172

I'm creating an script, based on Google Analytics step-by-step guide from this page:

https://developers.google.com/analytics/resources/tutorials/hello-analytics-api

Authorization is done without problems, until it tries to access data. The return code is 403, and error message is:

User does not have any Google Analytics account

This message has no sense: my account has google analytics data, tracking multiple websites, and I can access it from web browser without problem. I've allowed Analytics API through Google APIs console, and API access is giving me right data.

nbro
  • 15,395
  • 32
  • 113
  • 196
user989501
  • 1,833
  • 2
  • 13
  • 13

15 Answers15

352

I had this problem too. I fixed it by adding the email address for my service account to the Google Analytics profile I wanted it to access.

I got the email address (something like xxxxxx@developer.gserviceaccount.com) for the service account by looking under the "API Access" tab in the Google APIs console.

Then, I followed Google's instructions for adding an email address to an Analytics profile. Now everything's working as expected.

Good luck!

Ericgit
  • 6,089
  • 2
  • 42
  • 53
S M
  • 8,155
  • 3
  • 35
  • 36
  • 9
    This is the best answer, I tried it and it works like charm!! Thanks a lot @Sebastian! – mongotop Nov 01 '12 at 14:03
  • 1
    if you have more than one profile in your account and you want to access their data using GA API should you keep adding the xxxxx@developer.gserviceaccount.com to the Analytics profile, or there is a more efficient way without involving a manual way. Thanks! – mongotop Nov 01 '12 at 16:48
  • 2
    @mongotop you're welcome! Unfortunately I don't know a more efficient way of doing this - let us know in the comments if you find one. – S M Nov 01 '12 at 18:31
  • 1
    If you add the user at Property level make sure to add it to the proper view, as the Analytics UI is sometimes misleading – tacone Jan 08 '14 at 14:52
  • @SebastianMotraghi I found a way to access Google Account data without having to add the service account as a Google Analytics user. See my answer below. – mogsie Aug 01 '14 at 21:40
  • I also had set developer email to analytics account, Still i get this error, User does not have any Google Analytics account – Kiran Sep 01 '14 at 10:34
  • Ok got it, You must have login to use this. – Kiran Sep 01 '14 at 11:30
  • I have an account with 690 profiles, each profile having up to 10 properties... And I need to build a console app with access to all these accounts. How can I do this?... – Costin_T Apr 07 '15 at 11:38
  • @SsjCosty sorry, I have no idea – it's been over two years since I last dealt with Google Analytics. – S M Apr 07 '15 at 23:49
  • 1
    You're a legend, I've spent the entire day trying to set this up. – Daniel Jul 07 '15 at 11:29
  • To find the service email address visit https://console.developers.google.com, click "credentials" in the left sidebar, click "manage service accounts" at the bottom. It's in column "Service account ID". – cnmuc Sep 24 '16 at 10:43
  • 1
    Man big thank youuu, you're the real man! Why is this NOT CLEARLY MENTIONED by Google in their API Docs, till 2019 now!!! – 夏期劇場 May 08 '19 at 08:24
  • 1
    Just thought I would add this answer still worked in 2020 – NicholasByDesign Aug 20 '20 at 03:35
91

Just add you given email (format of 71667655853644-o653rrdkq5hthsgo0otbpojoo@developer.gserviceaccount.com)

to User Managers:

User does not have any Google Analytics account

Wish it helps you

itsnikolay
  • 17,415
  • 4
  • 65
  • 64
  • 2
    Sadly the error did not go away. Still Message: GAPI: Failed to request account data. Error: "{"error":{"errors":[{"domain":"global","reason":"insufficientPermissions","message":"User does not have any Google Analytics account."}],"code":403,"message":"User does not have any Google Analytics account."}}" – Jos Aug 27 '15 at 15:09
  • 1
    @Lev over 3 years this answer is still valid. I just hoped Google improved it, but no. It was done perfectly :D – itsnikolay Sep 06 '18 at 12:33
  • @IriYork after 5 years – itsnikolay Aug 21 '20 at 17:02
30

I was facing the same issue. It got resolved by adding the email id of the service account user(your account@yourwebsite-dev.iam.gserviceaccount.com), to the users in your Analytics account under-

Analytics-Home Page ->Admin(left pane) -> User Management -> add (click on plus sign on right side of the menu) -> Add new User -> Add the email id in enter email addresses.

enter image description here

Now, this will solve the issue.

vikash singh
  • 1,479
  • 1
  • 19
  • 29
  • 1
    Why this answer is not accepted ? I spend 2 days try to find out why following the tutorial leading me to this error. – Ragnar Feb 25 '19 at 16:14
10

It is mentioned in a comment above but if you add the email address under the User Management for your account, it won't work. You have to click on the User Management under the view part of the screen.

enter image description here

Lukos
  • 1,826
  • 1
  • 15
  • 29
6

This message we get when no permission granted to client_email, in the google alalytics, client_email is you got from the JSON file. to grant permission to client_email you're using in your App, Head over to Google Analytics site and click "Admin (setting icon)"

enter image description here

you'll get menu list right, there click on "View User Management"

enter image description here

There you'll see "+" icon, and "add user",

enter image description here

once you click on that, you need to add client_email in the "email address field" and save it, you should be good to go!

enter image description here

Ericgit
  • 6,089
  • 2
  • 42
  • 53
6

Go to https://console.cloud.google.com/apis/credentials

Copy email address in "Service Account".

enter image description here

Open Google Analytics, add email above as a new user.

searching9x
  • 1,515
  • 16
  • 16
4

You will also get this error if you have never logged in with the google account youre trying to authenticate with.

