Authorizing an Apps Script

Last updated: March 16, 2025

If you're running an Apps Script for the first time, Google will ask you to authorize it. Authorization is the process by which you grant the script whatever access it needs to run.

Let's imagine that you've created a new Apps Script and you haven't written any code yet. You run the script by clicking the Run button.

Screenshot of the Apps Script code editor.

The script will run just fine and it won't ask you for any permission. That's because the script in this case does absolutely nothing. It isn't accessing any of your data, nor is it taking any action on your behalf.

Now let's make the script send an email. Here is the code I used to do that.

⚠ Please replace the email address youremail@example.com in the code snippet below with your email address.

function myFunction() {
  MailApp.sendEmail(
    "youremail@example.com", //recipient
    "Hi there", //subject
    "This is a test email." //body
  );
}

Now try running the code again.

This time, Google displays a dialog asking me to authorize the script. Google automatically detects that the script will be sending an email and asks me for permission before letting the script take that action. Let's see what will happen next. Select Review Permissions to proceed.

'Authorization required' dialog box. Message states 'This app might not work as expected without providing all requested permissions.' Buttons labeled 'Cancel' and 'Review permissions' are visible.

Next, Google asks me to select an account that I want to use with the script. If you use multiple Gmail or GSuite accounts, pick the one that you want to use.

'Sign in with Google' screen prompting to choose an account to authorize an app script.

Once you select the Google account to use, you'll see a warning that the app isn't verified. Google has a verification process to ensure that developers that build apps aren't being careless with or otherwise misusing your data. It is important that you pay attention to this warning.

Never proceed past this step UNLESS the app was created by you. In my opinion, it is fine to proceed if it is an app that you built for your own personal use.

I'll assume that you created the app. With that assumption in mind, select Advanced to proceed.

You might not see any warnings if you're using a G Suite account

If you are using a G Suite account, Google trusts your domain administrator to set and enforce various security policies. Hence, the process might be more seamless for you. That being said, it is a good practice to only authorize applications that you've written or ones developed by people you know and trust (eg. your IT team).

Warning screen: 'Google hasn't verified this app.' Message states the app requests sensitive Google Account access and should not be used until verified. 'BACK TO SAFETY' button is prominent.

Google displays another warning that tells you to proceed only if you know and trust the developer. In this case, the developer is you so it is fine to proceed. Click the "Go to <YOUR SCRIPT NAME> (unsafe)" link to continue.

Finally, Google tells you the permissions that you will be giving to the app and asks you to approve. In this case, the only permission is the ability to send email as you.

Assuming you're OK with granting this permission, go ahead and authorize it by clicking Continue.

Always carefully review the permissions that you're granting applications. This is especially important if the application was not developed by you.

'Sign in with Google' screen: 'Authorizing apps script wants access to your Google Account'. Lists the account and permission to 'Send email as you'. Prompts user to review privacy and terms, with 'Cancel' and 'Continue' buttons.

Once you authorize the application by selecting Continue, it will run and it will be able to access the data or take actions on your behalf.

Be careful when giving scripts the following permissions

Whenever a script or an app asks for the following permissions, you should almost always refuse.

Access to all of your email.
Access to all of your files in Google Drive.
Sending email on your behalf.

The ONLY exception to the above rule is if the app was built by you or your organization. I've built several personal apps that use these permissions. I'm OK with that because I built these apps and I control what they do with my data.

How to find the apps that you've previously authorized?

Google lists the third-party apps that you've previously authorized at: https://myaccount.google.com/permissions. It is a good idea to periodically review the list of applications on that page and revoke access for apps that you're no longer using.

Previous: Creating your first Apps Script Next: Values, types and operators in Apps Script

DISCLAIMER: This content is provided for educational purposes only. All code, templates, and information should be thoroughly reviewed and tested before use. Use at your own risk. Full Terms of Service apply.

Small Scripts, Big Impact

Join 1,500+ professionals who are supercharging their productivity with Google Sheets automation

Exclusive Google Sheets automation tutorials and hands-on exercises

Ready-to-use scripts and templates that transform hours of manual work into seconds

Email updates with new automation tips and time-saving workflows

By subscribing, you agree to our Privacy Policy and Terms of Service