Enabling script authorization and access

The Apps Script API requires different types of authorizations depending on your goal:

  • Use the Apps Script API in your app.
  • Allow other applications to manage your script project data or deployments.

If you need to use the Apps Script API in your application, you must enable the API in the application's Google Cloud project. This allows you to create OAuth credentials so that users of the application can authorize it.

If you want to let third-party applications manage the content or deployment of your script projects, you must grant access to your script projects.

Using the Apps Script API in your app

If you want to use the Apps Script API inside your app, you must enable the Apps Script API in your application's GCP project. After enabling the Apps Script API, you can create OAuth credentials and download the client ID and secret to include in your application. You can also monitor the API usage in the Google Cloud console.

You can use this wizard to create or select a Google Cloud project in the API console and automatically enable the API. Alternatively, you can open the console's Manage Resources page, select a project, then search for and add the Apps Script API manually using the project's APIs & services dashboard. Once you've enabled the API, you can create OAuth credentials, client IDs, and client secrets for your applications in the APIs & services > Credentials panel.

The Apps Script API quickstarts provide a step-by-step look at the whole process of enabling the API and setting up authorization for an application.

Granting third-party applications access to your script projects

The Apps Script API can allow applications to create and modify your scripts and their deployments. This can lead to a bad situation if you authorize a malicious third-party application which then proceeds to create more malicious scripts or modify the behavior of scripts you already have.

To help reduce this risk, the Apps Script API cannot access your script projects by default. You must explicitly grant the API access before you can use any application that creates or modifies scripts or deployments. Once you've granted the API access to your scripts, applications you authorize can use the API to manage your script projects.

An error results if you attempt to run an affected application without first granting the API access. This error occurs after you authorize the application.

You can grant the Apps Script API access to your script projects using the Apps Script dashboard. You can also use the dashboard to revoke this access at any time. When you grant the API access, you are doing so for all applications. Individual applications still need to be authorized, however.

Before you grant access, be sure you understand that there is a risk involved in allowing applications to modify your scripts. Never authorize any application that you suspect is malicious.