What is the difference between the token and client secret in the google forms API?
I recently got into working with the google forms API. I tried to use the watch script from the google developer site, and I'm stuck trying to figure out what the difference between the token and client secret files is. I don't remember this being explained when I first learned about this API. I have an oauth client and the corresponding json file for it, so do I need an API key too?
If the answer to this is painfully obvious, please direct me toward a good starting point for learning about how to do this. I've worked with google cloud console before, but last time I used gspread for google sheets and only had to get a service account.
Essentially, the client secret identifies the application requesting the data and the token is proof that the user has given that sole application permission to access certain data only.
When making an API call to a Google service you need to identify yourself (your application in this case) to successfully retrieve information or make changes to existing information. You can do the same with an API Key when accessing public information.
What about accessing private data that a user owns?
The client secret allows your application to request user consent, meaning that your application will present itself to Google service and will request the user to accept access to their data, the screen the user sees is called OAuth consent screen, here an example:
After the user clicks "Allow" on the consent screen Google gives the application a token, the token identifies the user and the scopes the application has been granted.
The token can only be used by that application, Google will make sure that only the authorized application is accessing the data that the token allows thanks to the client secret.
A more technical explanation is available in this Help Center article https://support.google.com/a/answer/2538798, including this image that better illustrates how the 3-legged authentication flow works.
- Why am i getting a HttpError 'A Location is required error'
- How to delete Questions from an already existing google form using API & Python
- How should I use `gargle` to connect to the Google Forms API in R?
- How to store google form responses into multiple spreadsheets?
- Archive rows to another tab greater than 3 years
- Replace a null value for one of the questions in a Google Form with AppsScript
- Can you submit a Restful request to a google forms api?
- How to set the ability to go to section based on answer for Google Forms using script?
- Google Form Submit Files to Custom File Location is not Moving Uploaded File
- Write Google Form Dynamic Content Before Submitting
- Can I change a Google Forms' Style (font, size etc.) from Google App Script?
- How to hide a pre-filled question on google forms using Google Apps Script?
- Create google form response through API
- "Request had insufficient authentication scope" when trying to create google form through API
- Determine Google Form question reference to Google Sheet column
- How to update permission or add email in google form API?
- Create gForms and consolidate all answers
- How do I use the Google Forms API with Python to update the correct answers of an existing form?
- How can I use the batchupdate function of the google form api with python to modify the url and answers?
- Google Form API - Error when Create, Update Item
- I want to change the names of old files uploaded to Google Forms
- Generate itemId when batchUpdating with Forms API
- How can I trigger a different script when a new google forms response is submitted?
- What is the difference between the token and client secret in the google forms API?
- Google Form Api. Adding Response validation to textQuestion