Google Analytics API Key Security

When dealing with an API key (in this case a JSON file used to connect to the Google Analytics API), what is the appropriate way to securely store the keyfile?

"Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of this key. You are responsible for storing it securely."

Is the idea here that only specific user groups should have access to the API key? Say an administrator? Or if I have this on my server is that acceptable?

• Tell me: What does the API key do?

  Stack Exchange Broke The Law

  – Stack Exchange Broke The Law

  10/14/2020 15:47:12

  Commented Oct 14, 2020 at 15:47
• The API key is used to identify that I am an authorized user when connecting to Google Analytics.

  Sean Payne

  – Sean Payne

  10/15/2020 13:44:18

  Commented Oct 15, 2020 at 13:44
• What would happen if someone else got the API key? And do you need the API key to do things that the server needs to do?

  Stack Exchange Broke The Law

  – Stack Exchange Broke The Law

  10/15/2020 14:46:19

  Commented Oct 15, 2020 at 14:46
• If someone also had the view ID, which is the unique identifier for the client, then they could pull analytics from the client's data. However, I have an easier time of keeping the view id less (easily) accessible since it will be stored in a database. To elaborate on the use case, this is for a dashboard which many clients will access and check their analytics. As far as what the server needs to do, it needs to pull these analytics on a monthly basis and store them in a database. I would imagine that this is more secure on the server side, rather than the client side.

  Sean Payne

  – Sean Payne

  10/17/2020 02:39:07

  Commented Oct 17, 2020 at 2:39

1 Answer 1

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.