google-analytics-api Authentication


Syntax

Parameters

ParameterDescription
Client IdFrom Google Developer console identifies your project or application
secretFrom Google Developer console identifies your project or application
redirect_uriFrom Google Developer location where the authentication should be returned to. In the case of Native applications urn:ietf:wg:oauth:2.0:oob can be used to denote localhost

Remarks

In order to access any Google API you need to identify yourself as a developer and identify your project. We do that by creating a new project on Google Developers console.

When you create your project you if you want to access the Google Analytics APIs you must enable the APIs you intend to access.

  • Reporting API: Access to the Google Analytics Reporting API v4.
  • Analytics API: Access to everything else.

Now you must decide how you would like to access the data.

With Google Data there are two types of Data Public and Private.

  • public data is not owned by a user. The metadata API is a public API you don't need to be logged in to access that data.
  • The Reporting API contains a users Google Analytics data it is private you cant look at it unless the user has given you permission to access it.

If you are only accessing public data then all you need do is create a public API key and you will be able to access the API in question. If you are going to be accessing private user data then you will need to create either Oauth2 credentials or service account credentials.

Authorization Oauth2

To access private user data we must have permission of the owner of the data to access it. Oauth2 allows us to request that access from a user.

You have probably seen before Oauth2 before.

enter image description here

The Application "Google Analytics Windows" is requesting access to view the users "Google Analytics Data"

  1. Google Analytics windows is the name of the project that was created on Google Developer console.
  2. Google Analytics Data is the scope of permissions that we asked for.

Scope We need to tell the user what we intend to do the Google analytics API has two scopes that you can use.

  1. https://www.googleapis.com/auth/analytics.readonly
  2. https://www.googleapis.com/auth/analytics

It is best to only request the scopes that you need. If you will only be reading a users data then you only need to request the readonly scope.

Authorization service accounts

Service accounts are different in that they are pre-approved. If you create service account credentials you as the developer can take the service account email and add it as a user on your Google Analytics account At the account level this will grant the service account access to the data. You wont need to pop up the authentication window and request access. The service account will have access to the data for as long as it is a user on the Google Analytics account.

Conclusion

Authentication is needed to access most of the data exposed by the Google Analytics API.

You can not use client login / login and password to access any Google API as of May 2015. You must use Open authentication.

**