Legacy Google+ APIs have been shut down as of March 7, 2019. Changes to the shutdown plan have been made recently which may mitigate its effect on some developers. Learn more.

Google+ integrations for web and mobile apps have also stopped functioning as of March 7, 2019. Learn more.

Authentication

Every request your application sends to the Google+ API needs to identify your application to Google. For the Google+ Domains API, you should use an OAuth 2.0 access token when you are making calls, as every API call is made on behalf of a given user.

Authorizing requests with OAuth 2.0

Requests to the Google+ Domains API must be authorized by an authenticated user. OAuth 2.0 is the recommended way to access the API. You should use the Google APIs client libraries to handle your OAuth 2.0 flows.

OAuth 2.0 is a web standard specification. For detailed information about how OAuth 2.0 works, see the complete OAuth 2.0 documentation. The following example demonstrates how to complete a server-side OAuth 2.0 flow to retrieve an access token on behalf of a user, as well as a refresh token to perform actions on behalf of the user when they are offline.

Java

import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.auth.oauth2.CredentialRefreshListener;
import com.google.api.client.auth.oauth2.TokenErrorResponse;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.services.plusDomains.PlusDomains;

import java.util.Arrays;
import java.io.BufferedReader;

// List the scopes your app requires:
private static List<String> SCOPE = Arrays.asList(
    "https://www.googleapis.com/auth/plus.me",
    "https://www.googleapis.com/auth/plus.stream.write");

// The following redirect URI causes Google to return a code to the user's
// browser that they then manually provide to your app to complete the
// OAuth flow.
private static final String REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";

GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
    new NetHttpTransport(),
    new JacksonFactory(),
    CLIENT_ID, // This comes from your API Console project
    CLIENT_SECRET, // This, as well
    SCOPE)
    .setApprovalPrompt("force")
    // Set the access type to offline so that the token can be refreshed.
    // By default, the library will automatically refresh tokens when it
    // can, but this can be turned off by setting
    // dfp.api.refreshOAuth2Token=false in your ads.properties file.
    .setAccessType("offline").build();

// This command-line server-side flow example requires the user to open the
// authentication URL in their browser to complete the process. In most
// cases, your app will use a browser-based server-side flow and your
// user will not need to copy and paste the authorization code. In this
// type of app, you would be able to skip the next 5 lines.
// You can also look at the client-side and one-time-code flows for other
// options at https://developers.google.com/+/web/signin/
String url = flow.newAuthorizationUrl().setRedirectUri(REDIRECT_URI).build();
System.out.println("Please open the following URL in your browser then " +
    "type the authorization code:");
System.out.println("  " + url);
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
String code = br.readLine();
// End of command line prompt for the authorization code.

GoogleTokenResponse tokenResponse = flow.newTokenRequest(code)
    .setRedirectUri(REDIRECT_URI).execute();
GoogleCredential credential = new GoogleCredential.Builder()
    .setTransport(new NetHttpTransport())
    .setJsonFactory(new JacksonFactory())
    .setClientSecrets(CLIENT_ID, CLIENT_SECRET)
    .addRefreshListener(new CredentialRefreshListener() {
      @Override
      public void onTokenResponse(Credential credential, TokenResponse tokenResponse) {
        // Handle success.
        System.out.println("Credential was refreshed successfully.");
      }

      @Override
      public void onTokenErrorResponse(Credential credential,
          TokenErrorResponse tokenErrorResponse) {
        // Handle error.
        System.err.println("Credential was not refreshed successfully. "
            + "Redirect to error page or login screen.");
      }
    })
    // You can also add a credential store listener to have credentials
    // stored automatically.
    //.addRefreshListener(new CredentialStoreRefreshListener(userId, credentialStore))
    .build();

// Set authorized credentials.
credential.setFromTokenResponse(tokenResponse);
// Though not necessary when first created, you can manually refresh the
// token, which is needed after 60 minutes.
credential.refreshToken();

// Create a new authorized API client
PlusDomains plusDomains = new PlusDomains.Builder(new NetHttpTransport, new JacksonFactory, credential).build();

Python

import httplib2

from apiclient.discovery import build
from oauth2client.client import OAuth2WebServerFlow

# List the scopes your app requires:
SCOPES = ['https://www.googleapis.com/auth/plus.me',
          'https://www.googleapis.com/auth/plus.stream.write']

# The following redirect URI causes Google to return a code to the user's
# browser that they then manually provide to your app to complete the
# OAuth flow.
REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob'

# For a breakdown of OAuth for Python, see
# https://developers.google.com/api-client-library/python/guide/aaa_oauth
# CLIENT_ID and CLIENT_SECRET come from your API Console project
flow = OAuth2WebServerFlow(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET,
                           scope=SCOPES,
                           redirect_uri=REDIRECT_URI)

auth_uri = flow.step1_get_authorize_url()

# This command-line server-side flow example requires the user to open the
# authentication URL in their browser to complete the process. In most
# cases, your app will use a browser-based server-side flow and your
# user will not need to copy and paste the authorization code. In this
# type of app, you would be able to skip the next 3 lines.
# You can also look at the client-side and one-time-code flows for other
# options at https://developers.google.com/+/web/signin/
print 'Please paste this URL in your browser to authenticate this program.'
print auth_uri
code = raw_input('Enter the code it gives you here: ')

# Set authorized credentials
credentials = flow.step2_exchange(code)

# Create a new authorized API client.
http = httplib2.Http()
http = credentials.authorize(http)
service = build('plusDomains', 'v1', http=http)

Revoking access to a token or application

At any time, a user can revoke access to any app that they previously authorized.

To programmatically revoke access for any given access token, see the examples below. This will also revoke any associated refresh token.

Java

// This sample demonstrates how to execute an HTTP GET request to revoke
// the current token. This example assumes that you have the user's
// token saved as `tokenData`. For a more complete example demonstrating
// how to also manage a user's session and check the response, see the
// Google+ Java quickstart
// (https://developers.google.com/+/quickstart/java).

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.HttpResponse;

// Build the credential from stored token data.
GoogleCredential credential = new GoogleCredential.Builder()
    .setJsonFactory(JSON_FACTORY)
    .setTransport(TRANSPORT)
    .setClientSecrets(CLIENT_ID, CLIENT_SECRET).build()
    .setFromTokenResponse(JSON_FACTORY.fromString(
        tokenData, GoogleTokenResponse.class));
// Execute HTTP GET request to revoke current token.
HttpResponse revokeResponse = TRANSPORT.createRequestFactory()
    .buildGetRequest(new GenericUrl(
        String.format(
            "https://accounts.google.com/o/oauth2/revoke?token=%s",
            credential.getAccessToken()))).execute();

Python

# This example assumes that you have the user's token saved within the
# `credentials` structure. For a more complete example demonstrating
# how to also manage a user's session and check the response, see the
# Google+ Python quickstart
# (https://developers.google.com/+/quickstart/python).

import httplib2

access_token = credentials.access_token
url = 'https://accounts.google.com/o/oauth2/revoke?token=%s' % access_token
h = httplib2.Http()
result = h.request(url, 'GET')[0]

Send feedback about...

Google+ Domains API
Google+ Domains API