Stay organized with collections
Save and categorize content based on your preferences.
This section contains instructions specific to the Google Play Developer API. See the
full OAuth2 documentation
for more details.
Initial configuration
Access to the Google Play Android Developer API is authenticated using the
OAuth 2.0 Web Server
flow. Before you can use the API, you will need to set up an APIs Console
project, create a client ID and generate a refresh token.
Creating an APIs Console project
Go to the APIs Console and log in
with your Google Play Console account.
Select Create project.
Go to Services in the left-hand navigation panel.
Turn the Google Play Android Developer API on.
Accept the Terms of Service.
Go to API Access in the left-hand navigation panel.
Select Create an OAuth 2.0 client ID.
On the first page, you will need to fill in the product name, but a logo
is not required. Note that your end users will not see the product name.
On the second page, select web application and set the redirect URI and
Javascript origins. Both of these settings can be changed later.
Select Create client ID.
Generating a refresh token
While logged in with your Google Play Console account, go to the
following URI:
The browser will be redirected to your redirect URI with a code
parameter, which will look similar to 4/eWdxD7b-YSQ5CNNb-c2iI83KQx19.wp6198ti5Zc7dJ3UXOl0T3aRLxQmbwI.
Exchange this code for an access and refresh token pair by sending a POST
request to https://accounts.google.com/o/oauth2/token with the
following fields set:
grant_type=authorization_code
code=<the code from the previous step>
client_id=<the client ID token created in the APIs Console>
client_secret=<the client secret corresponding to the client ID>
redirect_uri=<the URI registered with the client ID>
A successful response will contain your tokens in JSON format:
Once you have generated the client credentials and refresh token, your servers
can access the API without an active login or human intervention.
Using the access token
Servers can make calls to the API by passing the access token in the
Authorization header of the request:
Authorization: Bearer oauth2-token
Using the refresh token
Each access token is only valid for a short time. Once the current access token
expires, the server will need to use the refresh token to get a new one. To do
this, send a POST request to https://accounts.google.com/o/oauth2/token with
the following fields set:
grant_type=refresh_token
client_id=<the client ID token created in the APIs Console>
client_secret=<the client secret corresponding to the client ID>
refresh_token=<the refresh token from the previous step>
A successful response will contain another access token:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-08-21 UTC."],[[["\u003cp\u003eAccess to the Google Play Android Developer API is authenticated using the OAuth 2.0 Web Server flow and requires initial configuration.\u003c/p\u003e\n"],["\u003cp\u003eBefore using the API, developers need to set up an APIs Console project, create a client ID, and generate a refresh token.\u003c/p\u003e\n"],["\u003cp\u003eServers can access the API using short-lived access tokens passed in the Authorization header, requiring refresh tokens for continued access.\u003c/p\u003e\n"],["\u003cp\u003eRefresh tokens enable web servers to maintain API access without an active Google account login, by exchanging them for new access tokens.\u003c/p\u003e\n"]]],["First, create an APIs Console project, enable the *Google Play Android Developer API*, and generate an OAuth 2.0 client ID. Next, navigate to a specified URI to receive a code, then exchange this code for an access and refresh token by sending a POST request to a specific URL with necessary details. To access the API, pass the access token in the request header. When expired, obtain a new access token by sending a POST request with the refresh token.\n"],null,["# Authorization\n\nThis section contains instructions specific to the Google Play Developer API. See the\n[full OAuth2 documentation](https://developers.google.com/accounts/docs/OAuth2)\nfor more details.\n\nInitial configuration\n---------------------\n\nAccess to the Google Play Android Developer API is authenticated using the\n[OAuth 2.0 Web Server](https://developers.google.com/accounts/docs/OAuth2WebServer)\nflow. Before you can use the API, you will need to set up an APIs Console\nproject, create a client ID and generate a refresh token.\n\n### Creating an APIs Console project\n\n1. Go to the [APIs Console](https://code.google.com/apis/console) and log in with your Google Play Console account.\n2. Select **Create project**.\n3. Go to **Services** in the left-hand navigation panel.\n4. Turn the *Google Play Android Developer API* on.\n5. Accept the Terms of Service.\n6. Go to **API Access** in the left-hand navigation panel.\n7. Select **Create an OAuth 2.0 client ID** .\n - On the first page, you will need to fill in the product name, but a logo is not required. Note that your end users will not see the product name.\n - On the second page, select web application and set the redirect URI and Javascript origins. Both of these settings can be changed later.\n8. Select **Create client ID**.\n\n### Generating a refresh token\n\n1. While logged in with your Google Play Console account, go to the following URI: \n\n ```\n https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=...&client_id=...\n ```\n | **Note:** the `redirect_uri` parameter must match the value registered with the client ID exactly, including the trailing backslash, if present.\n2. Select **Allow access** when prompted.\n3. The browser will be redirected to your redirect URI with a `code` parameter, which will look similar to `4/eWdxD7b-YSQ5CNNb-c2iI83KQx19.wp6198ti5Zc7dJ3UXOl0T3aRLxQmbwI`.\n4. Exchange this code for an access and refresh token pair by sending a POST request to `https://accounts.google.com/o/oauth2/token` with the following fields set: \n\n ```\n grant_type=authorization_code\n code=\u003cthe code from the previous step\u003e\n client_id=\u003cthe client ID token created in the APIs Console\u003e\n client_secret=\u003cthe client secret corresponding to the client ID\u003e\n redirect_uri=\u003cthe URI registered with the client ID\u003e\n ```\n A successful response will contain your tokens in JSON format: \n\n ```\n {\n \"access_token\" : \"ya29.ZStBkRnGyZ2mUYOLgls7QVBxOg82XhBCFo8UIT5gM\",\n \"token_type\" : \"Bearer\",\n \"expires_in\" : 3600,\n \"refresh_token\" : \"1/zaaHNytlC3SEBX7F2cfrHcqJEa3KoAHYeXES6nmho\"\n }\n ```\n\nAccessing the API\n-----------------\n\nOnce you have generated the client credentials and refresh token, your servers\ncan access the API without an active login or human intervention.\n\n### Using the access token\n\nServers can make calls to the API by passing the access token in the\n`Authorization` header of the request: \n\n```\nAuthorization: Bearer oauth2-token\n```\n\n### Using the refresh token\n\nEach access token is only valid for a short time. Once the current access token\nexpires, the server will need to use the refresh token to get a new one. To do\nthis, send a POST request to `https://accounts.google.com/o/oauth2/token` with\nthe following fields set: \n\n```\ngrant_type=refresh_token\nclient_id=\u003cthe client ID token created in the APIs Console\u003e\nclient_secret=\u003cthe client secret corresponding to the client ID\u003e\nrefresh_token=\u003cthe refresh token from the previous step\u003e\n```\n\nA successful response will contain another access token: \n\n```\n{\n \"access_token\" : \"ya29.AHES3ZQ_MbZCwac9TBWIbjW5ilJkXvLTeSl530Na2\",\n \"token_type\" : \"Bearer\",\n \"expires_in\" : 3600,\n}\n```\n\nThe refresh token thus allows a web server continual access to the API without\nrequiring an active login to a Google account."]]