ben tedder : code things

Server-to-server authorization for Google Analytics API with Node.js

Here's a walkthrough on performing server-side authentication with the Google Analytics API and Node.js.

What you'll need

First, you'll need the Google API Node.js Client - install with npm install googleapis --save.

Next, go to the Google Developers Console and create an account and a new project.

Turn on the Analytics API from the APIs & Auth section.

Create a new Client ID (in the credential section). Make sure it's a Service Account. This will create and download a .p12 file and reveal a password to you on screen (used below). Also, take note of the Service Account "Email Address" field, you'll need it later.

Move this .p12 file into your project. Run this command from the command line:

openssl pkcs12 -in YOURFILE.p12 -nocerts -passin pass:YOURPASS -nodes -out MYNEWFILE.pem

This generates a .pem file, which you will reference when creating the authentication script.

Hook it up

Next, copy the email address from the service account (in the credential section) and go to your Admin panel in Google Analytics. Find the area to add new users to your Google Analytics Property, and add that email address as a user that has at least READ rights.

The code

Ok, you should be all set to go. Here's the first bit of code you'll need:

var google = require('googleapis');
var analytics ='v3');
var jwtClient = new google.auth.JWT(
  process.env.GA_EMAIL, // I store my stuff in an .env file so it's not in the file
  '/Users/YOURUSERNAME/Documents/dev/MYKEY.pem', //wherever you can access this file
  [''] //scope

This will bring in the Google Analytics API functions and create a new JWT client. Next we just need to authorize, and then we're ready to query the API.

jwtClient.authorize(function(err, tokens) {
  if (err) {
  } else {

    // yay, we're authorized! make API call here...


OK, we're authorized. Now, let's query the API. The Google Analytics API comes with a core reporting API and a realtime APi. Make sure you know which one you're using. And make sure you know your rate limits (right now it's 50,000 request/day for free).{
  auth: jwtClient,
  'ids': 'ga:IDGOESHERE',
  'metrics': 'ga:pageviews,ga:sessions',
  'start-date': '2015-01-01',
  'end-date': '2015-03-09'
}, function(err, response) {
  // handle the errors (if any)
  // handle the response

PAUSE. That ID in the above statement is important. It's not the account ID, it's not the tracking ID, it's the View ID. Go to the Google Analytics admin panel. Find your "Account", then find the "Property", then find the "View". You'll see "View Settings". Click that. You'll be presented with the details about the view (name, url, time zone, etc.). But most importantly, it tells you the View ID. This is what you need to use in the query statement above.

Also, make sure you include the auth: jwtClient in there, as it needs to know you're authorized to make that call. That wasn't in the docs, I made a lucky guess :).

Hope that helps!