Choose Auth Scopes

Auth scopes express the permissions you request users to authorize for your app.

What scope or scopes does my app need?

As a general rule, choose the most restrictive scope possible, and avoid requesting scopes that your app does not actually need. Users more readily grant access to limited, clearly described scopes.

Gmail scopes

The Gmail API supports the following scopes:

Scope CodeDescription Read all resources and their metadata—no write operations. Create, read, update, and delete drafts. Send messages and drafts. Send messages only. No read or modify privileges on mailbox. Insert and import messages only. Create, read, update, and delete labels only. All read/write operations except immediate, permanent deletion of threads and messages, bypassing Trash. Read resources metadata including labels, history records, and email message headers, but not the message body or attachments. Manage basic mail settings. Manage sensitive mail settings, including forwarding rules and aliases.

Note:Operations guarded by this scope are restricted to administrative use only. They are only available to G Suite customers using a service account with domain-wide delegation. Full access to the account, including permanent deletion of threads and messages. This scope should only be requested if your application needs to immediately and permanently delete threads and messages, bypassing Trash; all other actions can be performed with less permissive scopes.

If your app requires access to any other Google APIs, you can add those scopes as well. For more information about Google API scopes, see Using OAuth 2.0 to Access Google APIs.

OAuth verification

Using certain sensitive OAuth scopes may require that your app go through Google's OAuth verification process. Read the OAuth verification FAQ to determine when your app should go through verification and what type of verification is required. See also the Google API Services: User Data Policy.


ご不明な点がありましたら、Google のサポートページをご覧ください。