Test with different credential types and scopes

The APIs Explorer's credentials section lets you test with different credentials and scopes. This feature is useful in ensuring you're using the minimal required credentials and scope to invoke an API endpoint.

Test with different credentials

By default, both the OAuth 2 and API Key credential types are checked. If you want to test with only one credential, check on the credential type to use (and uncheck the other credential type). Following are the general rules for picking a credential to test with:

  • If you're using a method to access public data, such as Google Maps data, you can use an API key as your credential. Check API key and uncheck Google OAuth 2.0.

  • If you're using a method to access private data, such as the user's Google Drive data, you must use an OAuth 2 credential. Uncheck API key and check Google OAuth 2.0.

If you receive a result of 200, the credential is sufficient for accessing the data. If you receive a result of 401, you need to use OAuth 2 credential to access the data.

Test with different scopes

A scope is a string, such as https://www.googleapis.com/auth/drive.metadata.readonly, defining a level of access to resources required by your app, such as the level of access to data owned by the users. Ideally, you want your app to use scopes with the narrowest level of access to the user's data. Different methods might require different scopes. For example, a method in an API might require at least a read-only scope, while other methods might require a read-write scope.

By default, all Google OAuth 2.0 scopes for an API are enabled in the APIs Explorer. To test with a specific scope:

  1. In the Credentials Google OAuth 2.0 section, click show scopes.
  2. Check the scope to use when invoking the method.
  3. Click Execute to execute the API using only the selected scope. The APIs Explorer shows an authorization screen asking you to grant access to use the scope.
  4. Click Allow. The results appear below the Execute button.

If the APIs Explorer shows a result of 200 under an "application/json", then the scope is sufficient to invoke the method. If the APIs Explorer shows an result of 403, you have chosen an insufficient scope to invoke the method. Try a broader scope.

For additional information on scope selection, refer to the authentication and authorization section of documentation for your specific Google API.

Revoke authorized access to test with new scopes

After you have used the Google authorization screen to approve authorization, the APIs Explorer remains authorized to make authenticated requests as long as the credentials aren't expired. Unchecking scopes doesn't reset the previously approved credentials and scopes. If you want to test with a new scope configuration, you must revoke your previously approved credentials.

To revoke the credentials used by the APIs Explorer:

  1. Navigate to Apps with access to your account.
  2. Under Third-party apps with account access, click Google APIs Explorer.
  3. Click Remove Access.
  4. (optional) Reload the documentation page to reset the APIs Explorer.