Google Query authentication guide
This is a step-by-step guide to acquiring credentials for authorizing Google components for use in Matillion ETL. These components include:
- Google Ads
- Google Analytics
- Google BigQuery
- Google Sheets
- YouTube (deprecated as of version 1.51)
- YouTube Analytics
- Google connectors use an OAuth for third-party authentication.
- Most third-party apps and services that connect to Google data can be setup for use in Matillion ETL through the Google Developers Console using the same process.
- While connector properties may differ between cloud data warehouses, the authentication process remains the same.
- The callback URL, and therefore the Matillion ETL instance, must be HTTPS, not HTTP.
- When setting up an OAuth, Google does not allow specifying of an IP address for redirect URLs. Viable domain addresses must be .com or .org. For more information about how to modify the Callback URL in your Matillion ETL instance, refer to Changing the Host File.
- The use of some services with a Google Cloud Platform account may incur costs. For more information, read Google Cloud Platform pricing.
Begin by creating an OAuth entry in Matillion ETL, as described in Manage OAuth. You should then configure this OAuth entry using Google Cloud Platform credentials, obtained as described below.
Acquiring third-party credentials
Log in to the Google Developers Console. The browser will redirect to the APIs & services dashboard. Click the project dropdown menu next to Google Cloud in the top-left of the screen.
The menu should display the name of the currently selected project, i.e.
<Project Name>. If there are no current projects, the menu will read Select a project.
The project window will pop up. Click NEW PROJECT in the top-right of the window.
- On the New Project screen, provide details for the following fields:
- Project name: Provide a name for the project.
- Organisation: Select an organization to be associated with the app.
- Location: Select a folder where the project will be stored, then click CREATE.
- The browser will return to the API & Services dashboard. Select your new project from the drop-down menu.
- Select OAuth consent screen from the sidebar.
- On the OAuth consent screen, choose the User Type the OAuth is suited for: Internal or External. Click Create
- Pass details for the following fields:
- App name: Provide a name for the app.
- User support email: Provide an email address to be used to provide support for the app.
- Next, scroll down the Authorised domains section and click Add domain.
Provide as many Authorised domains as required, including the callback URL copied from the Manage OAuth window in Matillion ETL earlier. When setting up an OAuth, Google does not allow the specifying of an IP address for redirect URLs. Viable domain addresses must be .com or .org. For more information about how to modify the Callback URL in your Matillion ETL instance, read Changing the Host File.
- IP Addresses unfortunately are not accepted and will need to be mapped to a hostname. For further information, please refer to Google Cloud Platform Console Help.
Provide at least one email address in Developer contact information.
- Click Save and continue to progress to the Scopes page.
- Click Add or remove scopes to add as many scopes as required. The Update selected scopes panel will pop out from the right of the window. Select the tickbox for each scope you want to add or remove. You can also enter scopes manually in plain text using the field at the bottom of the panel.
- Click Save and continue to progress to the Summary page to review your selections. You can Edit any fields as required, otherwise click Back to dashboard to the OAuth consent screen where your new OAuth is now visible.
- Click Credentials on the sidebar. Then, in the Credentials window, click + Create credentials → OAuth client ID.
- On the Create OAuth client ID page, select Web application under Application type to reveal further options. Then, provide details for the following fields:
- Name: Provide a descriptive name for the client ID.
- Authorised redirect URIs: Select the + Add URI button to add a new URI. Provide the callback URL (copied from the Manage OAuth dialog in Matillion ETL earlier). When setting up an OAuth, Google does not allow specifying of an IP address for redirect URLs. Viable domain addresses must be .com or .org. For more information about how to modify the Callback URL in your Matillion ETL instance, read Changing the Host File.
- Click Create to proceed.
A confirmation popup will appear, and when closed, you will return to the Credentials page, where you can see your new OAuth entry. Select it to view the details, and copy both the client ID and client secret from the fields as they will be required to authorize in Matillion ETL.
- Make sure to copy the client secret right away as it may appear only once.
- Additionally, when copying these credentials, some browsers may add a space to the end of the code. Watch out for this as it will cause the credentials to fail.
A service API will now need to be enabled to work with the newly created credentials. Click Library on the sidebar, and in the API Library window type the name of the relevant service into the search field at the top of the screen, or scroll down and click on the relevant service block.
- Once a service has been selected, the relevant API window will open. To enable the API for use with the app, click Enable.
- Now return to the Manage OAuth dialog in Matillion ETL to complete the OAuth configuration.