Apps Documentation & Support
- New Admin console: Security > Advanced settings > Authentication > Manage OAuth domain key
- Classic Admin console: Advanced Tools > Manage OAuth domain key (under the Authentication section)
The "Manage OAuth key and secret for this domain" page allows you to enable, disable or update the OAuth consumer secret for your domain. For the basic features of OAuth, see the "Overview of OAuth in Google Apps".
For sending OAuth requests to Google Apps, you can either:
-
Use the OAuth consumer key and consumer secret (HMAC-SHA1 signature method)
or
- Upload a X.509 certificate (RSA signature method)
The consumer key and secret is usually preferred over the certificate for performance reasons.
OAuth consumer key
Click "Enable this consumer key" if you want to generate OAuth requests with it.
OAuth consumer secret
You can regenerate a new consumer secret at any time, for example, if you decide to no longer allow access from a certain client.
X.509 Certificate
This is an option to using the consumer key and secret for signing requests. For more information on generating a certificate, see "Generating a self-signing private key and public certificate".
Two-legged OAuth access control
Click "Allow access to all APIs" to bypass any access control checks in the Google Data API when using the the domain key. For example, if this setting is enabled, a domain administrator can view and/or modify the Google Data API's, such as Google Calendar or Google Document List feeds for any user in their domain.
Also some Google Apps applications, such as the Google Apps Connector for BlackBerry Enterprise Server, require this broad level of OAuth access.
Following are the Google Data APIs that currently support two-legged OAuth for Google Apps domains:
| Google API | Scope |
|---|---|
| Calendar Data API | http(s)://www.google.com/calendar/feeds/ |
| Contacts Data API | http(s)://www.google.com/m8/feeds/ |
| Documents List Data API | http(s)://docs.google.com/feeds/ |
| Finance Data API | http(s)://finance.google.com/finance/feeds/ |
| Sites Data API | http(s)://sites.google.com/feeds/ |
| Spreadsheets Data API | http(s)://spreadsheets.google.com/feeds/ |
| Calendar Resources HTTPS Read Only | https://apps-apis.google.com/a/feeds/calendar/resource/#readonly |
| Groups Rosters HTTPS Read Only | https://apps-apis.google.com/a/feeds/group/#readonly |
| Nicknames HTTPS Read Only | https://apps-apis.google.com/a/feeds/nickname/#readonly |
| Users HTTPS Read Only | https://apps-apis.google.com/a/feeds/user/#readonly |
Additional resources
- OAuth for Google Apps documentation: Comprehensive overview; describes how to make a signed requests to any Google Data API.
- Registration for Web Apps documentation: For third-party developers to learn register their applications for access through Google Apps using OAuth.
