How to Create an OAuth App for Google Workspace

Follow the steps below to create an OAuth 2.0 Client ID for your application.

Our sandbox application didn't go through the full Google security audit. If the app or site doesn’t meet Google's security standards, Google might block you from signing into your account via it by default. This can be turned off if you understand the risk: https://myaccount.google.com/lesssecureapps. This guide describes how to create your own sandbox application.

Step 1: Prerequisites

Before you begin, make sure you have the following:

1. A Google account
2. An Apideck account

Step 2: Go to Google Cloud Console

Go to Google Cloud Console.

Step 3: Create a New Project

• Click on the project drop-down and select

  New Project

  .
• Give your project a name and click

  Create

  .

Step 4: Enable the Google Workspace APIs You Need

• In the sidebar, click on

  Library

  .
• Search for and enable the APIs you need, Admin SDK.

Step 5: Create Credentials

• Click on

  Credentials

  in the sidebar.
• Click

  Create Credentials

  and select

  OAuth client ID

  .

Step 6: Configure the OAuth Consent Screen

• You'll be prompted to configure the

  OAuth Consent Screen

  before creating the credentials.
• Select

  External

  so the app is available to any user with a Google account.
• Fill in the required details like

  App name

  ,

  User support email

  , etc.
• In the

  Scopes

  section, add the scopes that your application needs.
  • https://www.googleapis.com/auth/admin.directory.group.member
  • https://www.googleapis.com/auth/admin.directory.group.member.readonly
  • https://www.googleapis.com/auth/admin.directory.group
  • https://www.googleapis.com/auth/admin.directory.group.readonly
  • https://www.googleapis.com/auth/admin.directory.orgunit
  • https://www.googleapis.com/auth/admin.directory.orgunit.readonly
  • https://www.googleapis.com/auth/admin.directory.user
  • https://www.googleapis.com/auth/admin.directory.user.readonly
  • https://www.googleapis.com/auth/admin.directory.user.alias.readonly
• Click

  Save and Continue

  .

Step 7: Create OAuth Client ID

• Choose the application type. If you're creating a Web application, select

  Web application

  .
• Name your OAuth 2.0 client.
• Add your

  Authorized JavaScript origins

  and

  Authorized redirect URIs

  .
• Click

  Create

  .

Step 8: Configure a Custom redirect URI

To enable the connection to your Google Workspace instance and be compliant with the Google certification, it is required use your own whitelabel auth URIs.

💡 IMPORTANT: Once you have applied one of the options, don't forget to update the "Redirect URI" in your Google Workspace configuration as described in step 5.

Setup a custom subdomain for Apideck Vault

Add a custom domain name for Apideck Vault. This will allow you to whitelabel the reference to Apideck's Vault.

1. Create a CNAME record

Sign in to your DNS name server host and navigate to your DNS settings. Add a CNAME record with the value

cname.vercel-dns.com

[REPLACE_WITH_DESIRED_SUBDOMAIN] CNAME cname.vercel-dns.com.

2. Contact Apideck

Get in touch with your Apideck contact or support@apideck.com to let us know about the custom domain you want to use, so we can configure & enable it for Apideck Vault.

3. Wait for the changes to propagate

Congratulations! You have now pointed your custom domain to Apideck Vault! When DNS changes are made, you can expect a propagation time up to 24 hours (but mostly much less than that). This is because it takes time for the DNS to take effect across the internet. The actual time of propagation may vary in some locations based on your network setup.

4. Update the "Redirect URI"

Update the "Redirect URI" in your Google Workspace configuration as described in step 5.

5. Save your changes and submit your consent screen for verification.

Step 9: Configure your Client ID and Secret in Apideck

Now that you've set up your OAuth app, you can configure the Google Workspace connector in Apideck using the client ID and secret generated earlier.

Do your first API call to the Google Workspace API via our HRIS API

• Connect your Google Workspace account through Vault with a test session.

• To test the access token, make a query to get

  Employees

  .

curl --location --request GET 'https://unify.apideck.com/hris/employees' \
--header 'x-apideck-consumer-id: test-consumer' \
--header 'x-apideck-app-id: {APIDECK_APP_ID}' \
--header 'x-apideck-service-id: google-workspace' \
--header 'Authorization: Bearer {APIDECK_API_KEY}'
--header 'Content-Type: application/json' \

Do your first API call to the Google Workspace API via our Proxy API

• Connect your Google Workspace account through Vault with a test session.

• To test the access token, make a call to the

  List users

  endpoint using the Proxy API.

curl --location --request GET 'https://unify.apideck.com/proxy' \
--header 'x-apideck-consumer-id: test-consumer' \
--header 'x-apideck-app-id: {APIDECK_APP_ID}' \
--header 'x-apideck-service-id: google-workspace' \
--header 'x-apideck-downstream-url: https://admin.googleapis.com/admin/directory/v1/users' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {APIDECK_API_KEY}'

Start building with the Google Workspace API

Learn what else you can build with the Google Workspace API.

Interested in a personalized demo? Let us know.