Establishing a Connection

Authenticate via OAuth Authentication

Use the OAuth authentication standard to connect to Google Analytics. You can authenticate with a user account or with a service account. A service account is required to grant organization-wide access scopes to the provider. The provider facilitates these authentication flows as described below.

Create an OAuth App for User Account Authentication

Instead of connecting with the provider's embedded credentials, you can register an app to obtain the OAuthClientId and OAuthClientSecret.

Follow the procedure below to register an app and obtain the OAuthClientId and OAuthClientSecret.

1. Log into the Google API Console and open a project. Select the API Manager from the main menu.

2. In the user consent flow, click Credentials -> Create Credentials -> OAuth Client Id. Click Other. After creating the app, the OAuthClientId and OAuthClientSecret are displayed.

3. Click Library -> Analytics API -> Enable API.

After setting the following, you are ready to connect:

• OAuthClientId: Set this to the client Id assigned when you registered your app.

• OAuthClientSecret: Set this to the client secret assigned when you registered your app.

• InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.

• Profile: Set this to the Google Analytics profile or view you want to connect to. This value can be retrieved from the Profiles table. If this is not specified, the first Profile returned will be used.

When you connect the provider opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process:

1. Extracts the access token from the callback URL and authenticates requests.

2. Refreshes the access token when it expires.

3. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.

Create an OAuth App for Service Account Authentication

Follow the steps below to create an OAuth application and generate a private key. You will then authorize the service account.

1. Log into the Google API Console and open a project. Select the API Manager from the main menu.

2. Click Create Credentials -> Service Account Key.

3. In the Service Account menu, select New Service Account or select an existing service account.

4. If you are creating a new service account, additionally select one or more roles. You can assign primitive roles at the project level in the IAM and Admin section; other roles enable you to further customize access to Google APIs.

5. In the Key Type section, select the P12 key type.

6. Create the app to download the key pair. The private key's password is displayed: Set this in OAuthJWTCertPassword.

7. In the service accounts section, click Manage Service Accounts and set OAuthJWTIssuer to the email address displayed in the service account Id field.

8. Click Library -> Analytics API -> Enable API.

Service accounts have silent authentication, without user authentication in the browser. You can also use a service account to delegate enterprise-wide access scopes to the provider.

You can then connect to Google Analytics data that the service account has permission to access.

After setting the following connection properties, you are ready to connect:

• InitiateOAuth: Set this to GETANDREFRESH.

• OAuthJWTCertType: Set this to "PFXFile".

• OAuthJWTCert: Set this to the path to the .p12 file you generated.

• OAuthJWTCertPassword: Set this to the password of the .pem file.

• OAuthJWTCertSubject: Set this to "*" to pick the first certificate in the certificate store.

• OAuthJWTSubject (optional): Set this to the email address of the user for whom the application is requesting delegate access. Note that delegate access must be granted by an administrator.

• Profile: Set this to the Google Analytics profile or view you want to connect to. This value can be retrieved from the Profiles table. If this is not specified, the first Profile returned will be used.

When you connect the provider completes the OAuth flow for a service account.

1. Creates and signs the JWT with the claim set required by the provider.

2. Exchanges the JWT for the access token.

3. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.

4. Submits the JWT for a new access token when the token expires.

Connecting to Adobe Analytics

In order to connect to Adobe Analytics, the GlobalCompanyId and RSID need to be identified. By default, the provider attempts to automatically identify your company and report suite. Alternatively, you can identify the company and report suite explicitly:

Global Company Id

GlobalCompanyId is an optional connection property. If left empty, the provider tries to automatically detect the Global Company ID. To find the Global Company ID:

1. Find it in the request URL for the users/me endpoint on the Swagger UI.

2. Expand the users endpoint and then click the GET users/me button.

3. Click the Try it out > Execute buttons.

4. Set the GlobalCompanyId connection property to the Global Company ID shown in the Request URL immediately preceding the users/me endpoint.

Report Suite Id

RSID is an optional connection property. If not set, the driver tries to automatically detect it. To get a full list of your report suites along with their identifiers next to the name, navigate to Admin > Report Suites.

Authenticating to Adobe Analytics

Adobe Analytics uses the OAuth authentication standard. You can authenticate with OAuth integration or Service Account integration.

