When is the security assessment not required?
50 views
Skip to first unread message
Christos Angelopoulos
Mar 10, 2022, 7:31:50 AM3/10/22
to Google App Engine
I would like to create a app that can upload video to youtube, let's say automatized youtube channel, where everything is done by API. So i can run a script and upload everything i want from a folder on my desktop.
My question is about the O'Auth 2.0 from google. In my use case, is there any requirement of "security assessment ?" I'm the only one user of it and the only data that matters to my is the data from my youtube channel.
Can i use the API safely without paying the "security assessment" of 75 000$ in the worst case ?
In the case i got blocked by the "security assessement" do i have to pay it 100% whatever i do ?
Thanks in advance, Christos
George (Cloud Platform Support)
Mar 10, 2022, 12:40:27 PM3/10/22
to Google App Engine
Hello,
Replies to most of your questions are to be found on the "OAuth API verification FAQs" page, in particular under the "How do I determine if I need to submit my app for restricted scope verification?" question. One exemption is described, for instance, as "only owners use the project", which appears to be the case. The FAQs cover the App Engine part of your question. You may have to ascertain that YouTube is OK with your use-case.
NoCommandLine
Mar 11, 2022, 10:36:16 AM3/11/22
to Google App Engine
1. If you set the publishing status of your App to 'Testing', you don't have to submit it for Security Assessment (you only have to submit for security assessment when you want to go to Production). The downside is that your tokens expire every 7 days which means you have to re-authorize every 7 days
2. If you have a Google Workspace account, you can remove the 7 day token expiration by using any of the options below (this is the documentation)
2. If you have a Google Workspace account, you can remove the 7 day token expiration by using any of the options below (this is the documentation)
....
- Internal Use: The app is used only by people in your Google Workspace or Cloud Identity organization. Note that your app will not be subject to the unverified app screen or the 100-user cap if it's marked as Internal.
- Learn more about public and internal applications.
- Learn how to mark your app as internal in the FAQ How can I mark my app as internal-only?
- Domain-wide Installation: The app is used only by Google Workspace enterprise users. Access will depend on permission being granted by the domain administrator. Google Workspace domain administrators are the only ones that can add the app to an allowlist for use within their domains.
- To learn how to make your app a Domain-Wide Install, see My application has users with enterprise accounts from another Google Workspace Domain.
......
NoCommandLine
Mar 13, 2022, 12:39:20 AM3/13/22
to Google App Engine
Someone asked a related question about GMAIL on Reddit and a Googler responded. You might find the answer useful for your situation.
Reply all
Reply to author
Forward
0 new messages