Reputation: 31
How do I avoid Google Drive API audit? -- Only Read access is needed to list files from folder and to download them
The product I'm working on currently uses the scope "https://www.googleapis.com/auth/drive" (which is now "restricted" by Google), which gives full read and write access to a user's Drive account, including app metadata. But we only need read access to list all files and folders inside a specific folder, and we need to be able to download those files, that's all.
Google Drive API will soon apply the new "restricted" scope policy (https://support.google.com/cloud/answer/9110914#restricted-scopes), which will require us to go through a very expensive audit (tens of thousands of dollars...). Is there a possible workaround to get 'read-only' access on a specific folder, and avoid the audit (note that https://www.googleapis.com/auth/drive.readonly is also a restricted mode)?
I'm aware of the "https://www.googleapis.com/auth/drive.file" scope (which is "recommended" by Google, so no audit required), which almost solves this problem. But we have thousands of users bringing in data from multiple Drive Folders, and pushing new files daily. This scope would introduce a manual step for a client each morning to have to "approve" every new file, and this would be a big scalability/usability problem.
Ideally, I would like Google to add a new scope, like a read-only access to anything inside a folder, before they go forward with their audit... but i doubt that this will happen soon.
Does anyone know of a better option?
[EDIT] For reference, here is the list of scopes and we can see which ones are "restricted", "sensitive" and "recommended" : https://developers.google.com/drive/api/v2/about-auth
Upvotes: 2
Views: 446
Answers (1)
Reputation: 2930
Solution
Hi! So after taking a better look at this it seems that restricted scopes do NOT require any paid audit. The main difference is that they will have a wider access to user's data and thus it requires you to go through a restricted scope verification process.
You can use these restrictive scopes (the one that best fits your application) without the need of paying any audit. See more information about how to implement restrictive scopes here.
Upvotes: 0
Related Questions
- How to set file access when selecting via the Google Drive Picker API?
- Dumping full file/folder permissions report for access permission auditing in Google Drive
- Google Drive API permission to children files
- How to use appDataFolder & Google Picker without full drive scope permission?
- How to get list of users requesting permissions for a file/folder using Google Drive
- Google drive api folder permissions
- Google Drive API for Android - Only Drive.SCOPE_FILE access, need read only
- Google Drive API Folder Permission
- List Files from Google Drive without login
- Getting google drive list / files from own account without manual authorization