Go quickstart

Quickstarts explain how to set up and run an app that calls a Google Workspace API.

Google Workspace quickstarts use the API client libraries to handle some details of the authentication and authorization flow. We recommend that you use the client libraries for your own apps. This quickstart uses a simplified authentication approach that is appropriate for a testing environment. For a production environment, we recommend learning about authentication and authorization before choosing the access credentials that are appropriate for your app.

Create a Go command-line application that makes requests to the Google Drive Activity API.


  • Set up your environment.
  • Set up the sample.
  • Run the sample.


  • A Google Account.

Set up your environment

To complete this quickstart, set up your environment.

Enable the API

Before using Google APIs, you need to turn them on in a Google Cloud project. You can turn on one or more APIs in a single Google Cloud project.
  • In the Google Cloud console, enable the Google Drive Activity API.

    Enable the API

If you're using a new Google Cloud project to complete this quickstart, configure the OAuth consent screen and add yourself as a test user. If you've already completed this step for your Cloud project, skip to the next section.

  1. In the Google Cloud console, go to Menu > APIs & Services > OAuth consent screen.

    Go to OAuth consent screen

  2. Select the user type for your app, then click Create.
  3. Complete the app registration form, then click Save and Continue.
  4. For now, you can skip adding scopes and click Save and Continue. In the future, when you create an app for use outside of your Google Workspace organization, you must add and verify the authorization scopes that your app requires.

  5. If you selected External for user type, add test users:
    1. Under Test users, click Add users.
    2. Enter your email address and any other authorized test users, then click Save and Continue.
  6. Review your app registration summary. To make changes, click Edit. If the app registration looks OK, click Back to Dashboard.

Authorize credentials for a desktop application

To authenticate as an end user and access user data in your app, you need to create one or more OAuth 2.0 Client IDs. A client ID is used to identify a single app to Google's OAuth servers. If your app runs on multiple platforms, you must create a separate client ID for each platform.
  1. In the Google Cloud console, go to Menu > APIs & Services > Credentials.

    Go to Credentials

  2. Click Create Credentials > OAuth client ID.
  3. Click Application type > Desktop app.
  4. In the Name field, type a name for the credential. This name is only shown in the Google Cloud console.
  5. Click Create. The OAuth client created screen appears, showing your new Client ID and Client secret.
  6. Click OK. The newly created credential appears under OAuth 2.0 Client IDs.
  7. Save the downloaded JSON file as credentials.json, and move the file to your working directory.

Prepare the workspace

  1. Create a working directory:

    mkdir quickstart
  2. Change to the working directory:

    cd quickstart
  3. Initialize the new module:

    go mod init quickstart
  4. Get the Google Drive Activity API Go client library and OAuth2 package:

    go get google.golang.org/api/driveactivity/v2
    go get golang.org/x/oauth2/google

