Best IT Recipes

Google Analytics V3 Application Services and APIs: OAuth2 Authentication from Server to Server?

I am trying to get the server application to regularly retrieve Google Analytics data from my own GA account. Please note that this is a personal server-side application using my own data, i.e. There is no end user access to this application.

Thus, I registered my application in the Google API Console as an Application Service , which gave me the Client ID and Private Key . I understand that service applications do not use Application Secret and the redirect URL , since there is no end user between the server in this authentication flow. Indeed, the Google API console did not provide me with any secret data and did not ask me for a redirect URL.

Unfortunately, I cannot figure out how to authenticate my application-app in the Google PHP API . There is extensive documentation on authenticating web applications with the end user.

In the Google documentation, you can authenticate server-server by signing a JWT request with a private key . I just can't figure out how to do this in the PHP API (although I was looking at the source and there is definitely a script that signs the request using the private key.)

Am I missing something? How do I authenticate for a service application using my private key and the Google PHP API?

Edited for clarity.

+58
php google-api jwt google-analytics-api
Mar 25 '12 at 20:00
source share
4 answers

UPDATE July 21, 2012

The Google Analytics V3 API now supports OAuth2 tokens returned by a JWT request under a .p12 subscription. That is, we can now use the Analytics API w / service accounts .

It currently draws 4 years of daily performance, just for that.

Here's a quick "n" dirty step by step:

  • Go to the Google API Console and create a new application

  • On the Services tab, turn the Google Analytics radio button

  • On the API Access tab, click Create OAuth2.0 Client ID

    • enter your name, upload the logo and click "Next"

    • select the Service account option and click Create Client ID

    • download secret key

  • You are now back on the API access page. You will see the "Service Account" section with the customer ID and email address

    • Copy the email address (something like #### @ developer.gserviceaccount.com)

    • Visit Admin Admin and add this email as a user to your properties

    • It's necessary; otherwise, you will get cryptic errors.

  • Get the latest Google PHP APIs via Github

    git submodule add https://github.com/google/google-api-php-client.git google-api-php-client-read-only

  • Rock and roll (thanks everyone for the tips on updated class names):

     // api dependencies require_once(PATH_TO_API . 'Google/Client.php'); require_once(PATH_TO_API . 'Google/Service/Analytics.php'); // create client object and set app name $client = new Google_Client(); $client->setApplicationName(APP_NAME); // name of your app // set assertion credentials $client->setAssertionCredentials( new Google_Auth_AssertionCredentials( APP_EMAIL, // email you added to GA array('https://www.googleapis.com/auth/analytics.readonly'), file_get_contents(PATH_TO_PRIVATE_KEY_FILE) // keyfile you downloaded )); // other settings $client->setClientId(CLIENT_ID); // from API console $client->setAccessType('offline_access'); // this may be unnecessary? // create service and get data $service = new Google_Service_Analytics($client); $service->data_ga->get($ids, $startDate, $endDate, $metrics, $optParams);

original workaround below



It seems that despite the ambiguous documentation, most Google APIs do not support service accounts , including Google Analytics. They cannot digest the OAuth2 tokens returned by the JWT request with a .p12 subscription. So, at the moment you cannot use the Google Analytics V3 API from the service account.

Workaround:

  • In the Google API console, create a client application.

  • Follow the instructions in the Google PHP APIs to create client_auth_url using client_id , client_secret , and redirect_uri

  • Log in to Google using cURL. (Be sure to use a cookie!)

  • Open client_auth_url in cURL and fill out the form. Make sure you set curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); and curl_setopt($ch, CURLOPT_HEADER, 1); like authorization_code will be in the Location: header of the response.

  • Using client_id , client_secret , redirect_uri and the activation code from step 4, send a Google OAuth2 Token machine request. Make sure you add grant_type = "authorization_code" to your message fields.

  • Hooray, now you have a refresh_token that never expires, and a working access_token ! Send a request to the Google OAuth2 Token machine with your client_id , client_secret , redirect_uri , and refresh_token when the refresh_token expires and you get a new one.

+106
Apr 10 2018-12-12T00:
source share

The Google API API Client now supports trunk service accounts.

The implementation has not yet been released, so you need to checkout the latest version of the PHP client.

I have prepared an example application demonstrating how you can use service accounts to get into the Google Prediction API. To view the example, take a look at the examples / prediction / serviceAccount.php or visit: http://code.google.com/p/google-api-php-client/source/browse/trunk/examples/prediction/serviceAccount.php

+4
Mar 26 '12 at 16:40
source share

If you use the Google PHP API , go to the Google API Console and click API Access on the left.

Then Create a Client ID . This will give you a secret , and that is where you set your redirect URL . It will not give you the redirect URLs - it is the URL at which the application sends the user after authentication.

There are other authentication methods you can look at.

+2
Mar 25 '12 at 21:15
source share

you can use the very useful GAPI php library (Google Analytics API API) to access Google Analytics without OAuth. It is easy to use.

+2
Sep 19 '12 at 21:34
source share


More articles:


All Articles