Service Applications and Google Analytics API V3: Server-to-server OAuth2 authentication?

by

UPDATE July 21st, 2012

Google Analytics API V3 now supports OAuth2 tokens returned by a .p12-signed JWT request. That is, we can now use the Analytics API w/ service accounts.

Currently pulling 4 years of day-by-day metrics, just for the hell of it.

Here’s a quick ‘n’ dirty step-by-step:

  1. Go to the Google API Console and create a new app

  2. In the Services tab, flip the Google Analytics switch

  3. In the API Access tab, click Create an OAuth2.0 Client ID

    • enter your name, upload a logo, and click Next

    • select the Service account option and press Create client ID

    • download your private key

  4. Now you’re back on the API Access page. You’ll see a section called Service account with a Client ID and Email address

    • Copy the email address (something like ####@developer.gserviceaccount.com)

    • Visit your GA Admin and add this email as a user to your properties

    • This is a must; you’ll get cryptic errors otherwise.

  5. Get the latest Google PHP Client API via Github

    git submodule add https://github.com/google/google-api-php-client.git google-api-php-client-read-only

  6. Rock ‘n’ roll (thanks all for tips on updated class names):

    // api dependencies
require_once(PATH_TO_API . 'Google/Client.php');
require_once(PATH_TO_API . 'Google/Service/Analytics.php');

// create client object and set app name
$client = new Google_Client();
$client->setApplicationName(APP_NAME); // name of your app

// set assertion credentials
$client->setAssertionCredentials(
  new Google_Auth_AssertionCredentials(

    APP_EMAIL, // email you added to GA

    array('https://www.googleapis.com/auth/analytics.readonly'),

    file_get_contents(PATH_TO_PRIVATE_KEY_FILE)  // keyfile you downloaded

));

// other settings
$client->setClientId(CLIENT_ID);           // from API console
$client->setAccessType('offline_access');  // this may be unnecessary?

// create service and get data
$service = new Google_Service_Analytics($client);
$service->data_ga->get($ids, $startDate, $endDate, $metrics, $optParams);

 

original workaround below

It seems that, despite ambiguous documentation, most Google APIs do
not support service accounts yet, including Google Analytics. They
cannot digest OAuth2 tokens returned by a .p12 signed JWT request. So,
as of right now, you cannot use Google Analytics API V3 with a
service account.

Workaround:

  1. In the Google API console, create a client application.

  2. Follow the steps in the Google PHP Client API examples to generate a client_auth_url using your client_id, client_secret,
    and redirect_uri

  3. Login to Google using cURL. (Be sure to use a cookie file!)

  4. Open the client_auth_url in cURL and complete the form. Make sure you set curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); and
    curl_setopt($ch, CURLOPT_HEADER, 1); as the authorization_code
    will be in the Location: header of the response.

  5. Using your client_id, client_secret, redirect_uri, and the activation code from Step 4, post a request to the Google’s OAuth2
    Token machine    . Make sure you include grant_type =
    "authorization_code"     in your post fields.

  6. Hurray, you now have a refresh_token that never expires, and a working access_token! Post a request to the Google’s OAuth2 Token
    machine     with your client_id, client_secret, redirect_uri,
    and refresh_token when your access_token expires and you’ll get a
    new one.

More Related Contents:

  1. How to refresh token with Google API client?
  2. How to extend access token validity since offline_access deprecation
  3. Correct way to set Bearer token with cURL
  4. Token must be a short-lived token and in a reasonable timeframe
  5. Authentication on google: OAuth2 keeps returning ‘invalid_grant’
  6. Edit Google calendar events from Google service account: 403
  7. Google Calendar API v3 – authenticate with hardcoded credentials
  8. How can I access an object property named as a variable in php?
  9. Google API Client “refresh token must be passed in or set as part of setAccessToken”
  10. Automatically refresh token using google drive api with php script
  11. Apple Sign In “invalid_client”, signing JWT for authentication using PHP and openSSL
  12. OAuth 2.0 with Google Analytics API v3
  13. Gmail API: 400 bad request when trying to send an email (PHP code)
  14. Google API How to connect to receive values from spreadsheet
  15. want to convert a string into array [duplicate]
  16. Laravel combined OR AND Solution
  17. How to fake $_SERVER[‘REMOTE_ADDR’] variable?
  18. Why is this PHP call to json_encode silently failing – inability to handle single quotes?
  19. How to get the character from unicode code point in PHP?
  20. Save current page as HTML to server
  21. C#’s null coalescing operator (??) in PHP
  22. What does the b in front of string literals do?
  23. how to create a base64encoded string from image resource
  24. executing a Powershell script from php
  25. Error while writting Arabic to image
  26. Passing null to non-nullable internal function parameters – Updating Existing Code Base to php 8.1
  27. How to set a maximum size limit to PHP cURL downloads?
  28. php – add two hours to date variable
  29. What is difference of developing a website in MVC and 3-Tier or N-tier architecture?
  30. PHP Find all occurrences of a substring in a string

Leave a Comment