# Creating an OAuth App for Google Contacts

Follow the steps below to create an OAuth 2.0 Client ID for your application to access Google Contacts.

_Our sandbox application didn't go through the full Google security audit. If the app or site doesn't meet Google's security standards, Google might block you from signing into your account via it by default. This can be turned off if you understand the risk: https://myaccount.google.com/lesssecureapps. This guide describes how to create your own sandbox application._

## Step 1: Prerequisites

Before you begin, make sure you have the following:

1. A Google account
2. An Apideck account

## Step 2: Go to Google Cloud Console

Go to [Google Cloud Console](https://console.cloud.google.com/).

## Step 3: Create a New Project

- Click on the project drop-down and select `New Project`.
- Give your project a name and click `Create`.

## Step 4: Enable the Google People API

- In the sidebar, click on `Library`.
- Search for "Google People API" and click on it.
- Click the "Enable" button to enable the Google People API for your project.

## Step 5: Create Credentials

- Click on `Credentials` in the sidebar.
- Click `Create Credentials` and select `OAuth client ID`.

## Step 6: Configure the OAuth Consent Screen

- You'll be prompted to configure the `OAuth Consent Screen` before creating the credentials.
- Select `External` so the app is available to any user with a Google account.
- Fill in the required details like `App name`, `User support email`, etc.
- In the `Scopes` section, add the scopes that your application needs:
  - https://www.googleapis.com/auth/contacts (See, edit, download, and permanently delete your contacts)
  - https://www.googleapis.com/auth/contacts.other.readonly (See and download contact info automatically saved in your "Other contacts")
  - https://www.googleapis.com/auth/contacts.readonly (See and download your contacts)
  - https://www.googleapis.com/auth/directory.readonly (See and download your organization's GSuite directory)
  - https://www.googleapis.com/auth/user.addresses.read (View your street addresses)
  - https://www.googleapis.com/auth/user.birthday.read (See and download your exact date of birth)
  - https://www.googleapis.com/auth/user.emails.read (See and download all of your Google Account email addresses)
  - https://www.googleapis.com/auth/user.gender.read (See your gender)
  - https://www.googleapis.com/auth/user.organization.read (See your education, work history and org info)
  - https://www.googleapis.com/auth/user.phonenumbers.read (See and download your personal phone numbers)
  - https://www.googleapis.com/auth/userinfo.email (See your primary Google Account email address)
  - https://www.googleapis.com/auth/userinfo.profile (See your personal info, including any personal info you've made publicly available)
- Choose the appropriate scopes based on your application's requirements. For read-only access, you might only need the readonly scopes.
- Click `Save and Continue`.

### Google App Verification Process Details

If your app will be used by more than 100 users or requests sensitive scopes (which Google Contacts access is considered), you need to complete Google's verification process:

1. **Complete your OAuth consent screen**: Ensure all required fields are filled in (app name, support email, developer contact information, privacy policy URL, etc.)

2. **Add appropriate scopes**: For Google Contacts, add the necessary scopes mentioned above based on your needs

3. **Submit for verification**: Click "Submit for verification" button on the OAuth consent screen page

4. **Verification requirements**:
   - Valid privacy policy URL that properly describes data collection and usage
   - A homepage or landing page for your application
   - Demonstration of legitimate use case for requested scopes
   - Screenshots or video of your application's OAuth implementation flow
5. **Verification timeline**:
   - Basic verification typically takes 3-5 business days
   - Apps requesting sensitive scopes may require 4-6 weeks for review
6. **During review period**:
   - You can test with up to 100 users (Developer Identity) even without verification
   - For internal company use, consider using "Internal" user type which doesn't require verification

> **Important**: While waiting for verification, you can still use your application in development/testing mode with up to 100 users, or by having users click "Advanced" and then "Continue to [your app]" when they see the unverified app warning.

## Step 7: Create OAuth Client ID

- Choose the application type. If you're creating a Web application, select `Web application`.
- Name your OAuth 2.0 client.
- Add your `Authorized JavaScript origins` and `Authorized redirect URIs`.
- For Apideck, use `https://unify.apideck.com/vault/callback` as the redirect URI.
- Click `Create`.

## Step 8: Configure a Custom redirect URI

To enable the connection to your Google Contacts instance and be compliant with the Google certification, it is required to use your own white label auth URIs.

**💡 IMPORTANT**: Once you have applied one of the options, don't forget to update the "Redirect URI" in your Google Contacts configuration as described in step 7.

### Setup a custom subdomain for Apideck Vault

Add a custom domain name for Apideck Vault. This will allow you to white label the reference to Apideck's Vault.

1. Create a CNAME record

Sign in to your DNS name server host and navigate to your DNS settings.
Add a CNAME record with the value `cname.vercel-dns.com`.

```
[REPLACE_WITH_DESIRED_SUBDOMAIN] CNAME cname.vercel-dns.com.
```

2. Contact Apideck

Get in touch with your Apideck contact or support@apideck.com to let us know about the custom domain you want to use, so we can configure & enable it for Apideck Vault.

3. Wait for the changes to propagate

Congratulations! You have now pointed your custom domain to Apideck Vault!
When DNS changes are made, you can expect a propagation time up to 24 hours (but mostly much less than that).
This is because it takes time for the DNS to take effect across the internet. The actual time of propagation may vary in some locations based on your network setup.

4. Update the "Redirect URI"

Update the "Redirect URI" in your Google Contacts configuration as described in step 7.

5. Save your changes and submit your consent screen for verification.

## Step 9: Configure your Client ID and Secret in Apideck

Now that you've set up your OAuth app, you can configure the Google Contacts connector in Apideck using the client ID and secret generated earlier.

## Do your first API call to the Google Contacts API via our [CRM API](https://developers.apideck.com/apis/crm/reference)

- Connect your Google Contacts account through [Vault](https://platform.apideck.com/vault) with a test session.

- To test the access token, make a query to get your [`Contacts`](https://developers.apideck.com/apis/crm/reference#operation/contactsAll).

```
curl --location --request GET 'https://unify.apideck.com/crm/contacts' \
--header 'x-apideck-consumer-id: test-consumer' \
--header 'x-apideck-app-id: {APIDECK_APP_ID}' \
--header 'x-apideck-service-id: google-contacts' \
--header 'Authorization: Bearer {APIDECK_API_KEY}'
--header 'Content-Type: application/json' \
```

## Do your first API call to the Google Contacts API via our [Proxy API](https://developers.apideck.com/apis/proxy/reference)

- Connect your Google Contacts account through [Vault](https://platform.apideck.com/vault) with a test session.

- To test the access token, make a call to the [List connections](https://people.googleapis.com/v1/people/me/connections) endpoint using the [Proxy API](https://developers.apideck.com/apis/proxy/reference).

```
curl --location --request GET 'https://unify.apideck.com/proxy' \
--header 'x-apideck-consumer-id: test-consumer' \
--header 'x-apideck-app-id: {APIDECK_APP_ID}' \
--header 'x-apideck-service-id: google-contacts' \
--header 'x-apideck-downstream-url: https://people.googleapis.com/v1/people/me/connections?personFields=names,emailAddresses,phoneNumbers' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {APIDECK_API_KEY}'
```

## Start building with the Google Contacts API

Learn what else you can [build with the Google People API](https://developers.google.com/people/api/rest).

Interested in a personalized demo? [Let us know](https://www.apideck.com/demo-request?from=guide).