skip to main content
Administering Hybrid Data Pipeline : Integrating Hybrid Data Pipeline with a Google OAuth 2.0 authorization flow to access Google Analytics : Using the OAuth applications API to create an OAuth application object
  

Try Now

Using the OAuth applications API to create an OAuth application object

Once Hybrid Data Pipeline has been registered as a client application with the Google Analytics API, an administrator can proceed with creating an OAuth application object. The OAuth application object holds the client ID and secret provided by Google. This information allows Hybrid Data Pipeline to identify itself as a registered application with the Analytics API during the OAuth 2.0 authorization flow.
In a multitenant environment, an OAuth application object can be created for a particular tenant. When an OAuth application is created for the system tenant, it can be used by users in either the system tenant or a child tenant to create data sources on Google Analytics data stores. When an OAuth application is created for a child tenant, it can only be used by users in the child tenant to create data sources on Google Analytics data stores. Even though they will be able to view OAuth application objects that exist in child tenants, administrators who reside in the system tenant can only use the OAuth application object in the system tenant when creating their own data sources. An OAuth application object must be created for the system tenant to permit the creation of Google Analytics data sources by users, including administrators, in the system tenant.
The permissions required to create and modify OAuth application objects for Google Analytics data stores depend on the tenant in which the user resides and the tenants for which the user has administrative access. With the Administrator (12) permission, a user can create an OAuth application object in any tenant across the system. With the MgmtAPI (11) and OAuth (28) permissions, a user in the system tenant can create an OAuth application object for the system tenant. This user can also create OAuth application objects for tenants for which he or she has administrative access. With the MgmtAPI (11) and OAuth (28) permissions, a user in a child tenant can create an OAuth application object only in the tenant in which he or she resides.

POST operation

The POST operation to create an OAuth application object will have the following syntax.
POST https://<myserver>:<port>/api/mgmt/oauthapps

Payload definition

The payload used to create the OAuth application object can be defined as follows.
{
"name": "oauth_application_name",
"dataStore": data_store_id,
"tenantId": tenant_id,
"description": "oauth_application_description",
"clientId": "client_id",
"clientSecret": "client_secret"
}
Property
Description
Usage
Valid Values
"name"
The name of the OAuth application object.
Required
The user-specified name of the OAuth application object. The name can contain only alphanumeric characters and the underscore character.
"dataStore"
The ID of the data store for which the OAuth application object is being created.
Required
The only data store which Hybrid Data Pipeline currently supports access to is Google Analytics. Therefore, the only valid value is the Google Analytics data store ID: 54.
"tenantId"
The ID of the tenant to which the OAuth application and data store belong.
When a tenant ID is not specified, the OAuth application is created for the tenant to which the user belongs.
Optional
A valid tenant ID.
"description"
A description of the OAuth application object.
Optional
A description provided by the user.
"clientId"
The OAuth client_id generated by Google when an application is registered with the Analytics API in the Google Developer Console.
Required
A valid client_id.
"clientSecret"
The OAuth client_secret generated by Google when an application is registered with the Analytics API in the Google Developer Console.
Required
A valid client_secret.

Example

The following POST operation creates the TenantA OAuth app object.
POST https://MyServer:8443/api/mgmt/oauthapps
Request payload
{
"name": "TenantA OAuth app",
"dataStore": 54,
"tenantId": 303,
"description": "TenantA OAuth application object for Google Analytics",
"clientId": "asdfjasdljfasdkjf",
"clientSecret": "1912308409123890"
}
Response payload
Status code: 201
Successful response
{
"id": "17",
"name": "TenantA OAuth app",
"dataStore": 54,
"tenantId": 303,
"description": "TenantA OAuth application object for Google Analytics",
"clientId": "asdfjasdljfasdkjf",
"clientSecret": "1912308409123890"
}

What to do next

Users may now proceed with creating an OAuth profile and a Google Analytics data source.
*If creating the OAuth profile and data source through the Web UI, proceed to the following topics.
*Creating data sources with the Web UI
*How to create a data source in the Web UI
*Google Analytics parameters
*If creating the OAuth profile and data source through the Web UI, proceed to the following topics.
*Using the OAuth profiles API to create an OAuth profile
*Using the Data Sources API to create a Google Analytics data source