Set up the sample

  1. In your working directory, create a file named quickstart.go.

  2. In the file, paste the following code:

    package main
    import (
    // Retrieve a token, saves the token, then returns the generated client.
    func getClient(config *oauth2.Config) *http.Client {
    	// The file token.json stores the user's access and refresh tokens, and is
    	// created automatically when the authorization flow completes for the first
    	// time.
    	tokFile := "token.json"
    	tok, err := tokenFromFile(tokFile)
    	if err != nil {
    		tok = getTokenFromWeb(config)
    		saveToken(tokFile, tok)
    	return config.Client(context.Background(), tok)
    // Request a token from the web, then returns the retrieved token.
    func getTokenFromWeb(config *oauth2.Config) *oauth2.Token {
    	authURL := config.AuthCodeURL("state-token", oauth2.AccessTypeOffline)
    	fmt.Printf("Go to the following link in your browser then type the "+
    		"authorization code: \n%v\n", authURL)
    	var authCode string
    	if _, err := fmt.Scan(&authCode); err != nil {
    		log.Fatalf("Unable to read authorization code: %v", err)
    	tok, err := config.Exchange(context.TODO(), authCode)
    	if err != nil {
    		log.Fatalf("Unable to retrieve token from web: %v", err)
    	return tok
    // Retrieves a token from a local file.
    func tokenFromFile(file string) (*oauth2.Token, error) {
    	f, err := os.Open(file)
    	if err != nil {
    		return nil, err
    	defer f.Close()
    	tok := &oauth2.Token{}
    	err = json.NewDecoder(f).Decode(tok)
    	return tok, err
    // Saves a token to a file path.
    func saveToken(path string, token *oauth2.Token) {
    	fmt.Printf("Saving credential file to: %s\n", path)
    	f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
    	if err != nil {
    		log.Fatalf("Unable to cache oauth token: %v", err)
    	defer f.Close()
    // Returns a string representation of the first elements in a list.
    func truncated(array []string) string {
    	return truncatedTo(array, 2)
    // Returns a string representation of the first elements in a list.
    func truncatedTo(array []string, limit int) string {
    	var contents string
    	var more string
    	if len(array) <= limit {
    		contents = strings.Join(array, ", ")
    		more = ""
    	} else {
    		contents = strings.Join(array[0:limit], ", ")
    		more = ", ..."
    	return fmt.Sprintf("[%s%s]", contents, more)
    // Returns the name of a set property in an object, or else "unknown".
    func getOneOf(m interface{}) string {
    	v := reflect.ValueOf(m)
    	for i := 0; i < v.NumField(); i++ {
    		if !v.Field(i).IsNil() {
    			return v.Type().Field(i).Name
    	return "unknown"
    // Returns a time associated with an activity.
    func getTimeInfo(activity *driveactivity.DriveActivity) string {
    	if activity.Timestamp != "" {
    		return activity.Timestamp
    	if activity.TimeRange != nil {
    		return activity.TimeRange.EndTime
    	return "unknown"
    // Returns the type of action.
    func getActionInfo(action *driveactivity.ActionDetail) string {
    	return getOneOf(*action)
    // Returns user information, or the type of user if not a known user.
    func getUserInfo(user *driveactivity.User) string {
    	if user.KnownUser != nil {
    		if user.KnownUser.IsCurrentUser {
    			return "people/me"
    		return user.KnownUser.PersonName
    	return getOneOf(*user)
    // Returns actor information, or the type of actor if not a user.
    func getActorInfo(actor *driveactivity.Actor) string {
    	if actor.User != nil {
    		return getUserInfo(actor.User)
    	return getOneOf(*actor)
    // Returns information for a list of actors.
    func getActorsInfo(actors []*driveactivity.Actor) []string {
    	actorsInfo := make([]string, len(actors))
    	for i := range actors {
    		actorsInfo[i] = getActorInfo(actors[i])
    	return actorsInfo
    // Returns the type of a target and an associated title.
    func getTargetInfo(target *driveactivity.Target) string {
    	if target.DriveItem != nil {
    		return fmt.Sprintf("driveItem:\"%s\"", target.DriveItem.Title)
    	if target.Drive != nil {
    		return fmt.Sprintf("drive:\"%s\"", target.Drive.Title)
    	if target.FileComment != nil {
    		parent := target.FileComment.Parent
    		if parent != nil {
    			return fmt.Sprintf("fileComment:\"%s\"", parent.Title)
    		return "fileComment:unknown"
    	return getOneOf(*target)
    // Returns information for a list of targets.
    func getTargetsInfo(targets []*driveactivity.Target) []string {
    	targetsInfo := make([]string, len(targets))
    	for i := range targets {
    		targetsInfo[i] = getTargetInfo(targets[i])
    	return targetsInfo
    func main() {
    	ctx := context.Background()
    	b, err := os.ReadFile("credentials.json")
    	if err != nil {
    		log.Fatalf("Unable to read client secret file: %v", err)
    	// If modifying these scopes, delete your previously saved token.json.
    	config, err := google.ConfigFromJSON(b, driveactivity.DriveActivityReadonlyScope)
    	if err != nil {
    		log.Fatalf("Unable to parse client secret file to config: %v", err)
    	client := getClient(config)
    	srv, err := driveactivity.NewService(ctx, option.WithHTTPClient(client))
    	if err != nil {
    		log.Fatalf("Unable to retrieve driveactivity Client %v", err)
    	q := driveactivity.QueryDriveActivityRequest{PageSize: 10}
    	r, err := srv.Activity.Query(&q).Do()
    	if err != nil {
    		log.Fatalf("Unable to retrieve list of activities. %v", err)
    	fmt.Println("Recent Activity:")
    	if len(r.Activities) > 0 {
    		for _, a := range r.Activities {
    			time := getTimeInfo(a)
    			action := getActionInfo(a.PrimaryActionDetail)
    			actors := getActorsInfo(a.Actors)
    			targets := getTargetsInfo(a.Targets)
    			fmt.Printf("%s: %s, %s, %s\n", time, truncated(actors), action, truncated(targets))
    	} else {
    		fmt.Print("No activity.")

Run the sample

  1. In your working directory, build and run the sample:

    go run quickstart.go
  2. In your browser, go to http://localhost:8000.

  3. The first time you run the sample, it prompts you to authorize access:

    1. If you're not already signed in to your Google Account, you're prompted to sign in. If you're signed in to multiple accounts, select one account to use for authorization.
    2. Click Accept.
    3. Copy the code from the browser, paste it into the command-line prompt, and press Enter.

    Authorization information is stored in the file system, so the next time you run the sample code, you aren't prompted for authorization.

You have successfully created your first Go application that makes requests to the Google Drive Activity API.

Next steps