Google Drive Getting Started: Setup, API Keys, First Request (2026)

Getting started overview

Integrating with Google Drive programmatically requires a Google Account, enabling the Google Drive API, and configuring OAuth 2.0 credentials for secure access. This guide outlines the steps to set up your environment and execute a basic API call.

The Google Drive API allows applications to interact with files and folders stored in Google Drive. This includes operations such as searching for files, uploading new content, downloading existing files, and managing permissions. The API is part of the broader Google Cloud ecosystem, which provides infrastructure for managing services and credentials.

Before making API requests, it is necessary to establish an OAuth 2.0 consent screen, which informs users about the permissions your application requests. This ensures that users grant explicit consent before your application can access their Google Drive data. The process also involves generating API keys or client IDs, which uniquely identify your application to Google's authentication servers.

Here is a quick reference for the setup process:

Create an account and get keys

To begin, you need a Google Account. If you do not have one, you can create a new Google Account. This account will be used to access the Google Cloud Console, where you manage API services and credentials.

1. Create a Google Cloud Project

After logging in with your Google Account, navigate to the Google Cloud Console. Create a new project. A project acts as a container for all your Google Cloud resources, including API keys and authentication credentials (Source: Google Cloud Resource Manager documentation).

2. Enable the Google Drive API

Within your newly created project, go to the API Library. Search for "Google Drive API" and enable it for your project. Enabling the API grants your project the necessary permissions to interact with Google Drive services.

3. Configure the OAuth Consent Screen

Google Drive API access requires OAuth 2.0 for user authentication and authorization. Before creating credentials, you must configure an OAuth consent screen. This screen is what users see when your application requests access to their Google Drive data. You will need to specify:

• User type: Internal (for Google Workspace users within an organization) or External (for any Google Account user). For most public integrations, choose External.
• App name: The name displayed to users.
• User support email: An email address for users to contact.
• Developer contact information: Email addresses for Google to contact you.
• Scopes: Define the specific permissions your application needs. For a basic file listing, a read-only scope like https://www.googleapis.com/auth/drive.readonly is sufficient. For full file management, https://www.googleapis.com/auth/drive is required.

Ensure you save and publish your consent screen if you intend for external users to access your application (Source: Google OAuth 2.0 Scopes documentation).

4. Create OAuth 2.0 Client ID Credentials

After configuring the consent screen, navigate to the Credentials page in the Google Cloud Console. Click "Create Credentials" and select "OAuth client ID."

You will be prompted to select an application type. Common choices include:

• Web application: For server-side applications or JavaScript-based web apps. You'll need to specify authorized redirect URIs (e.g., http://localhost:8000/callback for local development).
• Desktop app: For applications running on a user's machine.
• Other: For command-line tools or other non-web applications.

Once created, you will receive a Client ID and a Client Secret. These are your API keys, which your application will use to identify itself to Google's authentication servers. Store these securely and do not embed them directly in client-side code for production applications (Source: Google OAuth 2.0 documentation).

Your first request

This section demonstrates how to make a basic API request using the Google Drive API. We will use Python for this example, as it is one of the primary languages supported by Google Drive SDKs.

Prerequisites:

• Python 3.x installed.
• Google Client Library for Python installed: pip install google-api-python-client google-auth-httplib2 google-auth-oauthlib
• Your client_secret.json file (downloaded from the Google Cloud Console when creating OAuth credentials) in your project directory.

Python Example: List the first 10 files

This script authenticates with Google Drive and then lists the names and IDs of the first 10 files in the user's Drive.

import os.path

from google.auth.transport.requests import Request
from google.oauth2.credentials import Credentials
from google_auth_oauthlib.flow import InstalledAppFlow
from googleapiclient.discovery import build
from googleapiclient.errors import HttpError

# If modifying these scopes, delete the file token.json.
SCOPES = ["https://www.googleapis.com/auth/drive.readonly"]

def main():
    """Shows basic usage of the Drive v3 API.
    Prints the names and ids of the first 10 files the user has access to.
    """
    creds = None
    # The file token.json stores the user's access and refresh tokens, and is
    # created automatically when the authorization flow completes for the first
    # time.
    if os.path.exists("token.json"):
        creds = Credentials.from_authorized_user_file("token.json", SCOPES)
    # If there are no (valid) credentials available, let the user log in.
    if not creds or not creds.valid:
        if creds and creds.expired and creds.refresh_token:
            creds.refresh(Request())
        else:
            flow = InstalledAppFlow.from_client_secrets_file(
                "client_secret.json", SCOPES
            )
            creds = flow.run_local_server(port=0)
        # Save the credentials for the next run
        with open("token.json", "w") as token:
            token.write(creds.to_json())

    try:
        service = build("drive", "v3", credentials=creds)

