Project Description

📖 < 1 min read

You can now block all third-party API access to Google Workspace data with a new setting. This compliments other available OAuth settings which help you control which third-party & internal apps access Google Workspace data.

When selected, all third-party apps are denied access to Workspace and end user data, blocking all OAuth 2.0 scopes. This also means that users cannot use their Google Workspace accounts to sign into third-party apps and websites.

Restrict third-party API access to Google Workspace and end user data 1

Who’s impacted

Admins and end users

Why it’s important

This new setting adds another layer of protection over your Workspace and end user data. Not every third party application has robust security measures in place or conforms to your security policy — by restricting third-party APIs from requesting sensitive information, such as login or email scopes, you can ensure your data and user data stays secure.

When all third party API access is blocked, an app will not be able to access any Workspace user date, across web and mobile. If users try to authorize an untrusted app, they’ll see an authorization error message. Admins can customize this error message if they choose.

Getting started



Rollout pace


  • Available to all Google Workspace customers, as well as Google Workspace Basic and Business customers
Thanks for sharing and spreading the word!