Every application that uses Google APIs needs an associated Google Cloud Platform project. This project is a set of configuration settings that define how your application interacts with Google services and what resources it can use. You can create, manage, and shut down projects from the Google API Console.
You need to set up a Google Cloud Platform project for your app before it can make any API calls, so this is usually the first step in developing a Marketplace app.
Do the following to set up your project:
- Create the project in the Google API Console if it doesn't already exist.
- Determine and configure collaborators.
- Select the Google services that your app needs.
- Configure the G Suite Marketplace SDK.
- Configure the project OAuth consent screen.
- Configure the project OAuth credentials, including a service account if applicable.
Create a new project
If your application is built using Apps Script, a Cloud Platform project is automatically created for it. These automatically-created projects do not appear in the Google API Console project list, and should instead be accessed from the Apps Script editor. See Apps Script Cloud Platform Projects for details.
If your application isn't created with Apps Script, you can create a new project by doing the following:
- Opening the Google API Console projects list.
- Clicking Create Project.
- Enter a new project name and (optionally) a folder location for it.
- Clicking Create.
You can grant others access to your app's Cloud Platform settings and resources so that you can collaborate on the project.
It's very important to avoid situations where you lose access to your app's Clould Platform settings because the owner of the project left your organization!
To prevent this, do the following to configure your collaboration settings for your app project:
- Determine who your collaborators should be. We recommend that you create or use an existing Google Group as your collaborator list. You can also specify a domain if you prefer.
If you are building your app with Apps Script, we recommended that you to use a Team Drive as the source location for your script project. Placing your add-on script file in a Team Drive ensures that no single account is the sole owner of the project. Make sure your collaborators have access to the Team Drive.
Once you have determined your script project's Drive location, you can add your collaborators to its Cloud Platform project as owners or other roles.
If your app isn't an Apps Script project, you can add your collaborators to its Cloud Platform project using the GCP console.
Enable Google services
Google provides many APIs, SDKs, and other tools for applications like yours. You must enable each Google API and SDK that you want to use in your application, using settings in your application's Cloud Platform project.
To enable an API or SDK for your project, follow the instructions found in Enable and disable APIs.
You can see what APIs are enabled in your project at any time by viewing the APIs & Services dashboard within the console. You can enable and disable APIs from the dashboard as well. Some APIs and SDKs require configuration; you can access the an API's configuration by clicking the icon for that API in the dashboard. To learn more about the configuration options for a service, refer to the documentation for that service.
Configure the G Suite Marketplace SDK
In order to publish your application to the G Suite Marketplace, you must enable and configure the G Suite Marketplace SDK. The SDK defines your app's listing in the Marketplace and is used to request publishing. See the G Suite Marketplace SDK guide for instructions on configuring the SDK.
You can configure the SDK along with the other APIs your application needs, or wait until your application is fully built and you are ready to publish.
OAuth consent screen
When a user is asked to authorize an application using OAuth, they are presented a screen that describes the application and what it is asking permission to do on their behalf. You can customize this OAuth consent screen to some extent from your applications. Setting up OAuth 2.0 has instructions for updating the consent screen for your application.
Configuring the consent screen requires you to provide certain information. The following consent screen assets are required:
- Email address. This is an email address developers can contact for
support. It should be a Google Group support forum within your domain,
firstname.lastname@example.org. The managing account for the Google Group must be the same used to publish the application.
- Product name shown to users. This is the application name. Limit this string to 15 characters or less to ensure it displays well in the G Suite Marketplace listing. Do not use the word "Google" or other Google product names.
The remaining consent screen components are optional, but are recommended for a better user experience:
- Homepage URL. This is a link to a web page that describes your application.
- Product logo URL. This is a link to a hosted image logo to display in the consent screen. The image should be no larger than 120 x 120 pixels.
- Terms of Service URL. This is a link to a web page that describes your application's Terms of Service.
Configure project OAuth credentials
Most Google APIs use OAuth 2.0 to control authentication and authorization. Oauth 2.0 requires applications to define one or more OAuth credentials in their Google Cloud Platform project. The information you need to build a credential depends on whether your application is a web application (one accessed by browsers over a network) or an installed application (one that exists on the user's device). Service accounts used by applications also require server account key credentials.
See Setting up OAuth 2.0 for details what credentials you need and how to create OAuth credentials for your application.
Some Google APIs don't use OAuth, typically because they don't access user data. These APIs usually need an API key instead. See Setting up API keys for details on creating these keys. Review the Best Practices for using API keys article for advice on handling API keys.
After you've created the OAuth credentials for your project, take note of the client ID and click theicon to download a JSON file containing the client ID and secret. Your application needs this file to establish connections with Google services.
Some applications call APIs on behalf of themselves, and not on behalf of any particular user. This type of application uses a service account to prove its own identity, and does not need a user to authorize requests.
Service accounts also let G Suite domain administrators to grant service accounts domain-wide authority to access user data on behalf of users in the domain. For example, they allow domain admins to install and authorize an application on behalf of all their users; this removes the need for those users to authorize the app individually.
Service accounts are discussed in more detail in our Using OAuth 2.0 for Server to Server Applications documentation.
If your application uses a service account, you need to create a service account key credentials. See Setting up OAuth 2.0 for details.