OAuth: Managing API client access

Google APIs use the OAuth 2.0 protocol for authentication and authorization. Google supports common OAuth 2.0 scenarios such as those for web server, installed, and client-side applications.

In the Admin console, you can control your internal and third-party application's access to supported Google APIs (scopes).

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Securityand thenAdvanced Settings.

    To see Security on the Home page, you might have to click More controls at the bottom.

  3. Click Manage API client access.
  4. On the Manage client API access page, you can:
  • Add a client: Enter the client name (also known as the unique ID or client ID) provided by the third-party vendor. If you're the owner of the service account, you can find the unique ID:
    1. Open your Google Cloud Platform Console and select the Cloud project.
    2. In the side bar, go to IAM & Admin > Service accounts.
    3. Select the service account to get the unique ID.
  • Specify scopes: For each client, you can specify multiple APIs, separated by commas. For example, to allow access to both the Contacts and Documents List API, set the scope to "http://www.google.com/m8/feeds/, http://www.google.com/feeds/". You can use any of the OAuth 2.0 Scopes for Google APIs. Check that the client is known to you and that they have an appropriately small scope of access. 
  • Remove a client: Click Remove. Be careful when revoking access as those applications that depend on the authorization will immediately stop working.
Was this helpful?
How can we improve it?