Google Analytics API for commercial website - api

This question is for anyone that used Google Analytic API on a commercial website.
For instance you have a website where members can upload music and pay for a membership to track via Analytics how many people visited their uploads.
Does Google allow to use the Analytics API for commercial use?

The Analytics API may be used for both commercial and noncommercial purposes in ways consistent with these API Terms.
http://code.google.com/apis/analytics/docs/gdata/gdataTermsOfService.html

Please refer to the lengthy Terms of Service :)
EDIT: As #yc pointed out, this is a question toward the the API (thanks btw).
While I don't think my original answer is totally correct, I think it is worth mentioning the "Privacy" paragraph in the "Regular" Analytics TOS:
PRIVACY . You will not (and will not allow any third party to) use the
Service to track or collect personally
identifiable information of Internet
users, nor will You (or will You allow
any third party to) associate any data
gathered from Your website(s) (or such
third parties' website(s)) with any
personally identifying information
from any source as part of Your use
(or such third parties' use) of the
Service. You will have and abide by an
appropriate privacy policy and will
comply with all applicable laws
relating to the collection of
information from visitors to Your
websites. You must post a privacy
policy and that policy must provide
notice of your use of a cookie that
collects anonymous traffic data.
I am by no means a lawyer, but just want to point out that you need to be careful about what data you collect. Especially when using Event Tracking and Custom Variables.

From the API page:
What does the Google Analytics Data
Export API cost?
The Google Analytics
Data Export API is free. We intend to
always provide a basic level of
service for free. As we continue to
build out more advanced features and
functionality, we may revisit this
later.

Related

How can I acquire data from social media to analyze it using machine learning?

I have a project where I'm required to predict future user location so that we can provide him with location specific services as well as collect data from his device that would be used to provide a service for another user etc...
I have already developed an android app that collects some data but as social media is the richest in terms of information, I would like to make use of that. For example, if the user checks in in a restaurant and gives it a good review (on fb for example) then he is likely to go back there. Or if he tweets a negative tweet about a place then he is unlikely to go back there... these are just examples I thought of.
So my main issue is: how do I even get access to that information? I mean it's not like the user is going to send me a copy of every social media activity they have so how do I get it and is that even possible? Because I know fb, twitter and other social medias have security policies so I initially thought it couldn't be done and that only facebook gets access to their users' information to predict their likes and dislikes and show them adds and sponsored posts accordingly but when googling it, I found a lot of tools that claim to be able to provide that sort of data. How did they even acquire it and is it possible for me to do the same?
Facebook, Twitter, etc. have well-documented APIs that may or may not allow you to access the data.
For the APIs, see the official documentation of each, because anything I write here will likely be outdated in a year or two, as their APIs change.
Don't rely on web scraping. The web sites change design more often than the API, and you will likely violate the terms-of-service.

Nature of Intellij Integrations

When installing the latest intellij, I was reading the privacy policy and came across this:
We use third party service providers as discussed in this section. We also use third party service providers in other circumstances; a complete list of the reasons in which we use third party service providers can be found here.
The word "here" links to this page, which as of this writing contains only a list of links to other privacy policies, and NO information about how these 3rd parties are used or what data is shared with them (despite the text in the policy itself claiming the page contains this information).
Does anyone know HOW and WHEN the following services (copied from the above wiki page in case it changes) are used by Intellij?
Survey Gizmo
Statwing
QuickTap Survey
Facebook
Google
Microsoft
LinkedIn
Yandex
Twitter
Adyen
Crazy Egg
The survey ones are fairly obvious what's probably going on, but what data, is shared and under what circumstances with some of the others could be important. In some cases folks might be working on projects meant to be kept secret, or might have personal or ethical reasons to avoid having a presence on some of those services. Without knowledge of which features send data to these providers, and what data is sent it's hard to agree to the policy.
One might also argue that the failure to specify as claimed in the policy means they don't get to send any data, but nobody wants to bother with that legal mess... particularly since they could change their wiki after the fact, and then one has to prove what it said at the time etc. The alternate argument is that the lack of specification implies they might share any and all data...
Does anyone know of better information about how Intellij uses these providers? Googling just got me lots of links on how to install Facebook SDK etc...
The privacy policy page shows links to the privacy policies of services used by the JetBrains Web site, marketing activities etc. As of version 2016.2 and all earlier versions, IntelliJ IDEA does not connect to any of those services, or send any data to them, from the product itself. I (a member of the JetBrains management team) am also not aware of any plans to start doing so in the future.
(Note that third-party plugins not developed by JetBrains do sometimes use those services.)
None of our downloadable IDE's or tools send back any sort of confidential information at all. The only information that is sent is anonymous usage data and ONLY with the consent of the user. Even accepting the Privacy Policy does not imply you have to send back data. It's completely opt-in.
Beyond that, the only other information sent is performance data, exceptions and other information which again requires explicit user action and consent.
The Privacy Policy covers every software and service we provide at JetBrains, including but not limited to our installable tools, services, our web sites, surveys we may run etc. The services you mention are all related to our web site, e-shop, social media promotions, any advertising campaign and/or any surveys we may run. Our tools do not use any of those services.
Concurring with my colleague Dmitri, we do not however control what individual plugins may or may not do.
We do appreciate your feedback however and we will take steps to make it clearer on the page.

