Obtaining `gmail.compose` privileges for single G Suite email account to send emails via GMail API

Question

I am trying to compose drafts programmatically via the GMail API, using this tutorial and the following line of code:

service.users().drafts().create(userId=user_id, body=message).execute()

but I receive the following error:

An error occurred: <HttpError 403 when requesting https://www.googleapis.com/gmail/v1/users/me/drafts?alt=json returned "Insufficient Permission">

Note that directly sending messages with gmail.send privileges does not work for me - I want to thread messages.

In the API console, I tried enabling the following scope ../auth/gmail.compose, but there is a warning message that Because you've added a sensitive scope, your consent screen requires verification by Google before it's published.

I have submitted my app for verification, but I just received an email stating that "We've extended the deadline to fully complete your verification from May 15th to June 26th, 2019".

Actually, no users will use my G Suite email accounts (so my app cannot be used to spy on their messages) and I only need access to a single email account info@example.com to send notifications to users who use my site on example.com.

Is there any way to get server-side access to my info@example.com account using my password and programmatically draft messages without having to go through the lengthy and unnecessary app verification process?

Answer 1

It turns out that you can have an "internal", rather than a client facing "public" app, for which all GMail scopes are automatically available.

Here is the response from the Google team that describes the steps (it worked for me):

It appears your app is only used by the people in your domain.

If this is correct, please reply to this email to confirm that is the case. We will then reject your request so that you are able to update your project from public to internal.

In addition, you will need to associate your project with your organization by following the steps below:

If you have not already done so, create an Organization by following the Quickstart Using Organizations instructions.

Migrate the project into the organization you created as shown in Migrating Existing Projects into the Organization. Once you have associated your project with your organization, you and the project users in your organization can use the app to directly access OAuth scopes. No verification will be required.