An Apps Script project manifest is a special JSON file that specifies a basic project information that Apps Script needs to run the script successfully.
Apps Script automatically creates and updates the project manifest as you create your script project and make changes in the Apps Script editor. In most cases you never need to view or edit the manifest directly; however, in certain situations it may be beneficial or required.
Editing a manifest
The Apps Script editor hides manifest files by default in order to protect your Apps Script project settings. Follow these steps to make a hidden project manifest visible in the Apps Script editor:
- Open the script project in the Apps Script editor.
- Select View > Show project manifest.
The manifest file appears as a project file named appsscript.json
.
To hide the manifest file after you are finished, select
View > Show project manifest again.
Manifest structure
The following describes the manifest JSON file structure:
{ "timeZone": string, "oauthScopes": [ string ], "dependencies": { "enabledAdvancedServices": [ { "userSymbol": string, "serviceId": string, "version": string, } ], "libraries": [ { "userSymbol": string, "libraryId": string, "version": string, "developmentMode": boolean, } ] }, "exceptionLogging": string, "webapp": { "access": string, "executeAs": string, }, "executionApi": { "access": string, }, "urlFetchWhitelist": [ string ], "gmail": gmail Resource, "sheets": sheets Resource }
Property name | Value | Description |
---|---|---|
timeZone |
string |
The script time zone in one of the available ZoneId values such as "America/Denver". |
oauthScopes[] |
string |
The definition of authorization scopes used by the script project. |
dependencies.enabledAdvancedServices[] |
list |
The list of advanced services enabled for use by the script project. |
dependencies.enabledAdvancedServices[].userSymbol |
string |
The identifier used to refer to this service in the code of the Apps Script project. |
dependencies.enabledAdvancedServices[].serviceId |
string |
The identifier of the service that is shown in the API discovery document (e.g., drive). |
dependencies.enabledAdvancedServices[].version |
string |
The enabled version of the service (e.g., "v1"). |
dependencies.libraries[] |
list |
The list of libraries used by the script project. |
dependencies.libraries[].userSymbol |
string |
The label that is used in the script project code to refer to this library. |
dependencies.libraries[].libraryId |
string |
The script ID of the library's script project. You can find a script ID in the library script's URL or in the script editor by selecting File > Project properties. |
dependencies.libraries[].version |
string |
The version of the library that is used by the script. This is either
a version number or stable , meaning the last version created.
|
dependencies.libraries[].developmentMode |
boolean |
If true, version is ignored and the script uses the current
library project saved code, even if that code has not been saved to a
new version.
|
exceptionLogging |
string |
The location where exceptions are logged. The valid settings are the
following:
|
webapp |
object |
The script project's web app configuration. Only used if the project is deployed as a web app. |
webapp.access |
string |
The levels of permission for running the web app. The valid settings
are the following:
|
webapp.executeAs |
string |
The identity under which the web app executes. The valid
settings are the following:
|
executionApi |
object |
The script project's API executable configuration. Only used if the project is deployed for API execution. |
executionApi.access |
string |
Determines who has permission to run the script from the API. The
valid settings are the following:
|
urlFetchWhitelist[] |
string |
A list of HTTPS URL prefixes. If present, any URL endpoint fetched must match one of the prefixes in this list. This can help to protect user data. See Whitelisting URLs for more details. |
gmail |
nested object |
The resource configuration of the project if deployed as a Gmail add-on. |
sheets |
nested object |
The resource configuration that defines Sheets macros. |
Whitelisting URLs
Sometimes you may want your script project to retrieve information from an external location using the Apps Script UrlFetch service. You can whitelist the URLs you fetch from within the project manifest. Whitelisting is the process where you designate specific URLs that are pre-approved for access by your project. This requirement helps protect user data; if you define a whitelist, projects can't access URLs that you have not whitelisted.
You can whitelist a URL for fetching by adding it or a matching prefix to the
manifest urlFetchWhitelist
field.
The whitelist prefixes you add to the manifest must satisfy the following requirements:
- Each prefix must be a valid URL.
- Each prefix must use
https://
, nothttp://
. - Each prefix must have a full domain.
- Each prefix must have a non-empty path. For example,
https://www.google.com/
is valid buthttps://www.google.com
is not.
To determine if a URL matches a whitelisted prefix, consider the following rules:
- Path matching is case-sensitive.
- If the prefix is identical to the URL, it is a match.
- If the URL is the same or a child of the prefix, it is a match.
For example, the prefix https://example.com/foo
matches the following URLs:
https://example.com/foo
https://example.com/foo/
https://example.com/foo/bar
https://example.com/foo?bar
https://example.com/foo#bar