My application needs to fetch Google Analytics data from backend servers.
I am using Google Service Account in my application.
Though I have given all permissions to my service account through Google Developer console, it turns out that my service account cannot access custom segments of my user account.
A way could have been to copy these segments from user account to service account, but there seems like no way to login via service account and be able to copy segments from user account to service account.
So, there seems like no way to be able to fetch custom segments in a web application from backend...
Is there any way to do so?
Can any other account(web application, Installed application account) serve my purpose?
Reading the documentation of above two Google accounts reveals that user would be prompted for authentication (at least once) during authorization in these 2 accounts which is not feasible in backend servers.
I found a similar thread for my query Google Analytics V3 - How to create custom segments for API Service Accounts , but user in this thread resorted to not using segments at all, but I do need to use them in my account.
PS: I am writing my application in RubyOnRails and would be using Ruby Gem for Google Authentication
Answer: No there is no way to add segments to the Service account. Even the Mangment api only allows you to list segments not add them. Segment Management API documentation
An Idea: You could us normal Oauth2 Authenticate it using your account, Save the refresh token someplace and use that in your application to see the data. Then it would be like the Application is always you and would be able to see your segments.
Sorry I don't know ruby so I cant help you with getting the idea working.
Related
I've 2 different API keys enabled on 2 different accounts. One professional and the second private and I don't want to link the 2.
My problem is that I've been working with the professional API credentials for almost 3 months and everything works fine. Now, I've created a new account with a new Analytics account and my problem is that I can't use the new API directly with my new Analytics account.
I can't make my script to authorize the new user and I receive an error that says that the user does not have sufficient permissions for this profile.
I managed to make it work by adding my private account as a user in my professional Analytics account. It seems like I can't make another account authorization even if I'm using a different API created on another account. It's like the connects to the first account authorized on my PC.
Is there any way to reset the authorization on my PC each time I want to use one of the API?
Thank you,
EDIT: I'm running a Python script that uses the Analytics API and the only time I have a prompt to authenticate it's the first time I use the application on a new PC. After that, the script runs without any prompt, The credentials are those of the API (client ID and Client secret) and I'm not using them directly but I'm using the client_serets.json file generated on the Google dev console.
I have figured it out. You'll have to navigate to this url https://myaccount.google.com/permissions?pli=1 and remove the service you want to remove.
I need to extract Google Analytics data through it's API. However I do not want to generate any account and key manually (the reason is I do not want to let this technical this to be performed by any non-techie person) and want to dump that data for analysis purpose.
In order to use any of Googles APIs they need to know who you are. You as a developer are identified by the project you create on Google Developer console. Once the project is created you can create a number of different types of credentials including Service account credentials and Oauth2 Credentials.
Answer: No there is no way to programmaticlly create service account credentials. Nor is it possible to use the a Google api without first creating a project on Google developer console.
Note: Google Cloud Resource Manager does exist but is very limited in what it allows you to do.
If someone else is going to be running your application to access their Google analytics Data you should idealy be using Oauth2 in your application and not a service account.
Service accounts are designed as way for the developer to grant others access to data owned by the developer in question. They are not really intended for novice users to be creating their own projects on google developer console and generating credentials.
You are basically asking if you can obtain the credentials necessary to query the API via the API. This does not work.
I am also not sure how this would help you. Before you can do any API operations to a Google Analytics account you need to have an authorized user (e.g. a service account) added to your view or property. If you are in a situation where you can add a user programmatically to an account you might as well just read the data you need.
I am looking to make a web based app which creates a monthly report that has Google Analytics information in i.e. organic searches etc. Some clients will have their own Google Analytics accounts and wont be own mine.
I managed to get the OAuth 2 authorization working with my account however it wont work for clients as I needed to get the client_secret.json file from Google Developers website. I have seen a service like cyfe.com which just gets the google login information and outs the Google Analytics information in graphs and such.
Does anyone know how they manage this is possible without getting the client_secret.json file ?
oAuth2 is designed to let you access to users data with their permission, without requiring to access their password.
You should use your own client Id and client secret, these identify your application, not your users ("client" here means client of the API).
You then need to create an interface where users can allow your application to access to their data, from this you'll get an access token, allowing to your application to access to Google Analytics data of your user on their behalf.
Read "Using OAuth 2.0 to Access Google APIs", and identify the scenario that matches to what you want to achieve.
I strongly suggest that you use a library managing the authentication flow, you don't need to reinvent the wheel. Here's a list from Google: Google API Client Libraries.
I want to show google analytics dashboard to my users. It is not possible to give access of "google analytics dashboard" to all users. So I want to integrate it on my own website. Will it be possible to integrate google analytics dashboard on a particular website?
This question gets asked quite a bit. It is important to understand the security model for the API. All Google APIs use OAuth2.0 to authenticate the user. This is designed to make it easy to use the API to access the Users's data on behalf of the user. In contrast you will need to do work to show Your data to your users.
With that said, an example of what you are looking for is the Server side Auth example provided by the Analytics API team.
The simplest answer is to query the API on the server side, with a service account and serve that data as you serve any other data to your users. Read the scenarios in detail, and pick one that best suits your end goals. Understand how the API views the following entities.
A User uses an application.
A Developer develops Application.
An Application has a project id and its associated credentials.
A user authorizes an application to access their data via the API.
You are breaking this paradigm because you are the user and developer from the API's perspective. You want to share your data with people who are not authorized to view it, so you will need to use a service account to access that data and share it directly with your users.
Also remember to add the service account to Analytics View you wish it to access.
Check out EmbeddedAnalytics if you prefer not to get bogged down learning oAuth2, the CoreReporting API, and lastly a charting tool. We simplify the process. All you do is create your chart and embed a snippet of code in your site where you want the chart/dashboard to show.
I need to write to a Google Calendar from data in our datastore (App Engine app).
I want to access via OAuth 2.
Reading is no problem - the calendar is public and I just use the simple API access method.
Writing is a "problem" - obviously I need to authenticate. However, the calendar is owned by the app administrators, and we want to write to the calendar as a background task - no user interaction is required.
I have gone through all Google's documentation, but I feel none the wiser - how can I do a one -time setup for permanent write access to a Google Calendar, via the V3 API?
To make calls on behalf of your App Engine app without user interaction you should make use of the App Identity module:
https://developers.google.com/appengine/docs/python/appidentity/
If you are using the Google API Client Libraries, using the AppAssertionCredentials object will do this automatically for you:
https://developers.google.com/api-client-library/python/guide/google_app_engine#ServiceAccounts
Note the following:
You will probably still need to supply the simple key in order to attribute quota usage to the right project.
The App Identity module won't work during local App Engine development - you will need to deploy into production in order to obtain valid credentials.
You will need to share the calendar you are writing to with the email address associated with the service account for the App Engine app. To find this email address go to the App Engine Administration Console -> "Application settings" and look for the service account email.
Finally, I'm not 100% sure that the Calendar API allows service accounts direct access, but you should give this a try. If that doesn't work for you an alternative may be to generate a refresh token for a real user that has access to the calendar, and look at embedding that into your application - the service account method is preferable, so I would try that first.