Stay organized with collections Save and categorize content based on your preferences.
This document contains Google Drive API-specific authorization and authentication information. Before reading this document, be sure to read the Google Workspace's general authentication and authorization information at Learn about authentication and authorization.
Configure OAuth 2.0 for authorizationConfigure the OAuth consent screen and choose scopes to define what information is displayed to users and app reviewers, and register your app so that you can publish it later.
Drive API scopesTo define the level of access granted to your app, you need to identify and declare authorization scopes. An authorization scope is an OAuth 2.0 URI string that contains the Google Workspace app name, what kind of data it accesses, and the level of access. Scopes are your app's requests to work with Google Workspace data, including users' Google Account data.
When your app is installed, a user is asked to validate the scopes used by the app. Generally, you should choose the most narrowly focused scope possible and avoid requesting scopes that your app doesn't require. Users more readily grant access to limited, clearly described scopes.
When possible, we recommend using non-sensitive scopes as it grants per-file access scope and narrows access to specific features needed by an app.
If your public application uses scopes that permit access to certain user data, it must complete a verification process. If you see unverified app on the screen when testing your application, you must submit a verification request to remove it. Find out more about unverified apps and get answers to frequently asked questions about app verification in the Help Center.The Drive API supports the following scopes:
Scope code Description Usagehttps://www.googleapis.com/auth/drive.appdata
https://www.googleapis.com/auth/drive.appfolder View and manage the app's own configuration data in your Google Drive. Recommended
https://www.googleapis.com/auth/drive.install Allow apps to appear as an option in the "Open with" or the "New" menu. Recommended
https://www.googleapis.com/auth/drive.file Create new Drive files, or modify existing files, that you open with an app or that the user shares with an app while using the Google Picker API or the app's file picker. Recommended
https://www.googleapis.com/auth/drive.apps.readonly View apps authorized to access your Drive. Sensitive https://www.googleapis.com/auth/drive View and manage all your Drive files. Restricted https://www.googleapis.com/auth/drive.readonly View and download all your Drive files. Restricted https://www.googleapis.com/auth/drive.activity View and add to the activity record of files in your Drive. Restricted https://www.googleapis.com/auth/drive.activity.readonly View the activity record of files in your Drive. Restricted https://www.googleapis.com/auth/drive.meet.readonly View Drive files created or edited by Google Meet. Restricted https://www.googleapis.com/auth/drive.metadata View and manage metadata of files in your Drive. Restricted https://www.googleapis.com/auth/drive.metadata.readonly View metadata for files in your Drive. Restricted https://www.googleapis.com/auth/drive.scripts Modify your Google Apps Script scripts' behavior. Restricted
The Usage column in the table above indicates the sensitivity of each scope, according to the following definitions:
Recommended / Non-sensitive: These scopes provide the smallest scope of authorization access and only requires basic app verification. For information on this requirement, see Verification requirements.
Recommended / Sensitive: These scopes provide access to specific Google User Data that's authorized by the user for your app. It requires you to go through additional app verification. For information on this requirement, see Sensitive and Restricted Scope Requirements.
Restricted: These scopes provide wide access to Google User Data and require you to go through a restricted scope verification process. For information on this requirement, see Google API Services User Data Policy and Additional Requirements for Specific API Scopes. If you store restricted scope data on servers (or transmit), then you must go through a security assessment.
If your app requires access to any other Google APIs, you can add those scopes as well. For more information about Google API scopes, see Using OAuth 2.0 to Access Google APIs.
For more information about specific OAuth 2.0 scopes, see OAuth 2.0 Scopes for Google APIs.
OAuth verificationUsing certain OAuth scopes might require that your app proceed through OAuth App Verification Help Center. Read the OAuth app FAQs to determine when your app should go through verification and what type of verification is required. See also the Google Drive Terms of Service.
When to use a restricted scopeFor Drive, only the following application types may access restricted scopes:
To continue using restricted scopes, you should prepare your app for restricted scope verification.
Migrate an existing app from restricted scopesIf you've developed a Drive app using any of the restricted scopes, we recommend migrating your app to use a non-sensitive scope as it grants per-file access scope and narrows access to specific features needed by an app. Many apps work with per-file access without any changes. If you're using your own file picker, we recommend switching to the Google Picker API which fully supports different scopes.
Benefits of thedrive.file OAuth scope
Using the drive.file OAuth scope and the Google Picker API optimizes both user experience and safety for your app.
The drive.file OAuth scope lets users choose which files they want to share with your app. This gives them more control and confidence that your app's access to their files is limited and more secure. In contrast, requiring broad access to all Drive files could discourage users from interacting with your app. The following are some reasons why you should use drive.file scope:
Usability: The drive.file scope works with all Drive API REST Resources which means you can use it the same way you use broader OAuth scopes.
Features: The Google Picker API provides a similar interface to the Drive UI. This includes several views showing previews and thumbnails of Drive files, and an inline, modal window so users never leave the main app.
Convenience: Apps can apply filters for certain Drive file types (such as Google Docs, Sheets, and photos) when using a filter on Google Picker files.
Also, since drive.file is non-sensitive, it allows for a more streamlined verification process.
Save refresh tokens in secure, long-term storage and continue to use them as long as they remain valid.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-04 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-04 UTC."],[],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4