Create credentials

Credentials are used to obtain an access token from a Google authorization server. This token is used to call Google Workspace APIs. The type of credentials you use depends on the type of data your app accesses. All Google Workspace APIs access data owned by an end-user. The credential to access this data is an OAuth client ID.

When you use OAuth 2.0 for authorization, your app requests authorizations for one or more scopes of access from a Google Account. Google displays a consent screen to the user including a summary of your project and its policies and the requested scopes of access. You must configure the consent screen for all apps. However, you need only list scopes used by your app for external apps.

To configure the OAuth consent screen:

  1. Open the Google Cloud Console.
  2. Next to "Google Cloud Platform," click the Down arrow and select a project.
  3. At the top-left corner, click Menu .
  4. Click APIs & Services > Credentials. The credential page for your project appears.
  5. Click Configure Consent Screen. The "OAuth consent screen" screen appears.
  6. Click the user type for your app. If you're running a Quickstart, select Internal.

  7. Click Create. A second "OAuth consent screen" screen appears.

  8. Fill out the form:

    • If you're running a quickstart, enter "Quickstart" in the App name field.
    • If you're running a quickstart, enter your personal email address in the User support email field.
    • If you're running a quickstart, enter your personal email address in the Developer contact information field.
  9. Click Save and Continue. The "Scopes" page appears.

  10. (optional). If you are creating an external app, click Add or Remove Scopes. The "Update selected scopes" page appears.

  11. (optional). For each API you intend to use in your app, check the scopes to use in your app.

  12. (optional) Click Update. A list of scopes for your app appears. If any scopes appear under the heading "Your sensitive scopes" or "Your restricted scopes," refer to Identify scopes.

  13. Click Save and Continue. The "Edit app registration" page appears.

  14. Click Save and Continue. The "OAuth consent screen" appears.

  15. Click Back to Dashboard.

Create a credential

  1. In the left-hand navigation, click Credentials. The "Credentials" page appears.
  2. Click Create Credentials and select OAuth client ID. The "Create OAuth client ID" page appears.
  3. Click the Application type drop-down list and select the type of application you're creating. For a full explanation of application types, refer to Setting up OAuth 2.0.

  4. In the name field, type a name for the credential. This name is only shown in the Cloud Console.

  5. In this document, continue with the documentation that corresponds to your app type:

Create Web application credentials (client-side JavaScript)

If you're creating Web application credentials for a client-side JavaScript app, follow these steps :

  1. Specify authorized JavaScript origins. Under Authorized JavaScript origins, click Add URI and type a URI in the URIs field for use with requests from a browser. The origins identify the domains from which your application can send API requests to the OAuth 2.0 server.
  2. Click Create. The OAuth client created screen appears. This screen shows the Client ID and Client secret.
  3. Note the Client ID. Client secrets aren't used for Web applications.
  4. Click OK. The newly created credential appears under "OAuth 2.0 Client IDs."
  5. (Optional). If you're creating credentials as a prerequisite for a JavaScript quickstart, you must also generate an API key. To generate an API key:
    1. Click the Create Credentials drop-down list and select API Key. The "API Key created" page appears.
    2. Note the API key.
    3. Click Close. The newly created credential appears under "API Keys."

Create Web application credentials (web server app)

If you're creating Web application credentials for a web server app, follow these steps :

  1. For web server applications using languages and frameworks like PHP, Java, Python, Ruby, and .NET, specify authorized redirect URIs:
    1. Under Authorized redirect URIs, click Add URI.
    2. Type a URI in the URIs field. The redirect URIs are the endpoints to which the OAuth 2.0 server can send responses.
  2. Click Create. The OAuth client created screen appears. This screen shows the Client ID and Client secret.
  3. Click the download button to the right of the newly-created OAuth 2.0 Client ID. This copies a client secret JSON file to your desktop. Note the location of this file.

Create Desktop application credentials

If you're creating Desktop application credentials:

  1. Click Create. The OAuth client created screen appears. This screen shows the Client ID and Client secret.
  2. Click OK. The newly created credential appears under "OAuth 2.0 Client IDs."
  3. Click the download button to the right of the newly-created OAuth 2.0 Client ID. This copies a client secret JSON file to your desktop. Note the location of this file.
  4. (Optional) If you are creating credentials for a quickstart, rename the client secret JSON file to "credentials.json".

Create Chrome application credentials

If you're creating Chrome application credentials:

  1. In the Application ID field, enter the last part of your app's Chrome Web Store URL.
  2. Click Create. The OAuth client created screen appears. This screen shows the Client ID and client secret.
  3. Click OK. The newly created credential appears under "OAuth 2.0 Client IDs."

Create Android application credentials

If you're creating Android application credentials:

  1. In the package name field, enter the package name from your AndroidManifest.xml file.
  2. In the SHA-1 certificate fingerprint field, enter the SHA-1 certificate fingerprint.
  3. Click Create. The OAuth client created screen appears. This screen shows the Client ID.
  4. Click OK. The newly created credential appears under "OAuth 2.0 Client IDs."

Create iOS application credentials

If you're creating iOS application credentials:

  1. In the Bundle ID field, enter the bundle identifier as listed in the app's Info.plist file.
  2. If your app appears in the Apple app store, enter the App Store ID.
  3. In the Team ID field, enter your Team ID.
  4. Click Create. The OAuth client created screen appears. This screen shows the Client ID.
  5. Click OK. The newly created credential appears under "OAuth 2.0 Client IDs."

Create TVs and limited input device credentials

If you're creating Chrome application credentials:

  1. Click Create. The OAuth client created screen appears. This screen shows the Client ID and client secret.
  2. Click OK. The newly created credential appears under "OAuth 2.0 Client IDs."

Create Universal Windows Platform (UWP) credentials

If you're Universal Windows Platform (UWP) creating Universal Windows Platform (UWP) credentials:

  1. In the Store ID field, enter the last part of your app's Microsoft Store URL.
  2. Click Create. The OAuth client created screen appears. This screen shows the Client ID and client secret.
  3. Click OK. The newly created credential appears under "OAuth 2.0 Client IDs."