![]() ![]() ![]() If your app requests any of the following scopes, and doesn't meet any of the criteria for an exception (see below), you will need to satisfy both the API Services User Data Policy, the Additional Requirements for Specific Scopes, which may require a more extensive review process. To check if scopes are sensitive or restricted, add the scopes to your project via the Google Cloud Console. If your app requests sensitive scopes, and doesn't meet any of the criteria for an exception (see below), you likely need to verify that your app follows the API Services User Data Policy.įor a complete list of Google APIs, see OAuth 2.0 Scopes for Google APIs. Some of the scopes used by the following APIs are considered sensitive see the API documentation or look for the lock icon in the Cloud Console. Sensitive and restricted scopes Sensitive scopes Exceptions to verification requirements.The rest of this page describes these requirements and the verification processes in more detail. For this reason, this restricted scopes verification process can potentially take several weeks to complete. One of these additional requirements is an independent, third-party security assessment. Apps that request restricted scopes must also verify that they follow Google’s API Services User Data Policy, but they must also meet the Additional Requirements for Specific Scopes.This sensitive scopes verification process typically can take up to 10 days to complete. Apps that request sensitive scopes must verify that they follow Google’s API Services User Data Policy and will not have to undergo an independent, third-party security assessment.This brand verification process typically takes 2-3 business days. If you change any of the details that appear on your OAuth consent screen, such as the project's logo, display name, homepage or privacy policy URL, or authorized domains, you need to have your app re-verified for branding prior to updates being published to your OAuth consent screen. All apps that access Google APIs must verify that they accurately represent their identity and intent as specified by Google’s API Services User Data Policy.The process you need to complete depends on whether your app requests sensitive scopes, or restricted scopes (all apps must complete the first process, brand verification): Restricted scopes are fewer in number, currently including only scopes used by the Gmail APIs, Drive APIs, and Google Fit APIs. If your app requests scopes categorized as sensitive or restricted, you will probably need to complete the verification process (see, however, the exceptions).Ī few examples of sensitive scopes are some of the scopes used by the Calendar API, People API, and YouTube Data API, but there are others. When you use OAuth 2.0 to get permission from your users to access this data, you use strings called scopes to specify the type of data you want to access and how much access you need. ![]() The applicability of this requirement to your app depends mostly on two factors: the type of user data you access-public profile information, calendar entries, files in Drive, certain health and fitness data, and so on-and the degree of access you need-read-only, read and write, and so on. If your app uses Google APIs to access Google users’ data, you might have to complete a verification process before you publish your app.
0 Comments
Leave a Reply. |