User Accounts (OAuth)

AuthScheme must be set to OAuth in all user account flows.

You must create a custom OAuth app to connect to the Adobe Analytics.

Create an App for OAuth Integration

Follow the steps below to create a custom app and obtain the connection properties in a specific OAuth authentication flow.

• Navigate to the following URL: https://console.adobe.io/home.

• Click the Create new project button.

• Select the Add API option.

• Select Adobe Analytics, click Next, and then select OAuth and then click Next again.

• Select the Web option and fill out the redirect URIs. For a desktop application, you can use a localhost URL such as https://localhost:33333. For a web application, supply the URL of the page to redirect to on your website.

• Click Save configured API.

Your client is now created. Notice your client has an Client ID (API Key) and a Client Secret. These will be needed to get your auth code and to generate access tokens.

Create an App for Service Account Integration

Follow the steps below to create a custom app and obtain the connection properties in a specific Service Account authentication flow.

• Navigate to the following URL: https://console.adobe.io/home.

• Click the Create new project button.

• Select the Add API option.

• Select Adobe Analytics, click Next, and then select Service Account (JWT) and then click Next again.

• Choose either to Generate a key pair or Upload your public key. If you choose to Generate a key pair, save the config.zip file locally as this contains the certificate you'll need to complete the connection. Click Next after the key is created or uploaded.

• Creating Your Own Public Key Certificate

  • MacOS and Linux Open a terminal and execute the following command: openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate_pub.crt

  • Windows Download an OpenSSL client such as OpenSSL Light to generate public certificates. The following steps will be for OpenSSL Light Open a command line window and execute the following commands: 1) cd "C:\Program Files\OpenSSL-Win64\bin" 2) .\openssl.exe req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate_pub.crt

• Select one or more product profiles (in product profiles you can set permissions of the app.) and then click Save configured API.

Your client is now created. Notice your client has Client ID (API Key), Client Secret, Organization ID and Technical account ID. These will be needed to get JWT token and to generate access tokens.

Get and Refresh the OAuth Access Token

After setting the following, you are ready to connect:

• InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.

• OAuthClientId (custom applications only): Set this to the client Id assigned when you registered your app.

• OAuthClientSecret (custom applications only): Set this to the client secret assigned when you registered your app.

• CallbackURL (custom application only): Set this to the redirect URI defined when you registered your app. For example: https://localhost:3333

When you connect, the provider opens Adobe Analytics's OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process:

1. The provider obtains an access token from Adobe Analytics and uses it to request data.

2. The OAuth values are saved in the path specified in OAuthSettingsLocation, to be persisted across connections.

The provider refreshes the access token automatically when it expires.

Service Account (JWT OAuth)

Set the AuthScheme to OAuthJWT to authenticate with this method.

Service accounts have silent authentication, which does not require user authentication in the browser. You need to create an application in this flow. See Creating a Custom OAuth App to create and authorize an app. You can then connect to Adobe Analytics data that the service account has permission to access.

After setting the following connection properties, you are ready to connect:

• InitiateOAuth: Set to GETANDREFRESH.

• OAuthClientId: Set to the client Id in your app settings.

• OAuthClientSecret: Set to the client secret in your app settings.

• OAuthJWTCertType: Set to "PUBLIC_KEY_FILE".

• OAuthJWTCert: Set to the path to the .key file you generated.

• OAuthJWTCertPassword: Set to the password of the .key file.

• OAuthJWTSubject: The subject, your Technical Account ID from the Adobe I/O Console integration, in the format: id@techacct.adobe.com.

• OAuthJWTIssuer: The issuer, your Organization ID from the Adobe I/O Console integration, in the format org_ident@AdobeOrg. Identifies your organization that has been configured for access to the Adobe I/O API.

When you connect the provider completes the OAuth flow for a service account.

1. Creates and signs the JWT with the claim set required by the provider.

2. Exchanges the JWT for the access token.

3. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.

4. Submits the JWT for a new access token when the token expires.

The Provider for SAS Data Sets allows connecting to local and remote SAS resources. Set the URI property to the SAS resource location, in addition to any other properties necessary to connect to your data source.

Connecting to Local Files

Set the ConnectionType to Local. Local files support SELECT\INSERT\DELETE.

Set the URI to a folder containing SAS files: C:\folder1.

