Assigning profile rights for app email address with p12 based authentication

[GeNextWebs Technologies]

Hello,

          I have implemented Google analytics reporting for one of my client using PHP. I am using p12 baesd authentication & getting profile access via app mail address. I have used below link for generating code.

https://developers.google.com/analytics/devguides/reporting/core/v3/quickstart/service-php

So is there any limitation like maximum how many profile I can give read_analyze access on app mail id (https://developers.google.com/analytics/devguides/reporting/core/v3/quickstart/service-php)?

And regarding number of API calls it will be same as normal Core reporting API (50,000 calls per application per day)?

Thanks.

[Matt]

There is a programatic limit to the number of accounts you can give an email account access (100 accounts per user).

And regarding the number of API calls it can make all the normal Limits and quotas apply to a service account.

How many views (profiles) where you planing on give the service account access?

-Matt

[GeNextWebs Technologies]

Thanks for the reply. As its having limit of 100 accounts per  email addres, how can we manage more than 100 accounts? Do I need to generate more keys & email address from my app and allow the access? And how can I manage multiple keys & mail addresses in my PHP application?

Thanks.

[Matthew Cohoon]

You could consider alternative methods of authentication. Web based authentication can allow applications to access thousands accounts, as one example the Demos and Tools site can allow anyone to authorize it to generate reports upon their behalf. The use case for a service account is to grant permanent offline access to a Google Analytics Account, think of it as a trusted user that has programmatic access.

Alternatively you could allow for the growth organically, the end user could add the service account user through the web interface, however allowing growth beyond 100 accounts is not recommended as more expensive top level list operations may become unfeasible, such as segments.list.

What is the end use case for your PHP application? Is it a server application that generates reports for several hundred clients? Or is it an application which you could trigger and authorize at the request of a user who already has access to the accounts?

-Matt

--
You received this message because you are subscribed to a topic in the Google Groups "google-analytics-data-export-api" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-analytics-data-export-api/jz8xR1zrF8w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-analytics-data-...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tim Bongers]

Hi Matt,

I'd like to jump in on this, as we have the same problem, We are running a PHP server application to get reporting data for our customers. The service account address is added either by us or by the customer itself. As the PHP script is supposed to run on its own, there is no way to authorize manually and the 100 account limit was a big problem for us. The limit has been set to a higher number for our account already, but we might hit that limit at some point again. What would be the recommended way of doing this for several hundred accounts? Are there plans for having an MCC account similar to AdWords?

Kind regards,

Tim

To unsubscribe from this group and all its topics, send an email to google-analytics-data-export-api+unsubscribe@googlegroups.com.

[Matt]

Hi Tim,

Have you considered requesting offline access, In this way the end user can authorize your application once and your application can continue access that data even when your client is not present.
Regards,

Matt

[GeNextWebs Technologies]

Actually I am building GA tool for one of my client & he wants to use service based method for fetching the data & he is having several thousand profiles needs to be integrated so I am trying to make it automated like if I generate key-email pair from the app & authorize 100 profiles & somehow I come to know which profile is associated with which key-email pair then the process should be easier & we can proceed with manually mapping p12 key - email - profile in database, that's my main concern.

Thanks.

To unsubscribe from this group and all its topics, send an email to google-analytics-data-export-api+unsubscribe@googlegroups.com.

[Tim Bongers]

Hi Matt,

the script I'm running is getting reporting data for all customers and is started each night as a cronjob. The authorization by the customer is currently handled by manually adding our service account to the profile, either by one of my colleagues or by the customer himself. 

If I created another script to request offline access from the customer once, wouldn't the resulting access token only be available to the current client object and therefore not be usable by the cronjob? Or is there a way to store the access tokens and re-use them?

Regards,

Tim

[Matthew Cohoon]

You will need to store the refresh token between sessions, and then when you need to access the data at a later time you simply need to get a new access token with the refresh token.

If you look at the HTTP section of the documentation it will shed some light on what is happening under the hood in the client libraries.

-Matt

To unsubscribe from this group and all its topics, send an email to google-analytics-data-...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "google-analytics-data-export-api" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-analytics-data-export-api/jz8xR1zrF8w/unsubscribe.

To unsubscribe from this group and all its topics, send an email to google-analytics-data-...@googlegroups.com.