We use the ads api to create and update custom audiences for our clients.
We've had two new users recently see errors that look like the following:
(#200) User XXXXXX can not update audience XXXXXXXX
They have both accepted Facebook custom audience terms of service and given ads management permissions to our app. Both are administrators on the related ad accounts.
Any ideas?
Related
There is contact based portal registration.
In CRM a person can exists in multiple business units.
Now when a user try to login, it says password incorrect because it is referring to the other contact which is not having the password but same emailId.
I want to enable portal for all the contacts in the system, based up on the business unit I will show the menu items.
suggest changes in portal setup so that it can handle multiple contacts for the user
You have to think again about your implementation idea based on Administrator's Guide to Portal Capabilities for Microsoft Dynamics 365.
Few points:
Multiple contacts is not a good idea, that too with the same email address. Not sure which Business Units (BU) you are talking about, but how you are planning to hook the authentication piece by different BU? Use the same Contact and after authentication, decide the authorization part based on your concept
Even different Contact with different Email for different purpose is ok, but I would recommend you to look at web roles instead
If Menu items has to be dynamic & depends on configurations, use Liquid syntax rather than complex implementations. Read more
I'm trying to set up a google service account for Google Calendar API to create and update events for my specific calendar.
I've set up my service account, got the credential keys and also enabled the domain wide delegation. For most of the part it does work, however I can not access my specific calendar (not able to share it with my service account).
When I paste the service account email to the share textbox in google calendar settings it does not show anything to add.
This is a really frustrating blocker, so if anyone has encountered this or has any insights it would be greatly appreciated :)
You do not need to explicitly share your calendar with the service account.
If you want to create an event with your service account for your calendar, you need to set up your service account in such a way that it impersonates you.
The official Google documentation gives examples of how to perform Perform G Suite Domain-Wide Delegation in different languages. It is also important to do so in Apps Script.
Important: In your Admin console you need to Manage API client access and give the service account the necessary scope
(https://www.googleapis.com/auth/calendar.events) to create events on
your behalf.
I'm developing integration with Google Ads API using their Ruby gem library.
I have an approved oAuth2 account for the Ads scope with an approved developer token that allows any external user to connect with our API.
I have a Google Ads account that manages our own Ads account and two other accounts.
When I authenticate with the API and approve it, I then grab the account with
graph = get_accounts_graph()
Apps::GoogleAds::Account.get_accounts_map(graph)
This surprisingly returns just ONE Ads account, and one that belongs to a client that we manage. Our own two Ads accounts are missing.
So I tried to compare between our client's account and our own.
Under https://ads.google.com/aw/accountaccess I can clearly see we have admin rights to our two ad accounts, just like we do to the client account.
Am I missing some setting somewhere? Has anyone experienced this before?
I ran into this issue at the beginning. The sample in the API client libraries (which I'm going to assume you are using here), calls the customer service
customer_service.list_accessible_customers()
There's actually two different services for retrieving customer account IDs. The customer service only allows access to accounts that are added as direct admins on each account. This is an important distinction as manager accounts don't fall into this category.
What you need to call is the regular GoogleAdsService (not the customer service!) and put your request in the query itself..
query = "SELECT customer_client_link.client_customer FROM customer_client_link"
This will give you a list of account IDs as resource names, not accessible accounts. And you can iterate over them as usual.
Hope that helps.
I created a new Service Account in Cloud Project, and want to restrict this account's permission to only use one specific Google API listed here.
Lets say my application using this service account should only be allowed to use "Google Analytics API". If possible, further limited to use subset of API requests (for ex. analytics.management.customMetrics.list, analytics.management.filters.insert etc.
I tried to create custom Role, but when I try to add necessary Permission, I don't see me desired permissions listed in that list... (attach screenshot)
How can I restrict this Service Account permissions to specific APIs?
Also,
does it make any difference creating new project in
https://console.developers.google.com/ or in
https://console.cloud.google.com/ ? I san see a project in both places
anyways...
In your case because you are using the Google Analytics API, there is an additional step where you need to add the Service Account to your Google Analytics account. If the Service Account is not added then it won't have access to the resources inside of Google Analytics.
See "1. Enable the API" in the following link:
https://developers.google.com/analytics/devguides/reporting/core/v4/quickstart/service-py
Add service account to the Google Analytics account
The newly created
service account will have an email address that looks similar to:
quickstart#PROJECT-ID.iam.gserviceaccount.com
Use this email address
to add a user to the Google analytics view you want to access via the
API. For this tutorial only Read & Analyze permissions are needed.
See the following for some guidance on managing users in Google Analytics
https://support.google.com/analytics/answer/1009702
In messaging platforms like Slack and HipChat you can integrate apps that can post messages to groups without them being sent from a user e.g.
Defect Management System: A new defect was logged at 12pm
Instead of:
John Smith: A new defect was logged at 12pm
Is it possible to do the same thing in Yammer?
There are two options available for you:
1 - You can create a new user on Yammer, name it however you want (e.g., "Defect Management System" with a snazzy avatar), then take the user's OAUTH token and use it to impersonate that user programmatically. This is fine for quick development.
2 - You can create a new user on Yammer, name it however you want, then register a new app on Yammer to get a permanent token and client ID, then use those to impersonate that user programmatically. This is the right way to do it. You can read more about how to do this on https://developer.yammer.com/introduction/#gs-registerapp.
This is an example of a user that we impersonate. It is a bot on our network. It is a separate account in AD and is registered as an app in Yammer and interacts with Yammer automatically.
You are always impersonating a user in Yammer via the API, there isn't a way to impersonate a group, in the way that Slack does (i.e. being able to override the username displayed and replace it with a bot for example in your payload)
If this app is for internal use, you could consider creating a dummy user as a bot to post defects, and then using Custom Object Types & Actions in Open Graph to further customize the messages. Obviously there are some business & administration considerations in doing that, not just development ones.