The Apps Script API requires different types of authorizations depending on
your goal:
- Use the Apps Script API in your app.
- Allow other applications to manage your script project data or deployments.
If you need to use the Apps Script API in your application, you must
enable
the API in the application's
Google Cloud project
.
This allows you to create OAuth credentials so that users of the application
can authorize it.
If you want to let third-party applications manage the content or deployment
of your script projects, you must
grant access
to your script projects.
Using the Apps Script API in your app
If you want to use the Apps Script API inside your app, you must enable
the Apps Script API in your application's GCP project. After
enabling the Apps Script API, you can create OAuth credentials and download
the client ID and secret to include in your application. You can also
monitor the API usage in the
Google Cloud console
.
You can use
this wizard
to create or select a Google Cloud project in the API console and automatically enable
the API. Alternatively, you can
open the console's
Manage Resources
page
,
select a project, then search for and add the Apps Script API manually using the
project's
APIs & services
dashboard. Once you've enabled the API, you can
create OAuth credentials, client IDs, and client secrets for your applications
in the
APIs & services > Credentials
panel.
The
Apps Script API quickstarts
provide a step-by-step look at the whole process of enabling the API and
setting up authorization for an application.
Granting third-party applications access to your script projects
The Apps Script API can allow applications to create and modify your scripts
and their
deployments
. This can lead to
a bad situation if you authorize a malicious third-party application which
then proceeds to create more malicious scripts or modify the behavior of
scripts you already have.
To help reduce this risk, the Apps Script API cannot access your script
projects by default. You must explicitly grant the API access before you can use
any application that creates or modifies scripts or deployments. Once you've
granted the API access to your scripts, applications you authorize can use the
API to manage your script projects.
An error results if you attempt to run an affected application without
first granting the API access. This error occurs after you authorize the
application.
You can grant the Apps Script API access to your script projects using the
Apps Script dashboard
. You can also
use the dashboard to revoke this access at any time. When you grant the
API access, you are doing so for
all
applications. Individual applications
still need to be authorized, however.
Before you grant access, be sure you understand that there is a risk involved
in allowing applications to modify your scripts. Never authorize any application
that you suspect is malicious.