This page answers some common questions about publishing G Suite add-ons. Click a question to see the answer.
Why are there two separate review processes?
Add-on review for G Suite Marketplace publication is a process that provides a qualitative assessment of third-party applications and integrations. This review ensures that the add-on meets the standards and guidelines set by Google for G Suite Marketplace applications.
OAuth verification ensures that an add-on or other application accurately represents its identity and intent per the Google API Services User Data Policy. OAuth verification also ensures that app’s usage of scopes is not deceptive and an app does not misuse user data obtained using restricted scopes. These two verification processes are separate and operated by different Google teams.
How long does the review process take?
The add-on review and OAuth verification processes take different lengths of time.
The add-on review team approves add-ons that respect all publishing requirements within 1-2 weeks. On average, the team makes a review decision 30 days after submission.
Most verification requests receive a response within 24 to 72 hours. However, more time is needed if your add-on uses sensitive or restricted scopes, as these require greater scrutiny. You can minimize the OAuth verification time by avoiding the use of these scopes.
If your add-on uses any sensitive scopes, OAuth verification is expected to take 3 to 5 days to account for clarification questions and re-submissions during the verification process. If your add-on uses any restricted scopes, OAuth verification is expected to take several weeks.
If your add-on already has approved scopes, any users with access to it can continue to use the add-on while verification is underway. You can check the current status of the verification process at the top of the OAuth consent screen configuration screen for your add-on's Cloud platform project.
When should I request the OAuth verification?
To avoid delays in the publishing process you should request the OAuth verification as soon as the add-on is ready for review. Only start the verification process once your add-on is stable and its scope list is fixed.
How do I add new scopes to an approved OAuth request?
If you adjust your add-on code such that it requires new scopes, you must OAuth verification again. The verification process does not affect existing users of your add-on while it is underway, but you can't publish the add-on changes until the add-on is reverified.
When do I need to create a new Cloud project? How does this impact my G Suite Marketplace listing?
Published add-ons must use a standard Cloud Platform project. If you started building your add-on using a default Cloud Platform project, you must switch to a standard project before starting the publishing process.
You can also bundle add-ons with other add-ons or G Suite Marketplace applications. Bundling applications together allows you to combine user ratings and installation count of your apps within one listing. Bundling requires that all the bundled applications share a single standard Cloud Platform project. Please note all add-ons can be bundled.
What is the difference between version and head deployment?
The head deployment represents the current saved version of the Apps Script project. When any change is made to the Apps Script code and saved, the head deployment starts the code with that change included. Because it is easy to make breaking changes to the head version, G Suite Marketplace listings must use a versioned deployment. The versioned deployment can be updated to a new version through the Apps Script editor—no change to the G Suite Marketplace listing is necessary.
How can I make updates to my add-on once it was approved and published?
You can freely update published add-on code. Most changes just require updating the add-on script project, creating a new script project version, and then updating the versioned deployment to use the new project version. Additional add-on review isn't required.
However, if your changes add new scopes to your add-on project, you must also update the G Suite Marketplace configuration, and then submit a new request for OAuth verification. Your add-on continues to function normally for existing users while being reverified. Add-on review may be required again for add-on updates if the update adds sensitive or restricted scopes.
Can I change the visibility settings after submitting my add-on?
No. Once you choose a visibility option and save the publishing configuration, you can't change your selection later. Make sure to you know what visibility your add-on needs prior to starting the publication process.
Why must I configure the scopes used in different places?
The scopes specified in the add-on manifest are specific to the add-on; the scopes specified in the Cloud Platform OAuth configuration apply to the entire Google Cloud project and any apps connected to it.
Can I publish an add-on for testing, QA, or staging?
You should publish test versions of add-ons as domain-private, or else just test your add-on without publishing. Domain-only publication doesn't require add-on review. When add-ons are published to a domain they only appear in the G Suite Marketplace for users in that domain.
How do add-ons get added to the “Works with..” list in the G Suite Marketplace?
For G Suite add-ons, this is determined by the host apps the add-on extends, as specified in the add-on's manifest. For example, if an add-on extends Gmail, the add-on listing appears in the G Suite Marketplace under "Works with Gmail" after publication.