Connecting to Cloud-Hosted SAS Data Sets Files

While the provider is capable of pulling data from SAS Data Sets files hosted on a variety of cloud data stores, INSERT, UPDATE, and DELETE are not supported outside of local files in this provider.

If you need INSERT/UPDATE/DELETE cloud files, you can use the corresponding connector for that cloud host (supported via stored procedures), make changes with the local file's corresponding provider, then upload the file using the cloud source's stored procedures.

As an example, if you wanted to update a file stored on SharePoint, you could use the appRules SharePoint DownloadDocument activity to download the SAS Data Sets file, update the local SAS Data Sets file with the appRules SAS Data Sets connector, then use the SharePoint UploadDocument activity to upload the changed file to SharePoint.

A unique prefix at the beginning of the URI connection property is used to identify the cloud data store being targed by the provider and the remainder of the path is a relative path to the desired folder (one table per file) or single file (a single table).

Amazon S3

Set the following to identify your SAS Data Sets resources stored on Amazon S3:

• ConnectionType: Set the ConnectionType to Amazon S3.

• URI: Set this to the bucket and folder: s3://bucket1/folder1.

Azure Blob Storage

Set the following to identify your SAS Data Sets resources stored on Azure Blob Storage:

• ConnectionType: Set this to Azure Blob Storage.

• URI: Set this to the name of your container and the name of the blob. For example: azureblob://mycontainer/myblob.

Azure Data Lake Storage

Set the following to identify your SAS Data Sets resources stored on Azure Data Lake Storage:

• ConnectionType: Set this to Azure Data Lake Storage Gen1, Azure Data Lake Storage Gen2, or Azure Data Lake Storage Gen2 SSL.

• URI: Set this to the name of the file system and the name of the folder which contains your SAS Data Sets files. For example:

  • Gen 1: adl://myfilesystem/folder1

  • Gen 2: abfs://myfilesystem/folder1

  • Gen 2 SSL: abfss://myfilesystem/folder1

Azure File Storage

Set the following properties to connect:

• ConnectionType: Set this to Azure Files.

• URI: Set this the name of your azure file share and the name of the resource. For example: azurefile://fileShare/remotePath.

• AzureStorageAccount (Required): Set this to the account associated with the Azure file.

You can authenticate either an Azure access key or an Azure shared access signature. Set one of the following:

• AzureAccessKey: Set this to the access key associated with the Azure file.

• AzureSharedAccessSignature: Set this to the shared access signature associated with the Azure file.

Box

Set the following to identify your SAS Data Sets resources stored on Box:

• ConnectionType: Set this to Box.

• URI: Set this the name of the file system and the name of the folder which contains your SAS Data Sets files. For example: box://folder1.

Dropbox

Set the following to identify your SAS Data Sets resources stored on Dropbox:

• ConnectionType: Set this to Dropbox.

• URI: Set this to the path to a folder containing SAS files. For example: dropbox://folder1.

FTP

The provider supports both plaintext and SSL/TLS connections to FTP servers.

Set the following connection properties to connect:

• ConnectionType: Set this to either FTP or FTPS.

• URI: Set this to the address of the server followed by the path to the folder to be used as the root folder. For example: ftp://localhost:990/folder1 or ftps://localhost:990/folder1.

• User: Set this to your username on the FTP(S) server you want to connect to.

• Password: Set this to your password on the FTP(S) server you want to connect to.

Google Cloud Storage

Set the following to identify your SAS Data Sets resources stored on Google Cloud Storage:

• ConnectionType: Set this to Google Cloud Storage.

• URI: Set this to the path to the name of the file system and the name of the folder which contains your SAS Data Sets files. For example: gs://bucket/remotePath.

Google Drive

Set the following to identify your SAS Data Sets resources stored on Google Drive:

• ConnectionType: Set this to Google Drive.

• URI: Set to the path to the name of the file system and the name of the folder which contains your SAS Data Sets files. For example: gdrive://folder1.

HDFS

Set the following to identify your SAS Data Sets resources stored on HDFS:

• ConnectionType: Set this to HDFS or HDFS Secure.

• URI: Set this to the path to a folder containing SAS files. For example:

  • HDFS: webhdfs://host:port/remotePath

  • HDFS Secure: webhdfss://host:port/remotePath

There are two authentication methods available for connecting to HDFS data source, Anonymous Authentication and Negotiate (Kerberos) Authentication.

Anonymous Authentication

In some situations, you can connect to HDFS without any authentication connection properties. To do so, set the AuthScheme property to None (default).

Authenticate using Kerberos

When authentication credentials are required, you can use Kerberos for authentication.

HTTP Streams

Set the following to identify your SAS Data Sets resources stored on HTTP streams:

• ConnectionType: Set this to HTTP or HTTPS.

• URI: Set this to the URI of your HTTP(S) stream. For example:

  • HTTP: http://remoteStream

  • HTTPS: https://remoteStream

IBM Cloud Object Storage

Set the following to identify your SAS Data Sets resources stored on IBM Cloud Object Storage:

• ConnectionType: Set this to IBM Object Storage Source.

• URI: Set this to the bucket and folder. For example: ibmobjectstorage://bucket1/remotePath.

OneDrive

Set the following to identify your SAS Data Sets resources stored on OneDrive:

• ConnectionType: Set this to OneDrive.

• URI: Set this to the path to a folder containing SAS files. For example: onedrive://remotePath.

Oracle Cloud Storage

Set the following properties to authenticate with HMAC:

• ConnectionType: Set the ConnectionType to Oracle Cloud Storage.

• URI: Set this to the bucket and folder: os://bucket/remotePath.

• AccessKey: Set this to an Oracle Cloud Access Key.

• SecretKey: Set this to an Oracle Cloud Secret Key.

• OracleNamespace: Set this to an Oracle cloud namespace.

• Region (optional): Set this to the hosting region for your S3-like Web Services.

SFTP

Set the following to identify your SAS Data Sets resources stored on SFTP:

• ConnectionType: Set this to SFTP.

• URI: Set this to the address of the server followed by the path to the folder to be used as the root folder. For example: sftp://server:port/remotePath.

SharePoint Online

Set the following to identify your SAS Data Sets resources stored on SharePoint Online:

• ConnectionType: Set this to SharePoint REST or SharePoint SOAP.

• URI: Set this to a document library containing SAS files. For example:

  • SharePoint Online REST: sprest://remotePath

  • SharePoint Online SOAP: sp://remotePath

Securing SAS Data Sets Connections

By default, the provider attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, see the SSLServerCert property for the available formats to do so.

Connecting to Azure Analysis Services

To connect, set the Url property to a valid Azure Analysis Services server, for instance, asazure://southcentralus.asazure.windows.net/server, in addition to authenticating.

Optionally, set Database to distinguish which Azure database on the server to connect to.

Authenticating to Azure Analysis Services

Azure AD

Azure AD is a connection type that leverages OAuth to authenticate. OAuth requires the authenticating user to interact with Azure Analysis Services using an internet browser. The provider facilitates this in several ways as described below. Set your AuthScheme to AzureAD. All AzureAD flows assume that you have done so.

Azure Service Principal

Azure Service Principal is a connection type that goes through OAuth. Set your AuthScheme to AzureServicePrincipal. The authentication as an Azure Service Principal is handled via the OAuth Client Credentials flow, and it does not involve direct user authentication. Instead, credentials are created for just the app itself. All tasks taken by the app are done without a default user context, but based on the assigned roles. The application access to the resources is controlled through the assigned roles' permissions.

Note: You must create a custom application prior to assigning a role. See Creating a Custom AzureAD App below for more information.

When authenticating using an Azure Service Principal, you must register an application with an Azure AD tenant. Follow the steps below to create a new service principal that can be used with the role-based access control.

Assign a role to the application

To access resources in your subscription, you must assign a role to the application.

1. Open the Subscriptions page by searching and selecting the Subscriptions service from the search bar.

2. Select the particular subscription to assign the application to.

3. Open the Access control (IAM) and select Add > Add role assignment to open the Add role assignment page.

4. Select Owner as the role to assign to your created Azure AD app.

Complete the Authentication

You are ready to connect after setting one of the below connection properties groups, depending on the configured app authentication (client secret or certificate).