Andrew Bullock
  • 36,616
  • 34
  • 155
  • 231
2

I was getting the 403 error until I changed the permissions of the email account from inside Google Analytics from 'Read & Analyze' to something else, saved it, and then changed the permissions back to 'Read & Analyze' and it worked.

Pearce
  • 320
  • 4
  • 10
  • This helped. I created a new "Service Account" under APIs & Auth/Credentials; and saved the .p12 key pair. I then went into the Analytics user management console, and added the Service User's email address. .p12 authorization using the PHP API works, but only if I check off "Read & Analyze" *only* in the permissions list. – Johnny O Sep 15 '15 at 22:18
2

Just in case if that doesn't work, Try to open your JSON file which you have downloaded and Search for client_email and copy that email address and add it to the View File

Click On 

Analytics-Home Page ->Admin(left pane) -> User Management -> add (click on plus sign on right side of the menu) -> Add new User -> Add the client_email address which you copied.

If that still doesn't work

Analytics-Homepage-> Admin ->Views->User Management(Click on add(+) symbol, add this ccopied client_email address and give permissions and save it.
Bits Please
  • 877
  • 6
  • 23
1

I was hitting the 403 error. These steps got me around it. To be clear, I was trying to get Google's sample "HelloAnalytics.php" working with OAuth (sans user interaction, suitable for cron job etc).

After enabling the Analytics API, I created a new "Service Account" under APIs & Auth/Credentials; and saved the .p12 key pair. I then went into the Analytics user management console, and added that Service User's email address.

.p12 authorization using the PHP API works if I check off only "Read & Analyze" only in the permissions list. If I add "Manage Users" and/or "Edit", I get the 403. Hope this is helpful, I was grinding on this for a couple of hours...

Johnny O
  • 587
  • 4
  • 4
0

I had this problem too, and I found that the problem was that I had asked for too many permissions. The Developer Console says to ask for both http://www.googleapis.com/auth/analytics and http://www.googleapis.com/auth/analytics.readonly permissions. This did not work when I was also using the sub claim. A sub claim instructs Google to issue an access token that operates on behalf of another user — in my case the Google account that owns the service account. I removed the analytics permission and stuck with analytics.readonly with the sub claim:

{
  "iss":"123123123123123-xxxxxxxxxxxxxxxxxxxxxxxx@developer.gserviceaccount.com",
  "sub":"me.example@gmail.com"
  "scope":"http://www.googleapis.com/auth/analytics",
  ...
}

The Bearer token issued allows me to make (at least some) Google Analytics queries to profiles that are owned by completely different Google accounts, but that have been shared (read-only) with my gmail user (me.example@gmail.com).

mogsie
  • 4,021
  • 26
  • 26
  • 1
    What is sub when I am using Google Analytics client SDK? – Dejell Sep 15 '14 at 19:15
  • I wish this worked! I'm getting the following error when I try doing the same: Google_Auth_Exception [ 401 ]: Error refreshing the OAuth2 token, message: '{ "error" : "unauthorized_client", "error_description" : "Unauthorized client or scope in request." }' – SEoF Jun 11 '15 at 15:00
  • I suggest you keep at it. We still use this to grab real time data from GA every few minutes, all using bash, no less! – mogsie Jun 18 '15 at 13:02
0

I managed to fix this by making sure that the

client = Google::APIClient.new(:application_name => 'X',:application_version => '1')

application name variable 'X above was the ACCOUNT name on the GA dashboard, not the PROPERTY name, which in my case was the actual url of the site I want to access.

Confusing, but thankfully fixed (with no thanks to Google!)

Jonathan_W
  • 638
  • 9
  • 24
0

The problem happens since we dont provide a "sub" argument. Unless we provide this, the call happens on behalf of that long service account email.

So just provide a sub argument, with an email which you already have given access in the report and things should work well!

Sony Kadavan
  • 3,982
  • 2
  • 19
  • 26
0

I got the same error, since I didn't sign in the google analytics. So I had resolved it by signing in the analytics account.

Rumman Siddiqui
  • 1
-1

Instead of using a service account, you can sidestep the need for adding a adding new user permissions (as per the top answers in this thread) by using OAuth client ID credentials.

Go to the API credentials dashboard and click "Create credentials" -> "OAuth client ID". Afterwards you should get a client ID and a client secret that you'll need to authenticate the API.

Now you can use OAuth2WebServerFlow to authenticate on a per-use basis. Here is a python3 example:

from apiclient.discovery import build
from oauth2client.client import OAuth2WebServerFlow

# TODO: Fill these in...
CLIENT_ID = ''
CLIENT_SECRET = ''
VIEW_ID = ''

flow = OAuth2WebServerFlow(
    CLIENT_ID, CLIENT_SECRET,
    'https://www.googleapis.com/auth/analytics.readonly',
    redirect_uri='urn:ietf:wg:oauth:2.0:oob'
)

authorize_url = flow.step1_get_authorize_url()
print('Receive code from:\n%s\n' % authorize_url)
code = input('Enter code here:').strip()
credentials = flow.step2_exchange(code)

api = build('analyticsreporting', 'v4', credentials=credentials)
body={
    'reportRequests': [{
        'viewId': VIEW_ID,
        'dateRanges': [{'startDate': '7daysAgo', 'endDate': 'today'}],
        'metrics': [{'expression': 'ga:sessions'}],
        'dimensions': [{'name': 'ga:country'}]
    }]
}

data = api.reports().batchGet(body=body).execute()
Alex
  • 12,078
  • 6
  • 64
  • 74