Stay organized with collections
Save and categorize content based on your preferences.
The YouTube Reporting API and YouTube Analytics API support the OAuth 2.0 protocol for authorizing access to private user data.
The following list explains some core OAuth 2.0 concepts:
When a user first attempts to use features in your application that requires the user to be logged in to a Google Account or YouTube account, your application initiates the OAuth 2.0 authorization process.
Your application directs the user to Google's authorization server. The link to that page specifies the scope of access that your application is requesting for the user's account. The scope specifies the resources that your application can retrieve, insert, update, or delete when acting as the authenticated user.
If the user consents to authorize your application to access those resources, Google returns a token to your application. Depending on your application's type, it either validates the token or exchanges it for a different type of token.
For example, a server-side web application exchanges the returned token for an access token and a refresh token. The access token lets the application authorize requests on the user's behalf, and the refresh token lets the application retrieve a new access token when the original access token expires.
The server-side web apps flow supports web applications that can securely store persistent information.
The JavaScript web apps flow supports JavaScript applications running in a browser.
The mobile and desktop apps flow supports applications installed on a device, such as a phone or computer.
The OAuth 2.0 flow for TVs and limited-input devices supports devices with limited input capabilities, such as game consoles and video cameras.
The YouTube Reporting and YouTube Analytics APIs do not currently support the OAuth 2.0 flow for devices.
The OAuth 2.0 flow for service account flow supports server-to-server interactions that do not access user information.
However, the YouTube Reporting API and YouTube Analytics API do not support this flow.
Since there is no way to link a Service Account to a YouTube account, attempts to authorize requests with this flow will generate an error.
Identify access scopes
Scopes enable your application to only request access to the resources that it needs while also
enabling users to control the amount of access that they grant to your application. Thus, there
may be an inverse relationship between the number of scopes requested and the likelihood of
obtaining user consent.
Before you start implementing OAuth 2.0 authorization, we recommend that you identify the scopes
that your app will need permission to access.
The YouTube Analytics API uses the following scopes:
Scope
Description
https://www.googleapis.com/auth/youtube
Manage your YouTube account
https://www.googleapis.com/auth/youtube.readonly
View your YouTube account
https://www.googleapis.com/auth/youtubepartner
View and manage your assets and associated content on YouTube
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-20 UTC."],[[["\u003cp\u003eThe YouTube Reporting API and YouTube Analytics API utilize OAuth 2.0 for authorizing access to private user data.\u003c/p\u003e\n"],["\u003cp\u003eOAuth 2.0 requires user consent, and the scope requested determines the resources the application can access, with a possible inverse relationship between the number of scopes and the likelihood of consent.\u003c/p\u003e\n"],["\u003cp\u003eGoogle's OAuth 2.0 supports various flows including server-side web apps, JavaScript web apps, and mobile/desktop apps, but it doesn't support the device flow for YouTube Reporting and Analytics APIs, or the service account flow.\u003c/p\u003e\n"],["\u003cp\u003eBefore implementing OAuth 2.0, it's recommended to identify the necessary scopes, with specific scopes for the YouTube Analytics API and YouTube Reporting API being detailed, as well as a document containing a full list of possible scopes for Google APIs.\u003c/p\u003e\n"],["\u003cp\u003eIf your application uses scopes that permit access to certain user data, you might need to complete a verification process, especially if you encounter an "unverified app" warning.\u003c/p\u003e\n"]]],["OAuth 2.0 authorizes access to private YouTube user data. Applications initiate authorization, directing users to Google's server to specify access scopes. User consent grants a token, which can be exchanged for access and refresh tokens. Credentials must be obtained via the Google API Console. Supported flows include server-side, JavaScript, and mobile/desktop apps, but not limited-input devices or service accounts. Scopes, defined for YouTube Analytics and Reporting APIs, dictate resource access and influence user consent. Public apps accessing user data must undergo verification.\n"],null,["The YouTube Reporting API and YouTube Analytics API support the [OAuth 2.0 protocol](http://oauth.net/2/) for authorizing access to private user data.\n\nThe following list explains some core OAuth 2.0 concepts:\n\n- When a user first attempts to use features in your application that requires the user to be logged in to a Google Account or YouTube account, your application initiates the OAuth 2.0 authorization process.\n\n- Your application directs the user to Google's authorization server. The link to that page specifies the **scope** of access that your application is requesting for the user's account. The **scope** specifies the resources that your application can retrieve, insert, update, or delete when acting as the authenticated user.\n\n- If the user consents to authorize your application to access those resources, Google returns a token to your application. Depending on your application's type, it either validates the token or exchanges it for a different type of token.\n\n For example, a server-side web application exchanges the returned token for an access token and a refresh token. The access token lets the application authorize requests on the user's behalf, and the refresh token lets the application retrieve a new access token when the original access token expires.\n\n**Important:** To use the OAuth 2.0 Authorization, you need to [obtain authorization credentials in the Google API Console](/youtube/reporting/guides/registering_an_application).\n\nFor more details, see the [OAuth 2.0 Authorization Guide](https://developers.google.com/identity/protocols/oauth2).\n\nOAuth 2.0 flows\n\nGoogle APIs support several OAuth 2.0 use cases:\n\n- The [server-side web apps](/youtube/reporting/guides/authorization/server-side-web-apps) flow supports web applications that can securely store persistent information.\n- The [JavaScript web apps](/youtube/reporting/guides/authorization/client-side-web-apps) flow supports JavaScript applications running in a browser.\n- The [mobile and desktop apps](/youtube/reporting/guides/authorization/installed-apps) flow supports applications installed on a device, such as a phone or computer.\n- The OAuth 2.0 flow for TVs and limited-input devices supports devices with limited input capabilities, such as game consoles and video cameras. The YouTube Reporting and YouTube Analytics APIs do not currently support the OAuth 2.0 flow for devices.\n- The OAuth 2.0 flow for service account flow supports server-to-server interactions that do not access user information. However, the YouTube Reporting API and YouTube Analytics API do not support this flow. Since there is no way to link a Service Account to a YouTube account, attempts to authorize requests with this flow will generate an error.\n\nIdentify access scopes\n\nScopes enable your application to only request access to the resources that it needs while also\nenabling users to control the amount of access that they grant to your application. Thus, there\nmay be an inverse relationship between the number of scopes requested and the likelihood of\nobtaining user consent.\n\nBefore you start implementing OAuth 2.0 authorization, we recommend that you identify the scopes\nthat your app will need permission to access.\n\nThe YouTube Analytics API uses the following scopes:\n\nThe YouTube Reporting API uses the following scopes:\n\nThe [OAuth 2.0 API Scopes](/identity/protocols/oauth2/scopes) document contains a full\nlist of scopes that you might use to access Google APIs.\n| If your public application uses scopes that permit access to certain user data, it must complete a verification process. If you see **unverified\n| app** on the screen when testing your application, you must submit a verification request to remove it. Find out more about [unverified apps](https://support.google.com/cloud/answer/7454865) and get answers to [frequently asked questions about app verification](https://support.google.com/cloud/answer/9110914) in the Help Center."]]
