I seem to be having a weird problem with my personal account getting mixed up with my work account when using the GA API... I created a dev con project under my work account and downloaded the client secret json file, but, even though I have never used any Google API with my personal account, the GA API seems to be only picking up my personal site...
Oddly, when I use the Query Explorer, https://go-dev-tools.appspot.com/explorer, with the very same work account, I see the correct work GA sites...
I have used the "linked" account before however but I'm quite sure that I was not on my personal account when I created my dev con client secret json Oauth2 stuff...
Has anyone run into this before? How can I unlink my personal account as I need to pull using only my work account?
Thanks for any help you can give...
Frank
First of all check that your home email does not have user access to the work accounts. It would show up even with only Read access.
Second I'm thinking perhaps you are confusing the Google API console user with the GA authenticated user.
You can create a Google API project with the GA API with your home account, with the OAuth2 and client secret etc.
It is then possible for any user to autheticate with your app (including your work email), it just uses your Google API project to get there.
If you want to keep it all seperate, then try creating the Google API project with your work email instead.
The Google API project was set up correctly, but the authenticated user, which I cached awhile ago, must have been my personal one. I nuked the cache and created a new one with the correct account and seems to be fine.
Related
I am facing the challenge to request the Bing Ads API to get a couple of metrics from it.
I am using Apache Airflow DAGs hosted on a remote Kubernetes cluster to do so. It is a nice way to automate and schedule tasks.
Now, the documentation is rather light on the point of gaining access to the API.
I have followed this https://learn.microsoft.com/en-us/advertising/guides/authentication-oauth-identity-platform?view=bingads-13#registerapplication
and the official SDK docs https://github.com/BingAds/BingAds-Python-SDK/.
I am failing at authenticating when querying, since I am lacking a couple of pieces of information.
When authenticating using the "refresh token" and "redirect URI", I do not have either. (Class OAuthWebAuthCodeGrant here: https://github.com/BingAds/BingAds-Python-SDK/blob/294d01eea57d80ba381a42cde8d006fc318af056/bingads/authorization.py#L566)
When using a different method (Class OAuthDesktopMobileAuthCodeGrant here: https://github.com/BingAds/BingAds-Python-SDK/blob/294d01eea57d80ba381a42cde8d006fc318af056/bingads/authorization.py#L532), I fail w/
AADSTS700016: Application with identifier '<someidentifier>' was not found in the directory '<somethingelse>'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
Thank you very much in advance! If you need more details, let me know!
Also great documentation in general, if I can make it more "newb"-friendly, let me know!
Edit1:
Sadly, while there has been some traffic to this question, nobody seems to be able to answer.
I will specify the set up a bit further.
We use Airflow DAGs to request daily updates from the API. For this, we need to authenticate. The authentication comes from a "new device" every time, since the code runs on a k8s cluster which allocates the jobs dynamically to it's pods.
For authentication, we ventured into different solutions, but all require some form of human interaction to get the refresh token into the DAG.
Is there any solution which allows for a hands-free deamon like many-server-to-server communication?
This link sheds some light on what we are looking for: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-registration#api-permissions---app-permissions-and-admin-consent
Sadly, the Bing Ads API does not show up there.
What key piece of information are we missing?
Bing Ads, like Google Ads, uses OAuth for its API.
If you reference the Getting Started page, it mentions that you need a developer token, complete with links.
You can follow these steps to get a developer token for production.
Sign in with Super Admin credentials at the Microsoft Advertising Developer Portal account tab.
Choose the user that you want associated with the developer token. Typically an application only needs one universal token regardless how many users will be supported.
Click on the Request Token button.
Regarding your specific scenario--an application running in the cloud without an interface--you should know that OAuth requires you to interact with it to set things up. So run your app locally ONCE, or at least the getting_started code from your language's walkthrough: https://learn.microsoft.com/en-us/advertising/guides/walkthrough-desktop-application-python?view=bingads-13
Running it locally will go through the authentication process with your browser and generate a refresh token (in the file refresh.txt by default). Store this file with your code. It will have to be on the server that's making the request, and since it's in Kubernetes, you'll have to keep it with your container file.
I have been trying to automate the addition of users to many tagmanager accounts through powershell.
I have manged to get myself through oauth setup, got the access token and refresh token.
However when I go to try and list all the accounts, I get a 403 response, when I look at this in the play ground its working.
Now when I look at GCP, I can see the consent page want to do some domain verification, as I have apparently added sensitive scopes. However I am not building a app, I am just running the scripts as a management/administrative exercise. So I am not sure what i can as the consent form wants me to supply domains, home pages, etc.
Anyone have any ideas?
Regards
Allan
As John said is recommended to use a Service Accounts for non-human users:
https://cloud.google.com/docs/authentication/#principals
https://developers.google.com/tag-manager/api/v2/authorization
Did you fix it?
How smartsheet developer tool account is different from paid account.
Also how developer account can be use for API call as pre-production environment.
Developer Tools can be enabled on any Smartsheet account. Having the Developer Tools enabled allows you to create an app for implementing the OAuth flow.
The purpose behind having a separate Developer account is to ensure you can experiment with the Smartsheet API without worry of making changes to critical items needed for every day work.
Since the Developer account is signed up with a different email address than the one you use for your main Smartsheet account it is a completely separate environment. But, it still acts like any other Smartsheet account. Without sharing the account to items in Smartsheet it won't be able to access them. This way you can create Sheets, Reports, and Dashboards to simulate the data you will be working with. Then as you make API calls to them you know you aren't causing issues for the real items people at your company are working on in Smartsheet.
One approach would be to share the Developer account to a collection of things you will eventually be running your requests against in production from your main Smartsheet account. Then in the Developer account make copies of those items. Once this is done you can un-share the Developer account so that it no longer has access to the real items in Smartsheet. Then you can make requests to the API to test your code and see the results as it would really happen. Once you've proven your code works you can adjust the access tokens and id numbers of Smartsheet items to work for your production stuff.
I am using the classic API. Everything works fine in the test environment and now I want to go live but all the information I see on the PayPal developer about going live doesn't discuss how to do this with the classic API.
I am not sure which API or API's you are specifically trying to use but as long as you have a live account that is already enabled for the services you are going to be using, you just need to replace your credentials. You will need to replace the sandbox credentials with your live ones, and change the environment/endpoint to the the live site. If you dont already have an account set up on live, you will need to sign up for the account. Depending on what service you are trying to use, you may have to wait for an approval before you can use it.
I am writing a desktop app, so webbased oauth circuit is not applicable to my needs.
now if you are an AWS customer you have your secret user/pass to own the account.
but you also can generate access-key secret-key to "share" with some pals, allowing them
to use your account without giving them the admin control.
for example, your developers or serverside-apps can connect to S3 buckets using
access-keys, while creditcard info is safe.
i couldnt find the way to do exactly the same with FB or TW...
i want to provide my clients a service to work with their accounts, but i dont want them to tell me their usernames and passwords. instead of that, i prefer to ask them their "access-keys"
i am not sure if they can generate them (i mean, if those platforms offer the feature...)
i saw tweetdeck asking for user/pass info of each account.
can anybody tell me if FB or TW provide these feature ? and if so, what is the link to generate them ?