Lets Tutorial

Increased Security for Google Apps APIs with New OAuth Scopes

Google Apps APIs are not only designed to use open web standards, but also to be very secure and reliable. In our efforts to improve security, we launched OAuth support for many of the administrative APIs last September.

Among the many benefits of OAuth is the ability to provide access to Administrative APIs without exposing admin usernames or passwords. While the Provisioning API has featured OAuth support for some time, were excited to announce that developers now have even more control over access to the API. The Provisioning API now has four separate OAuth scopes - one each for the users, alias, organization units, and groups methods. For example, this means that developers can enable an application to have access scoped to only groups and not user data. For more information about the new scopes, please see the authorization section of the Provisioning API Developers Guide.


The previous Provisioning API scope is now deprecated, and new applications should reference these new, more granular and secure scopes. While the previous scope will still work for your existing scripts during the deprecation period, it will eventually not produce valid request tokens. We strongly encourage Google Apps developers to update your applications to take advantage of this security improvement.

Provisioning isnt the only Google Apps API with recent security improvements. Were also happy to announce that developers can now authorize use of the Reporting API via OAuth! Now Google Apps developers can start building secure automated reporting and dashboard applications without worrying about managing ClientLogin tokens.

Check out this article for more information about using OAuth with the Provisioning and Reporting APIs.

Posted by Michael Manoochehri, Google Apps APIs Team

Want to weigh in on this topic? Discuss on Buzz