In both methods

Before choosing client secret or certicate authentication, follow these steps then continue to the relevant section below:

1. AuthScheme: Set this to the AzureServicePrincipal in your app settings.

2. InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.

3. AzureTenant: Set this to the tenant you wish to connect to.

4. OAuthClientId: Set this to the client Id in your app settings.

Authenticating using a Client Secret

Continue with the following:

1. OAuthClientId: Set this to the client Id in your app settings.

2. OAuthClientSecret: Set this to the client secret in your app settings.

Authenticating using a Certificate

Continue with the following:

1. OAuthJWTCert: Set this to the JWT Certificate store.

2. OAuthJWTCertType: Set this to the type of the certificate store specified by OAuthJWTCert.

Azure Password

To connect using your Azure credentials directly, specify the following connection properties:

• AuthScheme: Set this to AzurePassword.

• User: Set this to your user account you use to connect to Azure.

• Password: Set this to the password you use to connect to Azure.

• AzureTenant: Set this to the Directory (tenant) ID, found on the Overview page of the OAuth app used to authenticate to Azure Analysis Services on Azure.

MSI

If you are running Azure Analysis Services on an Azure VM, you can leverage Managed Service Identity (MSI) credentials to connect:

• AuthScheme: Set this to AzureMSI.

The MSI credentials are automatically obtained for authentication.

Create a Custom AzureAD App

Follow the steps below to obtain the AzureAD values for your application, the OAuthClientId and OAuthClientSecret.

2. In the left-hand navigation pane, select Azure Active Directory, then applicationRegistrations, and click New registration.

3. Enter an application name and select the desired tenant setup. When creating a custom AzureAD application in Azure Active Directory, you can define whether the application is single- or multi-tenant. If you select the default option, "Accounts in this organizational directory only", you must set the AzureTenant connection property to the Id of the Azure AD Tenant when establishing a connection with the CData ADO.NET Provider for Azure Analysis Services. Otherwise, the authentication attempt fails with an error. If your application is for private use only, "Accounts in this organization directory only" should be sufficient. Otherwise, if you want to distribute your application, choose one of the multi-tenant options.

4. Set the redirect url to http://localhost:33333, the provider's default. Or, specify a different port and set CallbackURL to the exact reply URL you defined.

5. Click Register to register the new application. This opens an application management screen. Note the value in Application (client) ID as the OAuthClientId and the Directory (tenant) ID as the AzureTenant.

6. Navigate to the "Certificates & Secrets" and define the application authentication type. There are two types of authentication available: using a client secret or a certificate. The recommended authentication method is using a certificate.

   • Option 1: Upload a certificate: In "Certificates & Secrets", select Upload certificate and the certificate to upload from your local machine.

   • Option 2: Create a new application secret: In "Certificates & Secrets", select New Client Secret for the application and specify its duration. After saving the client secret, the key value is displayed. Copy this value as it is displayed only once. You will need it as the OAuthClientSecret.

7. Select API Permissions > Add.

8. Save your changes.

9. If you have selected to use permissions that require admin consent, you can grant them from the current tenant on the API Permissions page.

Custom AzureAD Service Principal Applications

When authenticating using an Azure Service Principal, you must create both a custom AzureAD application and a service principal that can access the necessary resources. Follow the steps below to create a custom AzureAD application and obtain the connection properties for Azure Service Principal authentication.

Create a Custom AzureAD App with an Azure Service Principal

Follow the steps below to obtain the AzureAD values for your application.

2. In the left-hand navigation pane, select Azure Active Directory then App Registrations and click New registration.

3. Enter an app name and select Any Azure AD Directory - Multi Tenant. Then set the redirect url to http://localhost:33333, the provider's default.

4. After creating the application, copy the Application (client) Id value displayed in the "Overview" section. This value is used as the OAuthClientId

5. Define the app authentication type by going to the "Certificates & Secrets" section. There are two types of authentication available: using a client secret and using a certificate. The recommended authentication method is via a certificate.

   • Option 1 - Upload a certificate: In "Certificates & Secrets", select Upload certificate and the certificate to upload from your local machine.

   • Option 2 - Create a new application secret: In "Certificates & Secrets", select New Client Secret for the application and specify its duration. After saving the client secret, the key value is displayed. Copy this value as it is displayed only once. You will use it as the OAuthClientSecret.

6. On the Authentication tab, make sure to select Access tokens (used for implicit flows).

Create an App for OAuth Integration

Follow the steps below to create a custom app and obtain the connection properties in a specific OAuth authentication flow.

