Reputation: 1
Issue Authenticating GA4 Analytics Data API with Service Account
I've been trying to call the Analytics Data API using a service account for authentication.
To do so, I have
- Enabled the Google Analytics Data API on a GCP project
- Created a service account in the credentials section of the Google Analytics Data API on the GCP console
- Created and downloaded the JSON key file created from the service account
- Set GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON key file
- Added the service account as an administrator to an Analytics account with a GA4 property I have access to
Unfortunately, whenever I try to run any Python scripts using the BetaAnalyticsDataClient, no matter which resource endpoint I try I end up getting this error
response = client.run_report(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/blah/newenv/lib/python3.11/site-packages/google/analytics/data_v1beta/services/beta_analytics_data/client.py", line 518, in run_report
response = rpc(
^^^^
File "/blah/newenv/lib/python3.11/site-packages/google/api_core/gapic_v1/method.py", line 113, in __call__
return wrapped_func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/blah/newenv/lib/python3.11/site-packages/google/api_core/timeout.py", line 120, in func_with_timeout
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/blah/newenv/lib/python3.11/site-packages/google/api_core/grpc_helpers.py", line 74, in error_remapped_callable
raise exceptions.from_grpc_error(exc) from exc
google.api_core.exceptions.DeadlineExceeded: 504 Deadline Exceeded
I've even tried https://github.com/googleapis/python-analytics-data/blob/main/samples/snippets/get_common_metadata.py which uses some global internal property, but still get a DeadlineExceeded error.
I've also tried BetaAnalyticsDataClient.from_service_account_file("the_file") when initializing the client in hopes this would work.
Additionally as a test - although I have no clue if this should even work - have tried:
- gcloud auth activate-service-account --key-file the-service-account-json-key.json
- gcloud auth application-default print-access-token prints an access token
curl -X GET \
-H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
-H "Content-Type: application/json; charset=utf-8" \
https://analyticsdata.googleapis.com/v1beta/properties/0/metadata
which returns
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "google.analytics.data.v1beta.BetaAnalyticsData.GetMetadata",
"service": "analyticsdata.googleapis.com"
}
}
]
}
}
and have tried this on the property which I gave the service account administrator access.
Is there something else I need to enable for service accounts to work?
Upvotes: 0
Views: 1845
Answers (1)
Reputation: 117301
Its hard to help without seeing your code but the error message is telling you what the issue is Request had insufficient authentication scopes.
When making a request you need to be authorized with one of the following scopes.
Fix your scope and try again.
Upvotes: 0
Related Questions
- How to get property_id in Google Analytics Data API (GA4) using Python?
- How to get Traffic acquisition report of my GA4 account using Google Analytics Data API (GA4)?
- How do I call Google Analytics Admin API (for GA4) using an OAuth2 client in node.js?
- Google analytics 4 API with authentication
- Google Analytics API using PHP with service account
- issue with gdata analytics client in python