Submitting your app for verification

Note: If you have completed any of the steps, please skip to the next step.

Create or select a project for verification

For your app to access and use Google OAuth APIs, it must have a corresponding Google Cloud project. A cloud project allows you to identify your app with Google and set up the configurations needed for your app to access Google APIs.

  • If you do not already have a Google Cloud project for your app you need to create one
  • If you have an existing project for your app, select that project and follow the instructions below.

Enable “APIs & Services” for your app

Before you can add any Google product API scopes to your project, the respective APIs will need to be enabled through the API Console. When enabling a Google product API be sure to read and understand the corresponding API documentation

To enable an API for your project:

  1. Open the API Library in the Google API Console.
  2. If prompted, select a project, or create a new one.
  3. The API Library lists all available APIs, grouped by product family and popularity. If the API you want to enable isn't visible in the list, use search to find it, or click View All in the product family it belongs to.
  4. Select the API you want to enable, then click the Enable button.
  5. If prompted, enable billing.
  6. If prompted, read and accept the API's Terms of Service.
Note: Carefully read the “API reference” document to understand what specific methods of the API you will need. This will help you comply with the “narrowest scopes” requirement.

Setup OAuth Consent Screen

To set up the OAuth Consent Screen for your project:

  1. Open the Google API console
  2. Navigate to "OAuth Consent Screen"

Note that you will go through different paths to get to the OAuth Consent Screen Configuration based on if you are creating a new app or editing an existing app.

  1. If you are editing an existing app, select "Edit App".  Complete the following screens, selecting "Save and Continue" to proceed to the next screen.
  2. If you are configuring a new app you will not see the “Edit App” button as you are configuring the screen for the first time. Complete the following screens, selecting "save and continue" to proceed to the next screen
  

Details about different components on the OAuth Consent Screen

The OAuth Consent Screen tells users which app is requesting access to their data and what kind of data (scopes) the app needs. To begin setting up the consent screen, complete the following details on OAuth Consent Screen Configuration. Click “Save and Continue” of each page to move to the next page or step.

 

Fields

Detailed Description

User type

External: Apps configured with a user type of External are available to any user with a Google Account. Your app will start in the "test mode" and will only be available to users you add to the "test users" list.

It is a recommended best practice to have separate cloud projects for development/testing and production/publishing.

Once your app is ready for release (publication), create and configure a separate "production" Google Cloud project. You may need to verify your production project (see verification requirements section) before it is available to external users.

Internal: Use this designation if your app is for use only by users in your organization. This option is only available for apps created under a Google Workspace Organization. You will not need to submit your app for verification. Learn more here.

This field only appears when you create a new app for the first time.

App name

This is the name of the app that would appear on the user's consent screen.

User support email

This should be the email address where the user can reach out for support.

App logo

This is the logo of the app you want to display on the user consent screen

App home page

Link to app home page. See homepage requirements

App privacy policy

Link to app's privacy policy. See privacy policy requirements.

App ToS

Link to the app's Terms of Service.

Authorized domains

Add authorized domains. See authorized domains requirements.

Developer contact information

Contact information that Google can use to contact you and other’s about the app. It is critical to always have this information up-to-date so you can receive important updates regarding your project and app.

Scopes

Expresses the permission you request users to authorize for your app and allows your app to access specific private user data from their Google account.

  • Use the Add or remove scopes button to declare all scopes requested by your app.
  • Only request the narrowest scopes that are needed for your app’s functionality.
  • If your requested scope goes beyond the usage needed, your verification request may be rejected or you will be directed to request a narrower scope to proceed with verification.
  • Once the scopes are added they are classified and listed as non-sensitive, sensitive and restricted. Your app’s verification requirements are guided by the scopes you added in this step.

Add test users

This functionality is available only to apps which are still in the “test” phase. This is not available to apps that have been “published” to the “production” state. In this step, add user accounts you want to use to test your app during active development and before submitting for verification.

Optional info

This section allows you to provide more details for your app that may help with the verification process.

Summary

Summary provides you a one page view of all the details entered for your app including the list of scopes that has been added to your app.

Create client credentials

Any app using OAuth 2.0 to access Google APIs must possess credentials that identify and authenticate the app to Google's OAuth 2.0 server. To learn how to generate credentials for your project, choose the type of app for which you want to create client credentials.

Prepare and submit for verification

  1. Publish your app to production.
  • Apps in development, testing or staging are not applicable for verification.
  • Once your app is ready for verification, publish your app from “testing” to “production”  by clicking on the “Publish App” button.
  1. Once your app is published to production, click “Prepare for Verification” to proceed to submit your app for verification.
  • In the next page you will be presented with all the information you have configured for your app. Read through all details to make sure all details are correct and up-to-date, then click “Save and Continue”
  1. Scope Justification: If your app is requesting any sensitive or restricted scopes, you will need to explain how your app will use these scopes.
  2. Demo Video: Provide a video that demonstrates the functionality, the OAuth flow of the app and shows how the scopes are being used. See the requirements to know how to provide an effective demo video.
  3. In the final step, click on “Submit for Verification” to begin the app review process. Once your app is submitted for verification, the OAuth review team will review all the submitted details. 

What's next

  • Once you have submitted your app for verification, Google's OAuth review team will review your submission against all applicable requirements.
  • All communications with the OAuth review team will occur over email to the project owners and project editors configured when setting up your project. Hence it is critical to keep your project contact details up-to-date.
    • If your app is requesting access to restricted scopes, the OAuth review team will reach out to you when it's time to start the security assessment.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Main menu
5458931916456608323
true
Search Help Center
true
true
true
true
true
95384
false
false