1. Home
  2. Systems (Sys, Net, Cloud + Sec)
  3. Google Workspaces
  4. Google Workspace Security – API Access

Google Workspace Security – API Access


Are you aware of the advanced security features afforded to you in the Google Admin namespace?

Specifically, the API controls feature; which can be found by navigating to your Google Admin dashboard > Security > API controls. From here, you block all third-party API access (recommended!), manage Google Services and third-party app access.

SOLUTIONS | API Authentication Error

Client Side Error

By default, we have all services restricted with their “limited access” setting. This can break things, a lot of things.

Had a user attempting to upload content from Savvas to Google classroom but was being blocked.

Solution #1

Typically, you can grant app access by going to https://admin.google.com/ , Security, API Controls, and “Manage Third-Party App Access:

In this instance, it wasn’t enough. We had to manually add an app because Savvas wasn’t populating. Even that didn’t work in this section.

Solution #2

Near the bottom of this page, you’ll see “Manage Domain Wide Delegation”.

This is where we need to manually allow Savvas (‘Client ID’) + Scopes. All of which are listed above in the error message that the end-user sees.

Adding API Clients

From the “Manage Domain Wide Delegation” link (Admin.google.com > Security > API Controls >MWD), you’ll see this:

From this screen, we will “Add new”.

Referring to the original screenshot submitted by the client, which is presented to them in their error response, we gather the “Client ID”. (REMOVE THE HTTP(S) and ending ‘/’***)

Once you paste the client ID without the HTTPS, you will then proceed to add the scope(s), listed right below the client ID AND separated by commas (‘comma-delimited).



If you did it correctly, this is what you should see, it auto-populated the name and the user should be able to authenticate now.

How can we help?