User APIs, Apps APIs

The web interface of Piwik Pro is good for manual setup. But if you need to check which permissions a specific user has it gets disgusting.

That’s when you want to use the various APIs Piwik Pro offers to solve this problem programmatically.

So piwikproR was extended by some parts of the users-API and apps-API.

Which Websites are tracked?

So first, let’s fetch a list of websites (called apps in Piwik Pro API).

# Piwik credentials
piwik_pro_credentials <- list(
  client_id = "my_client_id",
  client_secret = "my_client_secret",
  url = ""
# Fetch a Piwik token
token <- get_login_token(piwik_pro_credentials)

There are two kinds of ‘websites’ being tracked: Apps are single instances of websites. These can be combined to metasites. See for more about metasites.

Therefore there are two different ways to fetch the list of those apps/metasites.


apps <- get_apps_list(token) 

The result of get_apps_list() is a data.frame containing the available apps with some information, esp. an id.

#> # A tibble: 3 × 5
#>   type           id                name  addedAt             updatedAt          
#>   <chr>          <chr>             <chr> <dttm>              <dttm>             
#> 1 ppms/meta-site some-hex-id-numb… site… 2022-01-02 08:10:20 2022-01-04 10:08:10
#> 2 ppms/meta-site some-hex-id-numb… site… 2022-02-02 08:10:20 2022-02-04 10:08:10
#> 3 ppms/meta-site some-hex-id-numb… site… 2022-03-02 08:10:20 2022-03-04 10:08:10

The id can be used for further queries.


Metasites can be fetched similarly:

metasites <- get_metasites_list(token)

The result looks similar. Unfortunately Piwik Pro named the fields slightly differently.

#> # A tibble: 3 × 5
#>   type      id                 name      created_at          updated_at         
#>   <chr>     <chr>              <chr>     <dttm>              <dttm>             
#> 1 ppms/apps some-hex-id-meta-1 Meta sit… 2022-01-02 08:10:20 2022-01-04 10:08:10
#> 2 ppms/apps some-hex-id-meta-2 Meta sit… 2022-02-02 08:10:20 2022-02-04 10:08:10
#> 3 ppms/apps some-hex-id-meta-3 Meta sit… 2022-03-02 08:10:20 2022-03-04 10:08:10

App Details

Knowing the id of an app you can use get_app_detail() to fetch the configuration and detailed information of this app.

This function may be useful if you want to check whether all of your apps are configured the same way or you’re looking for all apps with enabled ecommerce extension.

Users and Permissions

As mentioned above it can be tedeous if you’re looking for all permissions a user has. So a good way to solve this problem is the API by calling get_permissions_for_app().

Let’s create a function which gets for a given app all users who have permission and add the app-id into column site.

permissions_per_site <- function(app) {
  get_permissions_for_app(token, app) %>% 
    mutate(site = app)

The result looks like this

permissions <- permissions_per_site('some_app_id')
#> # A tibble: 2 × 7
#>   type                id            email          permi…¹ group…² overa…³ site 
#>   <chr>               <chr>         <chr>          <chr>   <chr>   <chr>   <chr>
#> 1 app/permission/user some-hex-id-1 email@user-1.… no-acc… edit-p… edit-p… some…
#> 2 app/permission/user some-hex-id-2 email@user-2.… manage  no-acc… manage  some…
#> # … with abbreviated variable names ¹​permission, ²​group_permissions,
#> #   ³​overall_permissions

There are two ways to give permissions to a user: direct on the app-basis or using usergroups (see Both are returned in column permission resp. group_permissions. The resulting permission is returned in column overall_permissions.

So now it’s easy to iterate over all apps, get the permissions of each user and filter for only the users who have permissions.

complete_permissions <- apps %>% 
  pull(id) %>% 
  map_dfr(permissions_per_site) %>% 
  left_join(apps, by = c("site" = "id")) %>% 
  filter(overall_permissions != "no-access")