Authorization  |  Google Play Developer API  |  Google for Developers (2024)

• Home
• Products
• Google Play Developer API

This section contains instructions specific to the Google Play Developer API. See thefull OAuth2 documentationfor more details.

Initial configuration

Access to the Google Play Android Developer API is authenticated using theOAuth 2.0 Web Serverflow. Before you can use the API, you will need to set up an APIs Consoleproject, create a client ID and generate a refresh token.

Creating an APIs Console project

1. Go to the APIs Console and log inwith your Google Play Console account.
2. Select Create project.
3. Go to Services in the left-hand navigation panel.
4. Turn the Google Play Android Developer API on.
5. Accept the Terms of Service.
6. Go to API Access in the left-hand navigation panel.
7. Select Create an OAuth 2.0 client ID.
   • On the first page, you will need to fill in the product name, but a logois not required. Note that your end users will not see the product name.
   • On the second page, select web application and set the redirect URI andJavascript origins. Both of these settings can be changed later.
8. Select Create client ID.

Generating a refresh token

1. While logged in with your Google Play Console account, go to thefollowing URI:

   https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=...&client_id=...

2. Select Allow access when prompted.
3. The browser will be redirected to your redirect URI with a codeparameter, which will look similar to 4/eWdxD7b-YSQ5CNNb-c2iI83KQx19.wp6198ti5Zc7dJ3UXOl0T3aRLxQmbwI.
4. Exchange this code for an access and refresh token pair by sending a POSTrequest to https://accounts.google.com/o/oauth2/token with thefollowing fields set:

   grant_type=authorization_codecode=<the code from the previous step>client_id=<the client ID token created in the APIs Console>client_secret=<the client secret corresponding to the client ID>redirect_uri=<the URI registered with the client ID>

   A successful response will contain your tokens in JSON format:

   { "access_token" : "ya29.ZStBkRnGyZ2mUYOLgls7QVBxOg82XhBCFo8UIT5gM", "token_type" : "Bearer", "expires_in" : 3600, "refresh_token" : "1/zaaHNytlC3SEBX7F2cfrHcqJEa3KoAHYeXES6nmho"}

Accessing the API

Once you have generated the client credentials and refresh token, your serverscan access the API without an active login or human intervention.

Using the access token

Servers can make calls to the API by passing the access token in theAuthorization header of the request:

Authorization: Bearer oauth2-token

Using the refresh token

Each access token is only valid for a short time. Once the current access tokenexpires, the server will need to use the refresh token to get a new one. To dothis, send a POST request to https://accounts.google.com/o/oauth2/token withthe following fields set:

grant_type=refresh_tokenclient_id=<the client ID token created in the APIs Console>client_secret=<the client secret corresponding to the client ID>refresh_token=<the refresh token from the previous step>

A successful response will contain another access token:

{ "access_token" : "ya29.AHES3ZQ_MbZCwac9TBWIbjW5ilJkXvLTeSl530Na2", "token_type" : "Bearer", "expires_in" : 3600,}

The refresh token thus allows a web server continual access to the API withoutrequiring an active login to a Google account.