The
YouTube Reporting API
and
YouTube Analytics API
support the
OAuth 2.0
protocol
for authorizing access to private user data.
The list below explains some core
OAuth 2.0
concepts:
-
When a user first attempts to use functionality in your application that requires the user to be logged in to a
Google Account or YouTube account
, your application initiates the
OAuth 2.0
authorization process.
-
Your application directs the user to Google's authorization server. The link to that page specifies the
scope
of access that your application is requesting for the user's account. The
scope
specifies the resources that your application can retrieve, insert, update, or delete when acting as the authenticated user.
-
If the user consents to authorize your application to access those resources, Google returns a token to your application. Depending on your application's type, it either validates the token or exchanges it for a different type of token.
For example, a server-side web application exchanges the returned token for an access token and a refresh token. The access token lets the application authorize requests on the user's behalf, and the refresh token lets the application retrieve a new access token when the original access token expires.
Important:
You need to
obtain authorization credentials in the Google API Console
to be able to use OAuth 2.0 authorization.
OAuth 2.0 flows
Google APIs support several OAuth 2.0 use cases:
- The
server-side web apps
flow supports web applications that can securely store persistent information.
- The
JavaScript web apps
flow supports JavaScript applications running in a browser.
- The
mobile and desktop apps
flow supports applications installed on a device, such as a phone or computer.
- The OAuth 2.0 flow for TVs and limited-input devices supports devices with limited input capabilities, such as game consoles and video cameras.
The YouTube Reporting and YouTube Analytics APIs do not currently support the OAuth 2.0 flow for devices.
- The OAuth 2.0 flow for service account flow supports server-to-server interactions that do not access user information.
However, the
YouTube Reporting API
and
YouTube Analytics API
do not support this flow.
Since there is no way to link a Service Account to a YouTube account, attempts to authorize requests with this flow will generate an error.
Identify access scopes
Scopes enable your application to only request access to the resources that it needs while also
enabling users to control the amount of access that they grant to your application. Thus, there
may be an inverse relationship between the number of scopes requested and the likelihood of
obtaining user consent.
Before you start implementing OAuth 2.0 authorization, we recommend that you identify the scopes
that your app will need permission to access.
The YouTube Analytics API uses the following scopes:
Scopes
|
https://www.googleapis.com/auth/youtube
| Manage your YouTube account
|
https://www.googleapis.com/auth/youtube.readonly
| View your YouTube account
|
https://www.googleapis.com/auth/youtubepartner
| View and manage your assets and associated content on YouTube
|
https://www.googleapis.com/auth/yt-analytics-monetary.readonly
| View monetary and non-monetary YouTube Analytics reports for your YouTube content
|
https://www.googleapis.com/auth/yt-analytics.readonly
| View YouTube Analytics reports for your YouTube content
|
The YouTube Reporting API uses the following scopes:
Scopes
|
https://www.googleapis.com/auth/yt-analytics-monetary.readonly
| View monetary and non-monetary YouTube Analytics reports for your YouTube content
|
https://www.googleapis.com/auth/yt-analytics.readonly
| View YouTube Analytics reports for your YouTube content
|
The
OAuth 2.0 API Scopes
document contains a full
list of scopes that you might use to access Google APIs.