Another account access my Analytics API - api

I want to build a dashboard to my clients access your respective website analytics. But, after some research, I'm stuck.
Let's imagine the scenario:
My Analytics Account:
Client X - websitex.com
Client Y - websitey.com
In my dashboard, when the cliente Y log in, the data (pageviews) of websitey.com is shown on graphics.
But, there's a way to do that? By the moment, the only thing i got is retrieve information for my logged account (my analytics ID), not the information about another account.
There's a way to use the Google API, or, I'll have a "separate database" to save data each website?
Sorry, I'm really lost at the moment.

You can only view Google Analytics Accounts that you are authorized to view. For some reason this is a source of major confusion (seeing that your are not the first to ask), although it should be fairly self-evident.
If you want to see data from your clients account you have to ask your client to add your Google email to the GA account. If an email address is added to multiple accounts you can, via the API, choose between the accounts. Clientside authorization (OAuth2) will only work as long as somebody is logged in via a client application (usually a browser). The practial effect is that everybody who is authenticated via OAuth against Google will see only his own GA accounts, not other peoples data.
If you want a serverside application to pull data from various GA accounts you need a service account. But even the service account needs to be added to the GA accounts.
You can use the core reporting API, but the API will not give you access to accounts that you are not authorized to look at; your client needs to authorize you (or your applications service account).

Related

How to find which Google Cloud Project is associated with an instance of Google Classroom?

I'm trying to pull our Google Classroom data into a custom web application via the Google API Client (PHP). I was able to make a successful call using a service account set up in Google Cloud, but the call returned no Classroom data.
I'm assuming the Classroom data must be associated with a different Google Cloud Project, I'm just not sure which one. I don't want to create a service account for every single project and test them, there are too many projects. I've looked everywhere and I can't seem to find the answer to the question: how do I find out WHICH project a Google Classroom integration is associated with, so I can configure the API Client accordingly?
I tried looking through all Classroom settings to see whether there was any information about the Google Cloud Project being used to store the data. I tried contacting Google Support, but so far I've had problems getting an answer to my question.
Ultimately I just want to pull the Classroom data into our web application.
Thanks
To use a service account with google classroom api you must configure Domain wide deligation. This will allow the service account to impersonate a user on your domain.
$user_to_impersonate = "admin#yourdomain.com";
$client->setSubject($user_to_impersonate);
The service account will then behalf as though they were that person. It can then see everything that user has access to.
Without delegation in place the service account doesn't have access to anything.

Is it possible to pull reviews using a Service Account for a Google My Business Account?

Really straightforward question. Is there a way to use the Service Account credentials to gain access to a particular Google My Business location Reviews?
(Some context, I'm not pulling from an unowned business. I have access to the information and we're an authorized user. Essentially we are the business owners or agency)
https://developers.google.com/my-business/
For broader context, we came across this issue:
How do I authorise an app (web or installed) without user intervention?
... and we want to automate the acquisition of reviews for a client who wants to have access to their reviews. However, we need to manually get the refresh token...
Steps 11 and 12 are as such...
Click Step 2 and "Exchange authorization code for tokens"
Copy the returned Refresh token and paste it into your app, source code or in to some form of storage from where your app can retrieve it.
We would ideally like to automate this side of the process. Is this feasible using the Service Account and a Restful Endpoint or a library provided by the Nuget Package?

Authenticating users from separate devices to be be able to pull data from an API

I'm having trouble deciding on / understanding which method of authentication would be best in the following situation:
I have 3 separate "clients". A website, mobile app and browser extension.
Users information and data is stored in a database.
The 3 clients will access the data via an API.
What I am trying to get my head around is how users of the system would login via one of the three clients and authenticate with the API so they can then proceed to get and post data to the API.
I do not require 3rd party applications to access the API. Users can only access it by logging into the clients I provide. For this reason am I right in thinking that OAuth1/2 would be over kill?
I have attached an image which details how I envision the system.
An additional question:
Where is it in the system the authentication comes in? Would I authenticate within the API? So the user uses a form on one of the three clients to send a password. The API then returns a "what" if they provide valid credentials?

How do I get Google Analytics data into a CMS without asking the user to authenticate?

I have a web application backend for my clients web site. Authorised staff can log in to the backend and view data.
I want to pull some data from Google Analytics to be viewed in the backend, but GA seems to insist that the user is logged in to their Google account themselves using OAuth2
I want to be able to authenticate the server not the user. They already have permission and it seems unnecessary and possibly intrusive to ask them to link their Google accounts to the GA account and possibly even have to create one first.
The server already has to supply a client id, client secret and an api key, so it's not as if there isn't already an authenticated connection.
I'm guessing that there must be a way to pass the Google Analytics account credentials to OAuth2 somehow but I am not that familiar with OAuth2
Is this possible and how would it be done. A simple example or a nudge in the right direction would be appreciated
There are similar questions around but the ones I have found do not answer my question in the way I need.
Yes you need to store the authentication, but you may be able to use Google Analytics Super Proxy for your needs. At the very least you can see its code on how it stores the authentication.
You authenticate once, input the data you need scheduled from the GA Reporting API, then take the data feed and use it to build charts in your intranet. Any user can view those charts without needing to login to GA themselves.

How would Google Multiple Accounts Sign-in be implemented?

Google published that they are testing a feature that allows you to sign in simultaneously to multiple Google accounts in the same browser.
Any idea how would that be implemented ?
I don’t have any inside info on how multiple accounts are actually supported, but here’s what I presume:
Your cookie holds a security token, just like in the old days.
The security token now maps to a set of signed-in accounts on the server.
I’d guess there’s a notion of an active account among this set.
When you go to a Google service that implements multiple-account support, the service pulls down your active account and drops you into that account by default.
Then, you get presented with some UI that lets you toggle between your other signed-in accounts or lets you sign into a new account.