Really straightforward question. Is there a way to use the Service Account credentials to gain access to a particular Google My Business location Reviews?
(Some context, I'm not pulling from an unowned business. I have access to the information and we're an authorized user. Essentially we are the business owners or agency)
https://developers.google.com/my-business/
For broader context, we came across this issue:
How do I authorise an app (web or installed) without user intervention?
... and we want to automate the acquisition of reviews for a client who wants to have access to their reviews. However, we need to manually get the refresh token...
Steps 11 and 12 are as such...
Click Step 2 and "Exchange authorization code for tokens"
Copy the returned Refresh token and paste it into your app, source code or in to some form of storage from where your app can retrieve it.
We would ideally like to automate this side of the process. Is this feasible using the Service Account and a Restful Endpoint or a library provided by the Nuget Package?
Related
We are working on a system which retrieves data from customers' Shopify shops and provides some services based on this data. In order to make it as convenient as possible for an end-user we would like to update this data on a daily\weekly\monthly basis.
For now we only came up with a solution of implementing unlisted app, prompt a user to provide all necessary permissions for the app to access their shops and fetch the data. But the token we get doesn't seem to be valid for a long time and we probably won't be able to reuse it a day later.
We appreciate it if you can share any success cases of implementing this kind of approach.
You provide an App to the merchant they can install using oAuth. When the merchant is prompted to approve the App, Shopify will then provide your App with a long-lived access token you can use as much as you want, for as long as you want. I use a custom App from my Partner App dashboard to create these kinds of one-off Apps. It is superior to the one where the merchant has to tick off scopes and permissions IMO.
There are two kinds of token you can ask for and receive. One is considered for offline access, or long-lived. It works for everything. It is for webhooks as an example, or other access where no person is involved. But, there is also, online access tokens! Say a person clicks into the App from Shopify to do some work. You can request an online token for them to do their thing, and that token is only good for say 24 hours.
So you have options!
I'm having trouble deciding on / understanding which method of authentication would be best in the following situation:
I have 3 separate "clients". A website, mobile app and browser extension.
Users information and data is stored in a database.
The 3 clients will access the data via an API.
What I am trying to get my head around is how users of the system would login via one of the three clients and authenticate with the API so they can then proceed to get and post data to the API.
I do not require 3rd party applications to access the API. Users can only access it by logging into the clients I provide. For this reason am I right in thinking that OAuth1/2 would be over kill?
I have attached an image which details how I envision the system.
An additional question:
Where is it in the system the authentication comes in? Would I authenticate within the API? So the user uses a form on one of the three clients to send a password. The API then returns a "what" if they provide valid credentials?
I want to build a dashboard to my clients access your respective website analytics. But, after some research, I'm stuck.
Let's imagine the scenario:
My Analytics Account:
Client X - websitex.com
Client Y - websitey.com
In my dashboard, when the cliente Y log in, the data (pageviews) of websitey.com is shown on graphics.
But, there's a way to do that? By the moment, the only thing i got is retrieve information for my logged account (my analytics ID), not the information about another account.
There's a way to use the Google API, or, I'll have a "separate database" to save data each website?
Sorry, I'm really lost at the moment.
You can only view Google Analytics Accounts that you are authorized to view. For some reason this is a source of major confusion (seeing that your are not the first to ask), although it should be fairly self-evident.
If you want to see data from your clients account you have to ask your client to add your Google email to the GA account. If an email address is added to multiple accounts you can, via the API, choose between the accounts. Clientside authorization (OAuth2) will only work as long as somebody is logged in via a client application (usually a browser). The practial effect is that everybody who is authenticated via OAuth against Google will see only his own GA accounts, not other peoples data.
If you want a serverside application to pull data from various GA accounts you need a service account. But even the service account needs to be added to the GA accounts.
You can use the core reporting API, but the API will not give you access to accounts that you are not authorized to look at; your client needs to authorize you (or your applications service account).
I have a web application backend for my clients web site. Authorised staff can log in to the backend and view data.
I want to pull some data from Google Analytics to be viewed in the backend, but GA seems to insist that the user is logged in to their Google account themselves using OAuth2
I want to be able to authenticate the server not the user. They already have permission and it seems unnecessary and possibly intrusive to ask them to link their Google accounts to the GA account and possibly even have to create one first.
The server already has to supply a client id, client secret and an api key, so it's not as if there isn't already an authenticated connection.
I'm guessing that there must be a way to pass the Google Analytics account credentials to OAuth2 somehow but I am not that familiar with OAuth2
Is this possible and how would it be done. A simple example or a nudge in the right direction would be appreciated
There are similar questions around but the ones I have found do not answer my question in the way I need.
Yes you need to store the authentication, but you may be able to use Google Analytics Super Proxy for your needs. At the very least you can see its code on how it stores the authentication.
You authenticate once, input the data you need scheduled from the GA Reporting API, then take the data feed and use it to build charts in your intranet. Any user can view those charts without needing to login to GA themselves.
I can see many related questions on SO, but none that answers exactly what I'm confused with.
I'm using Google Calendar API in a .NET desktop application that allows user to provide his/her username/password, logs in on his behalf and adds some events to the calendar. Now I want to do exactly the same thing for Tasks feature. I'm trying to use Google Tasks API for this, but have been told that I need to do some OAuth kind of authentication, and even before that, I need to go to my gmail account and set permissions and get my project "key" to enable it.
Now does every user of my application need to do these steps in their Gmail account? Or do I need to do this in MY gmail account once and then my application code will be able to use the generated project "key" to enable my users to add tasks to THEIR gmail tasks list?
Figured it out. For anyone having a hard time understanding this, here it is:
The "key" generation step needs to be done only once per application, not for each user who's going to use your application. To generate a key, login to your Google Account and go to Google APIs Console page. Click API Access button and that's where you can generate keys for different kinds of applications like browser apps, desktop apps, Android apps etc. After registration, you'll need to take Client ID, Client secret and API key from this page and put them into the code. Sample code (.NET) for task creation and several other Google features is available here.
Once your user runs your application, he'll be taken to his Google account in his default browser where he'll be asked if he wants to allow this application to write to his calendar/tasks list. This page will display your logo and description text too that you can provide at registration time. Once allowed, this step won't be required again in the next one hour (this may be adjustable, i don't know yet).