javagoogle-oauthgoogle-api-java-clientservice-accountsyoutube-analytics-api

Can I get authorization for Youtube's Reporting API from a non UI application?


I want to run an application (on AWS Lambda) periodically that fetches reports using Youtube's reporting API and stores the reports in a database. I'm the owner of the Youtube channel.

However, I'm facing issues setting up the authorization. The docs mention a number of flows for OAuth. Among them, the service account flow seems to be the right fit here since I'm not trying to access any other user's data and my app won't have a UI. However, they mention that "the YouTube Reporting API and YouTube Analytics API do not support this flow". For the other flows i.e. server-side and client-side, it looks like I would need a UI application.

I ran their Java code samples locally and it opens up the browser for authorization.

I would like to know if the authorization can be done without a UI/browser support. This seems like a common use case that should be supported.

This related stack overflow answer mentions "Instead, create and use web client google credentials. Store and use the token generated from the flow.". If I understand this correctly, I would need to generate Client ID and Client secret from google dev console and then maybe use the oauth playground to generate an access token. However, this token would expire within 24 hours. I can keep refreshing the token but this seems like a workaround.

In case it's not supported, an alternative I'm considering is that my application sends out an email with the auth link and continues running once the email recipient opens the link and logs in. I would like to know if getting that link is feasible with google's oauth library.

Note: I'm not using Google's App Engine or Compute Engine.


Solution

  • YouTube apis do not support service account authorization. You will need to use Oauth2 authorize your code once using offline access. this will give you a refresh token which can be used at anytime in the future to request a new access token.

    You will need to upload this refresh token to the server along with your code and it will then be able to access your data without requesting access of a user.