I have a catch 22 situation here with the google analytics tracking code.
I have a form that upon submission submits data to an api.
We recently decided to record this submission as an ecommerce transaction with the google analytics tracking code. The transaction does not get recorded until the application get submitted and returns data from the api. This is because data from the api is included in the transaction.
The issue is that the form also autosaves data to a database so that if the form is not completely filled out and/or submitted an automated php script can pick it up later for submission to the api.
Now the catch 22
I need to find a way to implement this for the data that is submitted via the automated php script.
3 solutions that won't work
Submitting the the transaction on the serverside to ga. This is possible, but in this scenario all the data that google analytics collects from the client comes from the server which eliminates the whole purpose of using google analytics to begin with.
Submitting the transaction before the form is submitted. Remember we need to retrieve data from the api to submit in the transaction.
Saving information about the client to the database for including in headers when submitting the transaction on the serverside to google analytics. Something like this would probably work that is if I new all the information that google analytics collects about the client, how to spoof my ip address and had the time to build a solution like this.
Use AJAX for your auto-saves and use SUBMIT for the final update.
For option 3, you could use the Urchin tracking methods to simulate the data as it would be sent to Google Analytics, and instead send it to a local file which scrapes the request info and then sends it to Google when its done.
So, your JS code would look like this:
var pageTracker = _gat._getTracker("UA-XXXX-1");
pageTracker._setLocalServerMode(); //this disables external GA calls.
pageTracker._setLocalGifPath("/foo/bar.gif");
pageTracker._trackPageview(); //or your transaction calls
From looking at the URL request this makes against a regular __utm.gif request, it seems that the only important thing missing is the utmcc parameter, which appears to be a url-encoded version of the Google Analytics cookies. You'd want to track this as well (out of document.cookie, or on the server side), so that you could add it to the query string when you make your Google Analytics request. This is important because this is where the session and source information is stored; otherwise your tracking won't have context.
Then, on the server, bar.gif could rewrite to bar.php, which captures the query string and request headers that Google would have sent to its servers (of primary importance is the query string and the user agent string and the IP address); , and then adds whatever data it needs, then takes the resulting query string and makes a cURL request to the Google Analytics version of that URL, with spoofed headers for browser, etc.
Unless you can use asynchronous tracking code to send the data after the API returns the necessary bits of data, there is no sensible way. The method described above is good and all, but would still require you to spoof IPs to Google, as the IP is read from the incoming call and it would again be the server.
In my experience Google Analytics is not the correct tool for cases such as this (server side tracking).
There's a question about sending Google Analytics hits from the serverside at #1027660 that has several suggestions on how to generate a server-side click.
Whilst that contravenes your "can't do it this way #3", you might find it looks simple enough to be worth breaking that rule.
Good luck!
Related
At my company we tend to put Google Analytics on our sites to gather some basic statistics like page views, bounce rates and others.
Recently it has been decided that Analytics should be further harnessed to gain insight into how our websites fair in terms of hitting particular targets.
Now, when using PHP frameworks such as Laravel, much of the architecture out of the box is based on server side code.
One example: submitting a form
User submits a form and you track a successful form submission with Analytics, but if the form submits and then the server side validation fails, this is actually a failure.
My question:
How do you effectively use Google Analytics with a server side framework? If you're not using AJAX there isn't even a callback for the JavaScript code to use.
So, the only way you could track a success in most cases would be to have a page load event for a thank you page or something similar.
Further to this, if all your validation is server side, would you not end up having to nest any GA events with PHP code anyway?
You can use this Laravel Package to send custom events to Google Analytics in PHP:
https://github.com/irazasyed/laravel-gamp
HTML page has a submit button. On clicking the button, the 4 APIs has to be called. All the 4 APIs are linked to each other.
For instance, the first API is used to get the access token. And the token is passed in the second API to process the GET request.
I am new to REST APIs and not sure whether it's easy to call via HTML or better way by using PHP.
You want to use, not to implement API.
You should decide first on which side (server or client) it should be implemented.
