Private message regarding: [Action Needed] OAuth Verification Request Acknowledgement

[API OAuth Dev Verification]

Hello Google Developer,

As per our review, we have also observed that you are requesting the following sensitive scope. Based on the information you provided, we believe the drive.file scope may be a better fit. 

• https://www.googleapis.com/auth/spreadsheets

Please review the following information to understand if the drive.file scope is suitable for your application. If your request does not meet the eligibility requirements outlined below, we won't be able to grant it.

Why should I use the drive.file scope?

Eligibility

We won’t be able to approve sensitive scope API  for your application if your request does not meet the minimum scope requirement under the Workspace API user data and developer policy , which requires that permission requests be limited to the critical information necessary to implement your application’s services. Please note that UI preferences or client library limitations alone are not valid policy exceptions from these requirements.

User Experience

The drive.file scope allows the user to create Drive files , and select and modify any file from their Drive that they want to share with your application, including files not created with the application. This gives users more control and confidence that your application's access to their files is limited and secure.

On January 20, 2025 the Google Picker API will introduce a new method to the Class view called setFileIds(fileIds,) which will allow you to present users with a picker that is pre-navigated to the specified file IDs the application is seeking access to, allowing efficient file access directly from Google Drive file links and faster consent for your users. Read this update for more information.

No Verification Required

Since the drive.file scope is non-sensitive, approval is not required to use this scope. Additionally, note that all apps requesting access to restricted APIs must complete a third-party CASA security assessment before the restricted APIs can be approved; this assessment must also be recertified annually in order for the app to maintain access to restricted APIs. Since drive.file is not a restricted scope , this security assessment and annual recertification won’t be required.

What do I need to do next?

Please follow the instructions provided here to create another project for testing and use the recommended drive.file scope.

• You can use the Google Picker API to display a file picker. Applications can narrow to certain Drive file types (e.g. docs , sheets , photos etc) , via a filter on the Google Picker files.
• If your application is a Google Workspace add-on , you should use Advanced Drive Service in order to use the drive.file scope.
• To allow users to select multiple files at once, use the PickerBuilder and enable the multiselect option.
• The Google Picker API also supports selecting items in Shared Drives. For details around enabling shared drives support and adding shared drives view in the file picker, refer to Google Picker API.
• If your app is a Workspace Add-on, you should use context-specific Drive or Editor Add-on Scopes, which ensure your app only requests access to the necessary resources within the user's active context.

Please note that the verification channel is not equipped to support you with any technical questions. If you have any questions in regards to your implementation, you can use the following resources to find community support:

• Stack Overflow google-drive-api tag
• Stack Overflow google-picker tag
• Stack Overflow google-api tag

Documentation:

• Drive API Scopes
• Google Picker API
• Google Drive API

Please take the following action(s) to continue with your request

IMPORTANT!

• DO NOT remove any previously approved scopes from your project at this time

⤷ Reply to this email with the following information:

Option 1: If your app will work with the recommended scope(s) , do the following:

1. Add the recommended scope(s) only to your Cloud Console project.
2. If the scopes your application does not need were not previously approved , remove these scope(s) from your application codebase and Cloud Console project now.
3. Reply to this email with "Confirming narrower scopes"

Option 2: If the recommended scope(s) will not work for your app , reply to this email with "Unable to use narrower scopes" and additional justification explaining why. (Learn more).

Important! Once you have addressed the issues above, reply directly to this email to confirm. You must reply to this email after fixing the highlighted issues to continue with the app verification process.

 

Need to make changes to your verification request?

Please make direct changes on the Cloud Console. Save and submit the changes when finished.

No longer need access to these scopes?

Please reply to this email to cancel the verification request.

Need other help?

For more information on OAuth Verification, you can read the terms or policies for the APIs or products your app uses, as well as the following resources:

Link to OAuth Verification FAQ

 

Thank you,

The Third Party Data Safety Team