Build Your App

Once you have set up your project, you can get your web app built and working. Regardless of your architectural choices, you will need to:

  1. Save the IDs, client secret, and private key created when you set up the project
  2. Implement the authorization flows for your app, using these saved data
  3. Verify that the application meets our standards for publishing in G Suite Marketplace

The following sections summarize how to do these steps for each architectural style.

Save the API access information

Make sure that you have the following information for your app:

  • web server app: client ID and client secret
  • client-side app: client ID and client secret
  • service account: service account client ID and downloaded private key

If any of these items are missing, go back to the Google API Console and get them. You may refer to instructions on the Set Up Your Project section for more information.

Implement authorization

Depending on how you wish to build your application, you can use on of the following methods to implement authorization.

Use Google services from a JavaScript client

For a client-side app, access Google services as follows:

Use Google services from a simple web server app

For a server-side app that only needs online access (does not do any background or scheduled processing with the user absent), access Google services as follows:

  • Instantiate service client objects using the appropriate Google API client library, with the client ID and client secret.
  • Use these objects to implement the web server authorization flow.
  • Access Google services using the appropriate Google API.

Using Google services from a web server app with offline access

Most applications can obtain offline access using the standard OAuth 2 web server authorizaton flow. Users will see a simplified consent screen when authorizing applications approved by their domain administrator. These applications can access Google services as follows:

  • Instantiate a client object using the appropriate Google API client library, with the client ID and client secret.
  • Use this object to implement the web server authorization flow and obtain the user ID from an access token.
  • Access Google services using the appropriate Google API.

Applications that require access to user data without interaction and only the domain administrator's consent should use service accounts to obtain access. Access Google services as follows:

  • Instantiate new client objects, with the service account client ID and private key, to implement the service account authorization flow.
  • Access Google services using the appropriate Google API.

Verify that Your Application Meets the G Suite Marketplace Standards

The end goal of our OAuth requirements is to ensure that users and domain administrators have a seamless integration experience between their Google account and your application. The G Suite Marketplace review team will carefully review all applications to ensure they meet the standards. When you have completed your application, it should fulfill the following requirements:

  • Use OAuth 2.0
  • The user must see the OAuth Consent screen only once; if you’re using a service account to allow a domain admin accept terms on behalf of the domain users, then the end users must never see the OAuth Consent screen
  • Use SSO to to have existing users of your application log into their account with you
    • New users of your application should be able to use their Google credentials to create a new account; it’s acceptable to direct them to trial or freemium version of an account if they cannot have a full version

Additional Resources

Additional resources that may help with OAuth2 implementation are:

If you still have technical questions after reviewing the above documentation, visit our StackOverflow page, which is monitored by the Developer Relations team.

Send feedback about...

G Suite Marketplace
G Suite Marketplace
Need help? Visit our support page.