Scopes Management
Scopes express the permissions you request users to authorize for your app and allow your project to access specific types of private user data from their Google Account.
Scopes are categorized into :
- Non-Sensitive - These scopes relate to access to specific read-only data.
- Sensitive - Sensitive scopes are scopes that request access to private user data.
- Restricted - Restricted scopes are scopes that request access to highly sensitive user data. For example, user’s email data.
Requesting for sensitive or restricted scopes will require you to go through the verification process.
You can view the list of all scopes in the OAuth 2.0 Scopes for Google APIs page.
Add a New Scope
To add a new scope, navigate to the Data Access page and click the "ADD OR REMOVE SCOPES" button which will show a view to add a new scope.
Only scopes for enabled APIs are listed in the scopes table. To add a missing scope to the list of scopes, find and enable the API in the Google API Library or use the text box in the Manually add scopes section of the page to add a new unlisted scope.
Note : Certain scopes might be unavailable because usage of these scopes is restricted to projects using HTTPS URLs only. To enable the scopes, edit your OAuth clients and remove non-HTTPS URLs from the Clients page .
Click the "UPDATE" button after selecting all scopes you want to add to your app.
You should see the scopes you added included in the corresponding table in the scopes page depending on the scope classification.
Note : If a new sensitive or restricted scope is added to a list of verified scopes, do not immediately include this scope in the list of scopes in your request to the Google OAuth 2.0 endpoint until it is verified, else users will see an unverified app warning screen.
When requesting sensitive or restricted scopes, you must provide justification for the request. Additionally, you must include a link to a demo video that demonstrates how these scopes will be used.
If your app is requesting any sensitive or restricted scopes, you will need to explain how your app will use these scopes. This information should include how you will use the data you receive and why more limited scopes aren’t sufficient for your use case.
For restricted scopes, you will also be required to include information about the specific features you will be enabling with the restricted scopes as Google only allows data from restricted scopes to be used for specific purposes, like better productivity and other features that have clear user benefits. Learn more about the additional requirements for restricted scopes.
If your app is requesting any sensitive or restricted scopes, you will be required to provide a YouTube video demonstrating how you'll use the data from these scopes in your app. Your video must include all OAuth clients that you assigned to this project.
Your YouTube video should demonstrate the OAuth grant process by users and explain, in detail, how you’ll use sensitive and restricted scopes within the app's functionality for each OAuth client belonging to the project. The video should clearly show the app's details such as the app name, OAuth client ID, and so on.
Below is additional general guidance for the demo video.
General Guidance
As a reminder, your demo video must show the following:
- The end-to-end flow of your app including the OAuth grant process. Be sure to show all points of integration with the Google API you are requesting. For example, if there are multiple OAuth consent workflows, you must demonstrate each of these methods in your video.
- The complete OAuth Consent Screen. The consent screen must also show the same exact scopes you are requesting (or you have already been approved for) when you submit your app for verification. Please ensure the language setting on the bottom-left corner of the consent screen is toggled to “English."
- The app functionalities that utilize the requested OAuth scopes
Helpful tip! Voice or text narration highlighting the points above can greatly help facilitate our review. We suggest you use screen recording and/or video editing software to explicitly call out where the above criteria are met.
Important: Not meeting these requirements can slow down the verification process. Please make sure your demo video has met the above criteria before including it in your submission.
Remove Scope
If scope is no longer needed, navigate to the Data Access page and click on the delete icon next to the scope you want to delete.
If you remove a scope, ensure the scope is also removed from requests you are making to the Google OAuth 2.0 endpoint. Using an unregistered scope, even if previously verified, will result in the user seeing the
unverified app warning screen.