The addon will need some scopes for working properly. For example, the Bulk Barcode QR Code Generator & Mail merge addon requires the script.external_request scope because this add-on will need to call a Paypal web service for showing all pricing options which user can choose. If you do not get OAuth approval from Google Cloud Platform/API Trust & Safety team, when user clicks “Authorize access” button, they will see a warning message this app isn’t verified.
Almost all users will give up your add-on immediately when they see the above error. To get verification, you need to send an OAuth Request via Google Cloud console. First of all, you need to write a clear and concise privacy policy like this. Here are all steps you need to know
1.Host privacy policy page in a trusted domain
- You should host the website in the trusted domain and Google will verify it. I highly recommend to use [Google domain[(https://domains.google/)] because it is very cheap and it is very easy to be verified by Google Cloud.
2.Explain about all scopes
- You have to explain all scopes which add-on will use in the Privacy policy. For example, Bulk Barcode QR Code Generator addon has used 3 scopes
script.container.ui and script.external_request and spreadsheets
- Google will show the information which user can understand easily like this:
- Privacy policy page has to explain why add-on uses these scopes. For example, Bulk Barcode QR Code Generator will use Connect to an external service because add-on will use Paypal web service API for payment. You can take a look at Privacy policy of this addon for more details.