account using the User Management, But I can not find how a manager analytics account can send a request access invitation to manage a client's analytics account with API call(like as google Google Adwords mutatelink function).
Currently, we are using the below code for giving access analytics manager by the user's access_token.
self.service.management().accountUserLinks().insert(
accountId=accountId,
body={
'permissions': {
'local': [
'EDIT',
'MANAGE_USERS'
]
},
'userRef': {
'email': email}}).execute()
My issue is, when we do not have the client's access_token, we want to send an invitation to the client for managing its account.
How would you do that in google analytics?
My issue is, when we do not have the client's access_token, we want to send an invitation to the client for managing its account.
If you want to access the users data then you should be sending them a link to your application so that they can authorize your application and user it. THis is the only way your going to be able to get an access token for their account.
Is it possible, with the Google Calendar API / Zend Gdata, to get the user's google email address, after he successfully authenticated with AuthSub and I have an access token?
I have a problem with some users having multiple Gmail and Google Apps accounts, and then not remembering which one they've used to Sync with my service and having the impression that the sync doesn't work. I'd like to display them the Google Account they have first authenticated with.
Have you tried the experimental settings API? It looks like it returns the user's name and email address in the author section.