Query "Remaining Quota" for Microsoft Cognitive Services APIs programmatically

I am currently using 3 Microsoft APIs: Text Analytics Api, Bing Search Api and Linguistic Api. I want to know if there's any Api or method to retrieve remaining quota programmatically for my specific Api against my Api Key?
Other thing I want to know if any Api or any method of these APIs to tell me programmatically if my key is valid or invalid.
For the first question, I do not think there is a way to check you remaining quota. If you are concerned about spending beyond your budget, you may be interested into keeping track of the number of calls you do to Microsoft Cognitive Services. In any case, this is the kind of question I suggest you should directly ask to Microsoft Cognitive Services customer services.
For the second question, there is no way to do so. If such way would exist, that would encourage malicious users to find it to generate keys at will. Assuming you have an expired key, the only way to verify its validity is to make a call to any of the Microsoft Cognitive Services APIs and check the error code message, if any.

Can client side mess with my API?

I have a website that revolves around transactions between two users. Each user needs to agree to the same terms. If I want an API so other websites can implement this into their own website, then I want to make sure that the other websites cannot mess with the process by including more fields in between or things that are irrelevant to my application. Is this possible?
If I was to implement such a thing, I would allow other websites to use tokens/URLs/widgets that would link them to my website. So, for example, website X wants to use my service to agree user A and B on the same terms. Their page will have an embedded form/frame which would be generated from my website and user B will also receive an email with link to my website's page (or a page of website X with a form/frame generated from my server).
Consider how different sites use eBay to enable users to pay. You buy everything on the site but when you are paying, either you are taken to ebay page and come back after payment, or the website has a small form/frame that is directly linked to ebay.
But this is my solution, one way of doing it. Hope this helps.
It depends on how your API is implemented. It takes considerably more work, thought, and engineering to build an API that can literally take any kind of data or to build an API that can take additional, named, key/value pairs as fields.
If you have implemented your API in this manner, then it's quite possible that users of this API could use it to extend functionality or build something slightly different by passing in additional data.
However, if your API is built to where specific values must be passed and these fields are required, then it becomes much more difficult for your API to be used in a manner that differs from what you originally intended.
For example, Google has many different API's for different purposes, and each API has a very specific number of required parameters that a developer must use in order to make a successful HTTP request. While the goal of these API's are to allow developers to extend functionality, they do allow access to only very specific pieces of data.
Lastly, you can use authentication to prevent unauthorized access to your API. The specific implementation details depend largely on the platform you're working with as well as how the API will be used. For instance, if users must login to use services provided by your API, then a form of OAuth may suffice. However, if other servers will consume your API, then the authorization will have to take place in the HTTP headers.
For more information on API best practices, see 7 Rules of Thumb When You Build an API, and a slideshow from a Google Engineer titled How to Design a Good API and Why That Matters.

Design an API for a web service without "selling the farm"?

I'm going to try to phrase this as a generic question.
A company runs a website that has a lot of valuable information on it. This information is queried from an internal private database. So technically, the information in the database is the valuable part.
If this company wished to develop an API that developers could use to access their database of valuable & useful information, what approach should the company take?
It's important to give developers what they need. But it is also important to keep competing websites from essentially using the API to steal everything and essentially steal all traffic from the company's website.
Is there was some way the API could be used in a way that drives traffic back to the original company's website somehow? Something that gives users a reason to keep going there.
This is a design consideration that my company is struggling with that I can imagine other web-based services have come across before.
Institute API keys - don't make it public. Maybe make the signup process more complex than "anyone with an e-mail address".
Rate limit the API based on keys. If you're running more than X requests a minute, you're likely mining the database.
Don't provide a "fetch everything" API. Make the users know something to get information on it. Don't reveal what you know.
I've seen a lot of companies giving out API keys and stating a TOS that all developers must adhere to. For example, any page that uses data from the API must include your logo and a link back to your website. If any developer is found breaking the rules, the API key can be cancelled and your data is safe again.
Who is meant to use the API?
A good general method of solving this problem is to limit access to the data to end users (rather than allow applications or developers at it). Provide applications and users with identification, each, and make sure that to access a subset of the data, a combination of both user and application key is required.
Following this pattern, each user will have access to a very limited subset of the data (presumably, the data that they require for their own specific use), and you can put measures in place to enforce this. Any attempts at data-mining will become obvious.
This type of approach meshes well with capability-type security models on the server side.