OAuth 2.0 is used to access Google APIs. It supports server-to-server interactions such as those between a web or native application and a Google service. For this scenario, you need a service account, which is an account that belongs to your application instead of to an individual end user. Your application calls Google APIs on behalf of the service account, so users aren't directly involved.
To begin, you must obtain OAuth 2.0 client credentials from the Google API Console. Your application requests an access token from the Google Authorization Server, extracts a token from the response, and sends the token to the Google API that you want to access.
Then, your application prepares to make authorized API calls by using the service account's credentials to request an access token from the OAuth 2.0 server. Finally, your application can use the access token to call Google APIs.
For more information on OAuth 2.0, see Using OAuth2.0 for server-to-server applications.
Required authorization scope
To access the Communications API, your app must use the following authorization
Access to the API returned in the response depends on the scope you have requested.
Create service account
- Go to API console.
- Sign in using your Gmail account.
- Create a project.
- Create a Service Account, and download a cryptographically signed JSON web token (JWT).
The following image and steps outline interaction between Google's servers and yours:
- The merchant server creates a JSON web token (JWT).
- Using the JWT app server requests the authorization server (Google server) for a response token.
- The Google server responds to the request raised by the app server.
- The app server uses the token to call Google API.
You must send an authorization token with every request that requires an OAuth scope. Oauth 2.0 is the supported authorization protocol.