Here is a complete list of the OAuth scopes that need to be granted for our G-Suite Application
Note: OAuth scopes look like URLs, but these are not web pages. They are permissions.
Background
OAuth is the modern way SaaS companies authorize API access to applications such as G-Suite. While many vendors tend to request a lot of unnecessary permissions, our application requests the minimal set of permissions needed to meet our product's functionality. Below we provide a list of scopes as well as why they are needed.
Read/Write OAuth Permissions Needed:
- https://www.googleapis.com/auth/gmail.settings.basic - Required to update the email signature setting within Gmail. This scope does NOT have access to email.
- https://www.googleapis.com/auth/gmail.settings.sharing - Required to update the email signature of aliases in Gmail.
- Here is a link to full documentation on these email signature scopes:
Read Only OAuth Permissions Needed:
- https://www.googleapis.com/auth/admin.directory.group.readonly - Allows for departmental signatures
- https://www.googleapis.com/auth/admin.directory.orgunit.readonly - Allows for signatures based on Org Unit
- https://www.googleapis.com/auth/admin.directory.user.readonly - Allows for populating signatures with Google directory data.
- Here is a link to full documentation on these directory related scopes: