# Kloudless API interaction

  • Connector Category: Storage (gdrive), Calendar (calendar), Email (gmail)
  • Unified APIs Supported: Storage, Calendar, Email, Activity, Team

# Setting up OAuth Keys for Google

To set up OAuth keys for Google applications like Google Drive or Google Calendar, sign in to your Kloudless account and go to the Third Party Services Configuration section. Navigate to the section for the Google service and expand the instructions that detail how to set up the Google Drive application as well as the scopes needed for the integration by Kloudless.

# Creating/Registering a Google Application

Here is a link to the Google Developer's Guide on configuring an application. You can use this link to log in to the Google Developer Console Dashboard.

# Required Scopes

Here is a list of the required scopes, or access permissions, needed to access data in Google Drive via Kloudless.

https://www.googleapis.com/auth/userinfo.email  
https://www.googleapis.com/auth/userinfo.profile  
https://www.googleapis.com/auth/drive  
https://www.googleapis.com/auth/drive.activity.readonly

# Configure Admin Access OAuth keys

Please follow the next steps to provide admin and team data:

  1. Go to your Google Developers Console.
  2. Select your project and in the left sidebar select Dashboard.
  3. Click on Enable API.
  4. Search for the following APIs and click Enable on each of them: All Google Services:
    • Admin SDK
    • Apps Activity API Google Drive
    • Drive Activity API
    • Google Drive API Google Calendar
    • Google Calendar API
  5. Then, also in the left sidebar, select Credentials.
  6. If you have already created an OAuth 2.0 Client ID and configured it above to use to authenticate non-admin Google Drive accounts, you may enter that Client ID and Secret in the appropriate form fields above. Otherwise, please create OAuth 2.0 credentials first:
    • Click Create Credentials > OAuth client ID > Web Application.
    • Add in a Name and the Redirect URI mentioned above.
    • Click Create to receive a Client ID and Client Secret to use.
  7. Similar to for OAuth, click Create Credentials once more but instead choose Service Account Key.
  8. Select New Service Account in the Service Account drop-down. Enter a name for the account, but leave the Role empty. Select P12 for the Key type and click Create, and then Create without role to confirm.
  9. You will be asked to save the P12 key file and a dialog box appears. Save the file and close the dialog box to continue.
  10. Now back on the main dashboard, click on Manage Service Accounts and find the row for the Service account you just created.
  11. At the right-most end of the row, click on the drop-down settings, then Edit and enable Google Apps Domain-wide Delegation. Once the settings have been saved, the row will now have the option to view the Client ID.
  12. Click on View Client ID in the row. Use that Client ID in the Service Account Client ID input field above. Use the Service account email in the Service Account Email input field, and upload the P12 file as the private key file.
  13. Click on Save in the form above to validate and save your configuration.

# Verifying A Google Drive Application

If you receive a screen indicating that your application is unverified, follow the steps here, which link to the form to submit the verification request. The verification form requires information on the scopes used, which are:

https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.reports.audit.readonly
https://www.googleapis.com/auth/activity
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.activity.readonly

The scopes above are used to identify the user, monitor changes occurring in their account, and access data in their account. More specifically:

  • The Drive scope is used to upload, download, modify, and delete content in the user's Google Drive account, so that the application's features can be accessed and used by users.
  • The Audit and Activity scopes enable the application to be aware of modifications to data within the user's account.
  • The user and group scopes enable user and group data to be updated, as users interact with the application. User data is also used to determine which users to impersonate for admin access to an individual user's data in a G Suite organization.

# Verifying A Google Calendar Application

If you receive a screen indicating that your application is unverified, follow the steps here, which link to the form to submit the verification request. The verification form requires information on the scopes used, which are:

https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.reports.audit.readonly
https://www.googleapis.com/auth/activity
https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/contacts.readonly
https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly

The scopes above are used to identify the user, monitor changes occurring in their account, and access data in their account. More specifically:

  • The Audit and Activity scopes enable the application to be aware of modifications to data within the user's account.
  • The user and group scopes enable user and group data to be updated, as users interact with the application. User data is also used to determine which users to impersonate for admin access to an individual user's data in a G Suite organization.
  • The calendar scope enables calendars and calendar events to be created, modified, and retrieved by our application.
  • The Admin Directory scope is used to identify other users to invite to meetings.
  • The People API lets users look up their contacts to invite to meetings created via the Calendar API.

# Support

Please contact us at support@kloudless.com with any questions you may have. We'd be happy to help you get set up.