When and What are the verification required to publish Google Workspace add-ons ?

Google Workspace (G Suite) addon Verification

When and What are the verifications required to publish your Google Workspace add-ons ?

To publish a Google Workspace add-on, verification is required to ensure that the add-on meets Google's policies and guidelines for add-on development and usage. Once the application is verified, it will be able to access the requested scopes for users who grant permission. 

Google requires verification for accessing user data via OAuth when certain sensitive or restricted scopes are requested by the OAuth client application. These scopes include:

  1. Gmail scopes (access to a user's inbox, drafts, sent items, etc.)
  2. Google Drive scopes (access to a user's files and folders)
  3. Google Calendar scopes (access to a user's calendar events)
It is important to note that the verification process may differ depending on the type of add-on being developed (e.g. Gmail add-on, Calendar add-on, etc.) and that Google may revoke verification if the add-on violates its policies or user trust. Therefore, it is important to follow best practices for add-on development and usage.

Your app might need to go through verification if:

  1. You want your application to display an icon or display name instead of the redirect URL domain on the OAuth consent screen.
  2. The number of authorized domains for your apps exceeds the domain count limit for a project.
  3. There are changes to the OAuth consent screen after your app has been approved.

The verification process involves several steps, including:

  1. Creating a Google Cloud Platform project: This involves creating a project in the Google Cloud Console, enabling the necessary APIs, and configuring OAuth consent screens.
  2. Meeting the technical requirements: The add-on must meet the technical requirements specified in the Google Workspace Add-ons documentation, including using the correct manifest structure, implementing the required APIs, and adhering to security best practices.
  3. Providing a privacy policy: The add-on must have a privacy policy that describes how user data is collected, used, and shared. This privacy policy must be accessible from the add-on's listing in the G Suite Marketplace.
  4. Submitting the add-on for review: Once the above requirements are met, the add-on can be submitted for review. The review process typically takes a few days and involves a review of the add-on's functionality, security, and compliance with Google's policies and guidelines.

It is important to note that Google may revoke verification if the application violates its policies or user trust, so it is important to follow best practices for OAuth client development and use.

powered by Easy ADM

Popular posts from this blog

How to execute Gmail API request using Service Account - C# .NET 6

Directly access to users emails - Google Workspace