Google Provisioning API Now Has Increased Security with New OAuth Scopes

Last September, Google launched OAuth support for many of the administrative APIs to improve security. Among the many benefits of OAuth is the ability to provide access to Administrative APIs without exposing admin usernames or passwords.Today, Google Apps developers blog announced that developers now have even more control over access to the API. "The Provisioning […]

Last September, Google launched OAuth support for many of the administrative APIs to improve security. Among the many benefits of OAuth is the ability to provide access to Administrative APIs without exposing admin usernames or passwords.

Today, Google Apps developers blog announced that developers now have even more control over access to the API. "The Provisioning API now has four separate OAuth scopes - one each for the users, alias, organization units, and groups methods. For example, this means that developers can enable an application to have access scoped to only groups and not user data. For more information about the new scopes, please see the authorization section of the Provisioning API Developer's Guide," Google stated.

"Also announced that developers can now authorize use of the Reporting API via OAuth! Now Google Apps developers can start building secure automated reporting and dashboard applications without worrying about managing ClientLogin tokens."

Google further notes, that the "previous Provisioning API scope is now deprecated, and new applications should reference these new, more granular and secure scopes. While the previous scope will still work for your existing scripts during the deprecation period, it'll eventually not produce valid request tokens. We strongly encourage Google Apps developers to update your applications to take advantage of this security improvement."

You may refere this article for more information about using OAuth with the Provisioning and Reporting APIs.

[Source: Google Apps Developers blog]