Search
Clear search
Close search
Google apps
Main menu

OAuth: Managing API client access

Important: OAuth 1.0 2LO will be entirely deprecated on October 20, 2016. The easiest way to migrate to the new standard is to use OAuth 2.0 service accounts with domain-wide delegation.

Location: Security > Advanced settings > Authentication > Manage OAuth domain key

What it does: The Manage API client access page allows you to control custom internal application and third-party application access to supported Google APIs (scopes). Refer to the list of OAuth 2.0 scopes.

On the Manage client API access page, register your client in the Authorize a new API client settings. You enter the client name and the scope, and click Authorize.

Enter the client name provided by the third-party vendor and specify the scope. Add a new client by entering the client name (OAuth consumer key) and API scope and clicking "Authorize". You should verify that the client is known to you and that they have an appropriately small scope of access. For example to allow www.plaxo.com to access Contacts and Calendar APIs, add an entry with "4575686745" as the client ID and a scope value of "http://www.google.com/m8/feeds/, https://www.google.com/calendar/feeds/".

For each client, you can specify multiple APIs, separated by commas. For example, to allow access to both the Contacts and Documents List APIs: "http://www.google.com/m8/feeds/, http://www.google.com/feeds/". The list of clients is unique, and cannot have two entries in the list for one OAuth client. You can use any of the Google APIs that currently support two-legged OAuth for Google Apps domains.

Authorized API Clients
Add your APIs from the list of approved clients and their scope.

After the client has been added, you can remove a client that has a specified API scope by clicking the "Remove" link. If the client is the OAuth consumer key for your Google Apps domain, you'll see the link, "Manage". Clicking this link takes you to the Manage OAuth key and secret for this domain page where you can edit the client (for example, turn off global API scope access).

Caution: Be careful when revoking access as those applications that depend on the authorization will immediately stop working.

Third-party developers can learn more about registering and setting up OAuth for their web application. (Note: if you have an application on AppEngine that you would like to register, you must have a web server.)

You'll need to understand how to create and use OAuth service accounts.

Was this article helpful?
Sign in to your account

Get account-specific help by signing in with your Apps for Work account email address, or learn how to get started with Apps for Work.