Stay organized with collections
Save and categorize content based on your preferences.
When your application makes requests that need identifying the user's Google Account. It must include an authorization token. The token also identifies your application to Google.
The following general process applies in the OAuth2 flow:
When you create your application, you register it using the Google API Console. Google then provides information you'll need later, such as a client ID and a client secret.
When your application needs access to user data, it asks Google for a particular scope of access.
Google displays an OAuth dialog to the user, asking them to authorize your application to request some of their data.
If the user approves, then Google gives your application a short-lived access token.
Your application requests user data, attaching the access token to the request.
If Google determines that your request and the token are valid, it returns the requested data.
Note that using the sensitive scopes in the production requires a formal review.
To request access using OAuth 2.0, your application needs the scope information, as well as information that Google supplies when you register your application (such as the client ID and the client secret).
OAuth Refresh Tokens
If your application needs access to Payments Reseller Subscription API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.
A refresh token typically expires in 6 months. While you can periodically refresh the tokens before they expire, there are other common scenarios where they can become invalidated. You should always take the end user to the consent flow when that happens.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-23 UTC."],[[["Applications must include an OAuth 2.0 authorization token when making requests to identify a Google account and the application itself."],["The OAuth 2.0 flow involves registering your application, requesting access scopes, obtaining user authorization, and using the access token for data requests."],["Payments Reseller Subscription API has specific OAuth 2.0 scopes for Google One, YouTube, and Google Play Pass, which require formal review for production use."],["A non-sensitive scope (`openid`) is recommended for eligibility APIs and offers a simpler user experience."],["Refresh tokens can provide extended access to the API but may introduce complexity and should be handled carefully considering their expiration and invalidation scenarios."]]],["Applications needing user data must use OAuth 2.0 authorization. Register your application with Google to obtain a client ID and secret. The application requests a specific scope of user data access from Google. If the user approves, Google issues a short-lived access token. The application then uses this token to request user data. Sensitive scopes require formal review, but non-sensitive scopes like `openid` are available. Optionally, refresh tokens can be used for extended access but must be periodically renewed.\n"]]