On server side you do requests on your behalf. You are responsible for them. They are done from your IP address. But you can hide API address from client, you can cache response or control this process somehow. Use PHP cURL extensions for that.
On client side, requests is performed by end user, from his IP. Read How to enable cross-domain request on the server? to learn about requests to different domains. Search for AJAX. Probably, use some library like jQuery to write less code.
I am building a PHP&MySQL website.
I managed to successfully use the Google Places API on the client side of my website (using JavaScript). I am passing the formatted_address (chosen by the user via the Google Places API) to the PHP script.
The trouble is, I haven't got a clue how I can validate on the server side whether or not the input is genuinely a Google Places API result, or it has been tampered with prior to submission.
I have scoured the web looking for a basic tutorial of how to use the Google Places API via to PHP to no avail.
Any ideas?
Thanks.
The only way I guess you can do that is call the google Places Api with the same input the user had given and retrieve the JSON/xml Result and check it with your form Submission,but that would be an additional request on your api key.
Usually the best practice to do this will be sending these critical data from the server to the client via JSON. I suggest you try that, this method is tedious.
I have developed a website with my friend. For the front-end we are using AngularJS, and for the backend we're using Laravel.
Whenever data has to be fetched, an API call is made from front-end to PHP.
My concern is that this API call is clearly visible in network panel. Then some bad guy can easily abuse this API. How can I avoid this?
In most cases exposing your API is not bad thing, but you need to think about this:
1. You should design your API, so only legitimate operations can be made. In example: person shouldn't be able to delete whole database using API.
2. You could provide some authentication mechanism if needed, so the person trying to call your API will have to be logged in (authentication token should be stored in session and verified in server-side with every API call).
If you want to hide POST/GET Params form console. Try to make JSONP call in angular . JSONP calls are not real ajax requests and won't be shown in Firebug. You can also clear the console using clearconsole() after you receive the response and you can also authenticate the requesting IP in your laravel backend.
It's just like regular routing. For example: Everybody knows that they can access a user's profile on Facebook on the /:username route, but Facebook prevents unauthorized clients from viewing that data. The same concept is used for REST routes.
Just like regular page requests, AJAX calls and the data passed / received can be seen by the user. JSONP can be used to prevent the API requests from being logged by regular developer tools, but that is not a good security solution your API can still be discerned by a malicious user.
Even if you encrypt the request payload and the response, it can be intercepted by a malicious user before encryption and after decryption.
You mentioned using proper authentication on your API, which is usually good enough for most cases.
Overview
I'm currently working on a jQuery/HTML5 project that displays web performance data with a series of charts using an internal API to retrieve the data. The API is powered by Yii, but I am not working on it, so i cannot change or experiment with it myself.
Basically I am hoping someone can help identify if the API is the root cause of the problem or if it's a problem with the Ajax in my jQuery being incorrect.
A small explanation of the process my application goes through...
Application loads, uses user details to authenticate with API. Receives API Key from API.
After the key has been retrieved, several calls are made to retrieve data from the APi to display as the web performance data.
At set intervals, a generic is called to the database to check that the API Key has expired or not.
If the key has expired, it makes another request to the API for a new API Key as stated in step 1. If there are any problems with gaining an API key, this is when the user gets kicked off.
Restart cycle excluding getting the data.
Problem
All Ajax calls are made to the are crossdomain as both the project and the API are on separate sub domains. These are done using JSONP and a jQuery callback.
The problem I am having is that when I need to authenticate if the key is valid or not, if it is no longer valid, the API returns a 401 error which my Ajax does not register. If i view the API URL in Firefox, I can see the returned Json data, wrapped in a callback, but when I check firebug it says there is a request, but no response.
Basically when the API returns data that is not 200 OK, it doesn't send a response header at all.
However I have manually called the API using cUrl in terminal, and have received a response header, as well as in Google Chrome.
If someone could tell me if this is a well known issue with Firefox/jQuery or if this is a problem with the Yii API I would very much appreciate it.
Try adding this before your ajax call:
jQuery.support.cors = true; // force cross-site scripting in IE