Authorizing an Apps Script

If you're running an Apps Script for the first time, Google will ask you to authorize it. Authorization is the process by which you grant the script whatever access it needs to run.

Let's imagine that you've created a new Apps Script and you haven't written any code yet. You run the script by clicking the play icon.

The script will run just fine and it won't ask you for any permission. That's because the script in this case does absolutely nothing. It isn't accessing any of your data, nor is it taking any action on your behalf.

Now let's make the script send an email. Here is the code I used to do that.

function myFunction() {
    "", //recipient
    "Hi there", //subject
    "This is a test email." //body

Now try running the code again.

This time, Google displays a dialog asking me to authorize the script. Google automatically detects that the script will be sending an email and asks me for permission before letting the script take that action. Let's see what will happen next. Select Review Permissions to proceed.

Next, Google asks me to select an account that I want to use with the script. If you use multiple Gmail or GSuite accounts, pick the one that you want to use.

Once you select the Google account to use, you'll see a warning that the app isn't verified. Google has a verification process to ensure that developers that build apps aren't being careless with or otherwise misusing your data. It is important that you pay attention to this warning.

Never proceed past this step UNLESS the app was created by you. In my opinion, it is fine to proceed if it is an app that you built for your own personal use.

I'll assume that you created the app. With that assumption in mind, select Advanced to proceed.

Google displays another warning that tells you to proceed only if you know and trust the developer. In this case, the developer is you so it is fine to proceed. Click the "Go to Demo App (unsafe)" link to continue.

Finally, Google tells you the permissions that you will be giving to the app and asks you to approve. In this case, the only permission is the ability to send email as you.

Assuming you're OK with granting this permission, go ahead and authorize it by clicking Allow.

Once you authorize the application, it will run and it will be able to access the data or take actions on your behalf.

Be careful when giving scripts the following permissions

Whenever a script or an app asks for the following permissions, you should almost always refuse.

  • Access to all of your email.

  • Access to all of your files in Google Drive.

  • Sending email on your behalf.

The ONLY exception to the above rule is if the app was built by you or your organization. I've built several personal apps that use these permissions. I'm OK with that because I built these apps and I control what they do with my data.

How to find the apps that you've previously authorized?

Google lists the third-party apps that you've previously authorized at: It is a good idea to periodically review the list of applications on that page and revoke access for apps that you're no longer using.

Stay up to date

Follow me via email to receive actionable tips and other exclusive content. I'll also send you notifications when I publish new content.
By signing up you agree to the Privacy Policy & Terms.

Have feedback for me?

I'd appreciate any feedback you can give me regarding this post.

Was it useful? Are there any errors or was something confusing? Would you like me to write a post about a related topic? Any other feedback is also welcome. Thank you so much!