Integrating Metric Insights with Google Services

This article describes how to integrate with Google Services (BigQuery, Analytics, Calendar, Spreadsheet) in order to fetch their data into a Metric Insights' portal. 

To establish connectivity with Google Services, you need to configure an API Console Project and create a single Client ID that will serve as a basic identifier between any Google plugin and a Metric Insights instance. 

WORKFLOW:

  1. Build an API Project in the Google API Console
  2. Enable the required APIs for your Project
  3. Create a Web Client and get Authorization Credentials
  4. Add Permission Scopes for your Web Client

PREREQUISITES:

How do I know if my Domain is verified?

To check whether your domain has been verified, follow this link Verify your domain with a TXT record

If Google informs you that your domain is authorized, proceed with the steps described below.

1. Build an API Project in Google API Console

 

  1. The API Console is where you enable and disable APIs, manage and view traffic data, and set up authentication. 
  2. project is a collection of settings, credentials, and metadata about the application or applications you are working on that make use of Google APIs and Google Cloud Platform resources.
Google APIs Console

Go to:  https://console.developers.google.com

Select the API project or create a new one

2. Enable APIs for your Project

 

  1. Enabling an API associates it with the current project.
  2. The process of enabling an API varies depending on the API. Some APIs will prompt you to accept their Terms of Service before you can enable them.
  3. If you want to integrate several Google services with Metric Insights, you can enable the corresponding APIs from the API Library.
Enabling APIs
  1. Click Enable API at the top of the page
  2. You are redirected to the APIs Library
  3. Select the required API and open its Dashboard. You can enable APIs for all supported services (BigQuery, Analytics, Calendar, Spreadsheet) in this single Project.
  4. Click Enable

3. Create a Web Client and get Authorization Credentials

 

  1. Only one Google Project and one Web Client are required to establish connectivity to all supported Google services via plugins offered by Metric Insights.
  2. Despite the fact that only one account (where the  API Console Project was created) serves for establishing connection between Google and Metric Insights, other Google accounts can be used to create Data Sources for elements.
Creating New Credentials
  1. Go to Credentials on the left side panel
  2. Click Create credentials and select OAuth client ID from the drop-down list

3.1. Configure a Web Client

Since your Web Client will be using OAuth 2.0 to access Google APIs, it must have authorization credentials that will serve as its identifiers to Google's OAuth 2.0 server.  

Client ID and Client secret are used to access the APIs that you have enabled for your project.

Create Client ID

NOTE:

  • Applications that use JavaScript to access Google APIs must specify authorized JavaScript origins. The origins identify the domains from which your application can send API requests.
  • See Step #3 and Step#4  below for details.
  1. Select Web Application
  2. Enter a meaningful name
  3. Enter Authorized JavaScript Origins.  Example: where the hostname is demo.metricinsights.com, the default is:
 https://demo.metricinsights.com
  1. Enter Authorized Redirect URIs, enter /path/to/callback value as /editor/service/validategoogleoauth2  Example: where the hostname is demo.metricinsights.com, the full value becomes:
 https://demo.metricinsights.com/editor/service/validategoogleoauth2

NOTE: This value is referenced by Metric Insights at Admin > Utilities > Config variables GOOGLE_OAUTH2_REDIRECT_URI.

3.2. Use Client Credentials for Google Authentication

After Client ID and Secret Key are displayed, record these values to use for Google Authentication.

  • See details below.

3.2.1. Authentication with a Google Service

To be able to source data from a Google Service, provide Authentication Values in the Connection Profile Parameters.

Client ID and Secret Key are displayed

When creating a Connection Profile with a Google Service:

  1. Go to Plugin Data Sources Editor > Info tab
  2. Among the Required Parameters, specify Client ID and Client Secret

4. Add Permission Scopes for your Web Client

Based on your needs, you will either have an Internal or a Public Web Client. Consult your Google Administrator to find out which type of Web Client you require.

Configuration differences for both types of Web apps are described below.

To be able to fetch data from your Google Services, enable ONE of the following Permission scopes:

https://www.googleapis.com/auth/<service name> 
https://www.googleapis.com/auth/<service name>.readonly  
https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/cloud-platform.read-only

NOTE:            
Replace <service name> with bigquery, calendar, spreadsheets, analytics or any other service from which you need to get data.

 

  • Permission scopes listed above are considered sensitive because they allow access to User data.
  • Internal Web Clients are not subject to verification.
  • A Public Web Client that uses sensitive scopes must pass review.

For reference use:

4.1. Add Permission Scopes for an Internal app

Permission scopes are configured in OAuth consent screen.

To access the screen:

  1. Go to Google API console https://console.developers.google.com
  2. Select a Web Client you have created in your API Console Project
  3. Move to OAuth consent screen tab
  1. Application type: select "Internal"
  2. Application name: input a meaningful name
  3. Application logo: optional
  4. Support email: provide an email for User support
  5. Scopes for Google APIs: click [Add scope] to determine Permission Scopes
    • You can configure scopes to get data from all Google Services you are using
  6. Authorized domains: specify an authorized domain used for the Metric Insights server
  7. Application Homepage link: provide a valid link to the Metric Insights Homepage
  8. Application Privacy Policy link: provide a URL to the Privacy Policy page
  9. Save your entries

4.2. Add Permission Scopes for a Public app

Permission scopes are configured in OAuth consent screen.

To access the screen:

  1. Go to Google API console https://console.developers.google.com
  2. Select a Web Client you have created in your API Console Project
  3. Move to OAuth consent screen tab
  1. Application type: select "Public"
  2. Verification status: if you are opting to use a public Web client, it needs to be verified.
  3. Application name: input a meaningful name
  4. Application logo: optional
  5. Support email: provide an email for User support
  6. Scopes for Google APIs: click [Add scope] to determine Permission Scopes
    • You can configure scopes to get data from all Google Services you are using
  7. Authorized domains: specify an authorized domain used for the Metric Insights server
  8. Application Homepage link: provide a valid link to the Metric Insights Homepage
  9. Application Privacy Policy link: provide a URL to the Privacy Policy page
  10. Save your entries
  11. Submit for verification: request OAuth developer verification by Google when you complete the Google API Console OAuth consent screen page

Google verifies public applications that use OAuth 2.0 and meet one or more of the verification criteria

For verification:

  1. You must have a Privacy Policy URL and a Homepage URL
  2. Add a URL for the Terms of Service if you have them

For more information, refer to the "Verification for Apps" section in the Unverified apps article.

NOTE: If you change your Web client or use new scopes after verification, you might have to go through verification again.