403- request has insufficient authentication scopes
I want to link and view the analytics account linked with Google Adwords.
Procedure used:
- Authenticating google account with scopes "Ananlytics and Adwords" with following url https://www.googleapis.com/auth/adwords https://www.googleapis.com/auth/analytics
- After getting the authentication response creating Google analytics service object.
- Google ads link API throwing error "Insufficient Premissions" screenshot attached
Script :
<?php //function to authenticate google account and create analytics service object function googleAuth(){ if (!empty($code)) { $postFields = 'client_id=' . Configure::read('GOOGLE_OAUTH_CLIENT_ID') . '&client_secret=' . Configure::read('GOOGLE_OAUTH_CLIENT_SECRET') . '&code=' . $code . '&grant_type=authorization_code&redirect_uri=' . Configure::read('GOOGLE_OAUTH_REDIRECT_URI'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://accounts.google.com/o/oauth2/token'); curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $Rec_Data = curl_exec($ch); if (curl_exec($ch) === false) { return $Rec_Data; } $Rec_Data = json_decode($Rec_Data, true); if (isset($Rec_Data['refresh_token'])) { try { $credentials = array('client_id' => Configure::read('GOOGLE_OAUTH_CLIENT_ID'), 'client_secret' => Configure::read('GOOGLE_OAUTH_CLIENT_SECRET'), 'redirect_uris' => array(Configure::read('GOOGLE_OAUTH_REDIRECT_URI'))); $client = new \Google_Client($credentials); $client->addScope(\Google_Service_Analytics::ANALYTICS_READONLY); $client->setAccessToken($Rec_Data['access_token']); // Create an authorized analytics service object. $analytics = new \Google_Service_Analytics($client); } catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), "\n"; die(); } } } else { if (!empty($id)) { header("Location:https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=" . Configure::read('GOOGLE_OAUTH_CLIENT_ID') . "&redirect_uri=" . Configure::read('GOOGLE_OAUTH_REDIRECT_URI') . "&access_type=offline&approval_prompt=force&state=" . $id . "&scope=https://www.googleapis.com/auth/adwords https://www.googleapis.com/auth/analytics"); exit; } } } //function to fetch linked account list function adwordsLinkAnalytics($analyticsAuth){ $this->autoRender = false; try { $adWordsLinks = $analyticsAuth->management_webPropertyAdWordsLinks ->listManagementwebPropertyAdWordsLinks('123456', 'UA-123456-1'); } catch (apiServiceException $e) { print 'There was an Analytics API service error ' . $e->getCode() . ':+' . $e->getMessage(); exit; } catch (apiException $e) { print 'There was a general API error ' . $e->getCode() . ':-' . $e->getMessage(); exit; } pr($adWordsLinks); exit; } Required result: List of the analytics account linked with adwords account.
You are missing scope to management entities in Google Analytics, please look at this https://developers.google.com/identity/protocols/oauth2/scopes#analytics
Please update your scope with "https://www.googleapis.com/auth/analytics.edit"
My suggested Updates:
function googleAuth(){ if (!empty($code)) { -------------- ---- Your existing script ---- -------------- } else { if (!empty($id)) { header("Location:https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=" . Configure::read('GOOGLE_OAUTH_CLIENT_ID') . "&redirect_uri=" . Configure::read('GOOGLE_OAUTH_REDIRECT_URI') . "&access_type=offline&approval_prompt=force&state=" . $id . "&scope=https://www.googleapis.com/auth/adwords%20https://www.googleapis.com/auth/analytics%20https://www.googleapis.com/auth/analytics.edit"); exit; } } }Reference Url: https://developers.google.com/identity/protocols/oauth2/scopes#analytics