2

In my application, I want to use (oAuth based) Gmail API for sending Emails.

Sensitive Scope Added in the developer's console

NOTE: I want to make my app public. A user can simply authenticate using the consent screen and will give the Email sending permissions to the application.

The question is that I am not sure if the verification of my app using OAuth based Gmail API will also include security assessment (costing $15k - $75k) or it will be verified without the security assessment.

Image 2

Image 3

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Kunal Tandon
  • 21
  • 1
  • DalmTo is right. But to be clear, do you want your application to send emails on behalf of your users? or on behalf of your app? – Aerials Oct 13 '20 at 10:14

1 Answers1

1

The following scope

https://www.googleapis.com/auth/gmail.send Send email on your behalf

Is one of the Gmail scopes because of that it is considered to be a sensitive scope and when your application goes though the Google Oauth verification process you will need to have a third party company (provided by Google) to preform a security assessment on your application, they will probably need to see videos of your application in action and may or may not want to test it live and see code.

The cost for this is $15k - $75k.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • That is right, getting approved to access email will cost you that much. Although if your clients are G Suite users you have an alternative path. Ask them to configure a service account and give you a JSON key. Your app can then access mailboxes in their domain, no OAuth team approval required. But this works for B2B mainly. – Alexey Oct 14 '20 at 17:58