• Navigate to the following URL: .

• Click the Create new project button.

• Select the Add API option.

• Select Adobe Analytics, click Next, and then select OAuth and then click Next again.

• Select the Web option and fill out the redirect URIs. For a desktop application, you can use a localhost URL such as https://localhost:33333. For a web application, supply the URL of the page to redirect to on your website.

• Click Save configured API.

Your client is now created. Notice your client has an Client ID (API Key) and a Client Secret. These will be needed to get your auth code and to generate access tokens.

Create an App for Service Account Integration

Follow the steps below to create a custom app and obtain the connection properties in a specific Service Account authentication flow.

• Navigate to the following URL: .

• Click the Create new project button.

• Select the Add API option.

• Select Adobe Analytics, click Next, and then select Service Account (JWT) and then click Next again.

• Choose either to Generate a key pair or Upload your public key. If you choose to Generate a key pair, save the config.zip file locally as this contains the certificate you'll need to complete the connection. Click Next after the key is created or uploaded.

• Creating Your Own Public Key Certificate

  • Download an OpenSSL client such as OpenSSL Light to generate public certificates. The following steps will be for OpenSSL Light Open a command line window and execute the following commands: 1) cd "C:\Program Files\OpenSSL-Win64\bin" 2) .\openssl.exe req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate_pub.crt

• Select one or more product profiles (in product profiles you can set permissions of the app.) and then click Save configured API.

Your client is now created. Notice your client has Client ID (API Key), Client Secret, Organization ID and Technical account ID. These will be needed to get JWT token and to generate access tokens.

Authenticate via OAuth Authentication

Use the OAuth authentication standard to connect to YouTube Analytics. You can authenticate with a user account or with a service account. A service account is required to grant organization-wide access scopes to the provider. The provider facilitates these authentication flows as described below.

Authenticate with a User Account

Create an OAuth App for User Account Authentication

1. Log into the Google API Console and open a project. Select the API Manager from the main menu.

2. In the user consent flow, click Credentials -> Create Credentials -> OAuth Client Id. Click Other. After creating the app, the OAuthClientId and OAuthClientSecret are displayed.

3. Click Library -> YouTube Analytics API -> Enable API.

Authenticate with a Service Account

Service accounts have silent authentication, without user authentication in the browser. You can also use a service account to delegate enterprise-wide access scopes to the provider.

Create an OAuth App for Service Account Authentication

Follow the steps below to create an OAuth application and generate a private key. You will then authorize the service account.

1. Log into the Google API Console and open a project. Select the API Manager from the main menu.

2. Click Create Credentials -> Service Account Key.

3. In the Service Account menu, select New Service Account or select an existing service account.

4. If you are creating a new service account, additionally select one or more roles. You can assign primitive roles at the project level in the IAM and Admin section; other roles enable you to further customize access to Google APIs.

5. In the Key Type section, select the P12 key type.

6. Create the app to download the key pair. The private key's password is displayed: Set this in OAuthJWTCertPassword.

7. In the service accounts section, click Manage Service Accounts and set OAuthJWTIssuer to the email address displayed in the service account Id field.

8. Click Library -> YouTube Analytics API -> Enable API

After setting the following connection properties, you are ready to connect:

• InitiateOAuth: Set to GETANDREFRESH.

• OAuthClientId: Set to the Client Id in your app settings.

• OAuthClientSecret: Set to the Client Secret in your app settings.

• OAuthJWTCertType: Set to "PEMKEY_FILE".

• OAuthJWTCert: Set to the path to the .pem file you generated.

• OAuthJWTCertPassword: Set to the password of the .pem file.

• OAuthJWTCertSubject: Set to "*" to pick the first certificate in the certificate store.

• OAuthJWTSubject: Set to the email address of the user for whom the application is requesting delegate access. Note that delegate access must be granted by an administrator.

• ChannelId: Set to the Id of a YouTube channel. If not specified, data is returned for the authenticated user's channel.

• ContentOwnerId: Set if you want to generate content owner reports.

When you connect the provider completes the OAuth flow for a service account.

1. Creates and signs the JWT with the claim set required by the provider.

2. Exchanges the JWT for the access token.

3. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.

4. Submits the JWT for a new access token when the token expires.