Overview

Pre-built tooling

Pre-built integrations

Access requirements

Setup guide

Useful links

API gotchas

Pre-built tooling

Pre-built integrations

Not seeing the integration you need? Build your own independently.

Access requirements

Pre-RequisitesStatusComment
Paid dev account✅ Not requiredFree, self-signup for a Google Cloud account.
Paid test account✅ Not requiredFree Google account can be used for testing.
Partnership✅ Not required
App review⚠️ ConditionalRequired for sensitive and restricted scopes or for publishing to Google Marketplace.
Security audit⚠️ ConditionalMay be required as part of the verification process for sensitive scopes.

Setup guide

1

Create a Google Cloud account

If you don’t already have one, sign up for a Google Cloud account.

2

Create a new project

  1. Go to the Google Cloud Console.
  2. Click on the project dropdown at the top left of the page.
  3. Click New Project.
  4. Enter a Project Name for your project
  5. Under Location, select the appropriate organization or folder where this project should belong.
    If you’re not part of an organization, it will default to No organization
  6. Click Create and wait for the project to be created.
  7. Select it from the project dropdown.
3

Enable the APIs you need

  1. Go to the API Library in the Google Cloud Console.
  2. Search for the Google APIs you want to use (e.g., Google Drive API, Gmail API, Google Calendar API).
  3. Select each API and click Enable.
  4. Repeat this process for all the APIs your application needs to access.
4

Configure the OAuth consent screen

  1. Go to APIs & Services > OAuth consent screen in the Google Cloud Console.
  2. Click Get started.
  3. Fill in the App Information form.
  • App Name: The name of the app asking for consent.
  • User support email: For users to contact you with questions about their consent
  1. Click Next. Select the appropriate Audience:
    • External: For applications available to any Google user
    • Internal: For applications restricted to users within your Google Workspace organization
  2. Click Next. Fill in the Contact Information, these are the email addresses that Google will use to notify you about any changes to your project.
  3. Click Next, then check the I agree to the Google API Services: User Data Policy checkbox, and click Continue.
  4. Add the scopes your application needs. Under Data Access, click Add or Remove Scopes and select the scopes that correspond to the APIs you enabled. 8 Under Audience, click Add users if you selected External user type (required for testing before verification).
5

Create OAuth 2.0 credentials

  1. Go to APIs & Services > Credentials in the Google Cloud Console.
  2. Click Create Credentials and select OAuth client ID.
  3. Select Web application as the application type.
  4. Enter a name for your OAuth client.
  5. Under Authorized redirect URIs, add https://api.nango.dev/oauth/callback.
  6. Click Create.
  7. A dialog will appear with your client ID and client secret. Save these credentials securely as you’ll need them when configuring your integration in Nango.
6

Publish your app (switch from Testing to Production)

To move your OAuth app from testing to production:

  1. Go to APIs & Services > OAuth consent screen > Audience.
  2. Click Publish App to switch your app from testing to production.
7

Verify your app (if required)

If your app uses sensitive or restricted scopes, you’ll need to verify it with Google:

  1. Once published to production, click Prepare for Verification to start the verification process.
  2. Review and confirm all app details, then click Save and Continue.
  3. Justify your use of any sensitive or restricted scopes.
  4. Upload a demo video showing your app’s OAuth flow and scope usage.
  5. Click Submit for Verification to begin Google’s review.
8

Next

Follow the Quickstart.

Need help getting started? Get help in the community.
TopicLinks
GeneralGoogle Cloud Console
Google Cloud Documentation
DeveloperOAuth 2.0 Documentation
Using OAuth 2.0 for Web Server Applications
OAuth 2.0 Scopes for Google APIs
API Library
OAuth Consent Screen Configuration
Credentials Management
App Verification Requirements
OAuth Token Expiration
Contribute useful links by editing this page

Common Scopes

ScopeDescription
openidAccess to basic profile information
profileAccess to user’s basic profile information
emailAccess to user’s email address
https://www.googleapis.com/auth/driveFull access to Google Drive
https://www.googleapis.com/auth/drive.fileAccess to files created or opened by the app
https://www.googleapis.com/auth/gmail.readonlyRead-only access to Gmail
https://www.googleapis.com/auth/calendarFull access to Google Calendar
https://www.googleapis.com/auth/calendar.readonlyRead-only access to Google Calendar

API gotchas

  • Google has a unified OAuth system for their various APIs. This provider should work for most of them (e.g. Google Sheets, Gmail, Google Calendar, etc.).
  • You need to enable individual Google APIs on the Google API Console before using them.
  • Under certain circumstances, Google expires a user’s refresh token and the token refresh in Nango will fail. You can find a list of reasons from Google here, including:
  1. The user has revoked your app’s access.
  2. The user changed passwords and the refresh token contains Gmail scopes.
  3. The user account has exceeded a maximum number of granted (live) refresh tokens.
  4. The user granted time-based access to your app and the access expired.
  5. If an admin set any of the services requested in your app’s scopes to Restricted.
  6. For Google Cloud Platform APIs - the session length set by the admin could have been exceeded.
  7. In “Testing” mode with an external user type, refresh tokens expire in 7 days unless only basic scopes are used — userinfo.email, userinfo.profile, openid, or their OpenID Connect equivalents. You can remove this 7-day limit by switch from Testing to Production. Follow step 6 in the Setup Guide above.
  8. Google allows up to 100 refresh tokens per account per OAuth client ID; new tokens overwrite the oldest without warning when the limit is reached.
  • While setting up the OAuth credentials, the Authorized JavaScript origins should be your site URL (https://app.nango.dev if you’re testing from the Nango UI).
  • For applications using sensitive or restricted scopes, Google requires verification and a security assessment. This process can take several weeks to complete.
  • Google’s OAuth consent screen has different configurations for “External” and “Internal” user types. Internal is only available for Google Workspace users and limits access to users within your organization.
  • Google implements incremental authorization, allowing you to request additional scopes over time without requiring users to re-authorize all previously granted scopes.
  • Google enforces rate limits on API requests, which vary depending on the specific API being used.
Contribute API gotchas by editing this page