Error 401 Access Denied
In enterprise applications, you may want to programmatically access a user's data without any manual authorization on their part.
In Google Workspace domains, the domain administrator can grant third-party applications with domain-wide access to its users' data. This is referred to as a domain-wide delegation. To delegate authority this way, domain administrators can use service accounts with OAuth 2.0.
- Log into the Google Workspace Admin Portal Here.
- On the left side of the window select Security, Access and data control, then select API controls.
- If you don't see Security listed, select "Show More" in the bottom-left section of the window, then select Security, Access and data control, then select API controls.
- You may need to scroll down to see "MANAGE DOMAIN WIDE DELEGATION"
5. Select "Add new"
6. Enter the service account's Client ID.
7. Click on "Authorize"
8. In the "OAuth scopes" field enter the list of scopes that your application should be granted access to.
If you need domain-wide access to activity reports please follow the steps below:
- Head over to Reports, then click on Accounts.
- Click on API controls
- Look for High-risk Oauth Scopes