This document contains Drive Labels API-specific authorization and authentication information. Before reading this document, be sure to read the Google Workspace's general authentication and authorization information at Learn about authentication and authorization.
Configure OAuth 2.0 for authorization
Configure the OAuth consent screen and choose scopes to define what information is displayed to users and app reviewers, and register your app so that you can publish it later.
Google Drive Labels API scopes
To define the level of access granted to your app, you need to identify and declare authorization scopes. An authorization scope is an OAuth 2.0 URI string that contains the Google Workspace app name, what kind of data it accesses, and the level of access. Scopes are your app's requests to work with Google Workspace data, including users' Google Account data.
When your app is installed, a user is asked to validate the scopes used by the app. Generally, you should choose the most narrowly focused scope possible and avoid requesting scopes that your app doesn't require. Users more readily grant access to limited, clearly described scopes.
When possible, we recommend using non-sensitive scopes as it grants per-file access scope and narrows access to specific functionality needed by an app.
The following OAuth 2.0 scopes can be used to read, search, and modify label metadata applied Drive items:
|Read, search, and modify label metadata applied to Drive items.
|Read and search label metadata applied to Drive items authorized for the application.
Scopes for labels
The following OAuth scopes can be used to view and manage labels:
|View, use, and manage Drive labels.
|View and use Drive labels.
|View, edit, create, and delete all Drive labels in your organization, and view your organization's label-related administration policies.
|View all Drive labels and label-related administration policies in your organization.
ADMIN labels, you must specify:
trueto use the user's administrator credentials.
- Account administrators with the Manage Labels privilege.
Administrators must set the
useAdminAccess parameter to invoke their admin
useAdminAccess allows viewing and editing of any label
owned by a customer. This includes both
useAdminAccess is not set, write requests are allowed only for labels
with both a
and for users with the appropriate
EDITOR role for this label.
For more information, see Create access credentials.