The APIs Explorer's credentials section lets you test with different
credentials and scopes. This feature is useful in ensuring you're using the
minimal required credentials and scope to invoke an API endpoint.
Test with different credentials
By default, both the OAuth 2 and API Key credential types are checked.
If you want to test with only one credential, check on the credential type to
use (and uncheck the other credential type). Following are the general rules for
picking a credential to test with:
If you're using a method to access public data, such as Google Maps data, you
can use an API key as your credential. Check
API key
and uncheck
Google OAuth 2.0
.
If you're using a method to access private data, such as the user's Google
Drive data, you must use an OAuth 2 credential. Uncheck
API key
and check
Google OAuth 2.0
.
If you receive a result of 200, the credential is sufficient
for accessing the data. If you receive a result of 401, you need
to use OAuth 2 credential to access the data.
Test with different scopes
A scope is a string, such as
https://www.googleapis.com/auth/drive.metadata.readonly
, defining a level of
access to resources required by your app, such as the level of access to data
owned by the users. Ideally, you want your app to use scopes with
the narrowest level of access to the user's data. Different methods might
require different scopes. For example, a method in an API might require
at least a read-only scope, while other methods might require a read-write
scope.
By default, all Google OAuth 2.0 scopes for an API are enabled in the APIs
Explorer. To test with a specific scope:
- In the Credentials Google OAuth 2.0 section, click
show scopes
.
- Check the scope to use when invoking the method.
- Click
Execute
to execute the API using only the selected scope. The APIs
Explorer shows an authorization screen asking you to grant access to use the
scope.
- Click
Allow
. The results appear below the Execute button.
If the APIs Explorer shows a result of 200 under an "application/json", then the
scope is sufficient to invoke the method. If the APIs Explorer shows an
result of 403, you have chosen an insufficient scope to invoke the method. Try
a broader scope.
For additional information on scope selection, refer to the authentication and
authorization section of documentation for your specific Google API.
Revoke authorized access to test with new scopes
After you have used the Google authorization screen to approve authorization,
the APIs Explorer remains authorized to make authenticated requests as long
as the credentials aren't expired. Unchecking scopes doesn't reset the
previously approved credentials and scopes. If you want to test with a new
scope configuration, you must revoke your previously approved credentials.
To revoke the credentials used by the APIs Explorer:
- Navigate to
Apps with access to your account
.
- Under
Third-party apps with account access
, click
Google APIs Explorer
.
- Click
Remove Access
.
- (optional) Reload the documentation page to reset the APIs Explorer.