        # Call the Drive v3 API
        results = (
            service.files()
            .list(pageSize=10, fields="nextPageToken, files(id, name)")
            .execute()
        )
        items = results.get("files", [])

        if not items:
            print("No files found.")
            return
        print("Files:")
        for item in items:
            print(f"{item['name']} ({item['id']})")
    except HttpError as error:
        # TODO(developer) - Handle errors from drive API.
        print(f"An error occurred: {error}")


if __name__ == "__main__":
    main()

Explanation:

1. Import necessary libraries: google.auth for authentication, google_auth_oauthlib for the OAuth flow, and googleapiclient for interacting with the API.
2. Define Scopes: SCOPES = ["https://www.googleapis.com/auth/drive.readonly"] specifies that the application only needs read-only access to Google Drive files. For write operations, you would need a broader scope like https://www.googleapis.com/auth/drive.
3. Authentication Flow:
   • The script first checks for an existing token.json file, which stores previously obtained access and refresh tokens.
   • If tokens are expired, it attempts to refresh them.
   • If no valid tokens exist, it initiates an OAuth 2.0 flow using InstalledAppFlow.from_client_secrets_file("client_secret.json", SCOPES). This opens a browser window, prompts the user to log in to their Google Account, and grant the requested permissions.
   • Upon successful authorization, Google redirects to a local server (port=0 means a random available port), and the credentials are saved to token.json for future use.
4. Build Service: service = build("drive", "v3", credentials=creds) creates an instance of the Google Drive API client.
5. Make API Call: service.files().list(...) calls the files.list method of the Drive API.
• pageSize=10 limits the results to 10 files.
• fields="nextPageToken, files(id, name)" specifies that only the id and name of each file, along with a nextPageToken for pagination, should be returned.
6. Process Results: The script iterates through the returned files and prints their names and IDs.

Common next steps

After successfully making your first API call, consider these common next steps to expand your Google Drive integration:

• Uploading Files: Implement functionality to upload new files to Google Drive. This involves using the files.create method with appropriate metadata and content. Refer to the Google Drive API upload guide.
• Downloading Files: Enable users to download files from their Drive. This typically uses the files.get method with alt=media for file content or export for Google Workspace documents. Consult the Google Drive API download guide.
• Managing Permissions: Control who can access and modify files. The API allows you to add, update, or remove permissions for specific users or groups using the permissions resource. See the Google Drive sharing documentation.
• Searching Files: Utilize advanced query parameters with the files.list method to search for files based on criteria like name, MIME type, content, or parent folder. The Google Drive API search guide provides detailed examples.
• Webhooks and Notifications: Set up change notifications to receive updates when files or folders in a user's Drive are modified. This can be achieved using the Google Drive API Changes resource.
• Error Handling and Rate Limits: Implement robust error handling for API responses and be aware of Google Drive API usage limits to prevent your application from being throttled.
• Explore Other SDKs: If Python is not your primary language, explore the JavaScript, Java, PHP, Node.js, Ruby, or C# client libraries for your development environment.

Troubleshooting the first call

Encountering issues during your first API call is common. Here are some troubleshooting tips:

• "Error 400: redirect_uri_mismatch": This error indicates that the redirect URI configured in your Google Cloud Console OAuth 2.0 Client ID does not exactly match the URI your application is using during the authentication flow. Double-check the "Authorized redirect URIs" in your credentials settings. For a local server, ensure the port matches (e.g., http://localhost:8000).
• "Error 401: Invalid Credentials" or "Unauthorized":
  • Ensure your client_secret.json file is correctly placed and named in your project directory.
  • Verify that the Google Drive API is enabled for your Google Cloud Project.
  • Check if your token.json file is corrupted or outdated. Delete it to force a fresh authentication flow.
  • Confirm that the scopes requested by your application are correct and have been granted by the user.
• "Error 403: Insufficient Permission":
  • The authenticated user might not have the necessary permissions for the requested operation (e.g., trying to write to a read-only folder).
  • The OAuth scopes granted to your application might be too restrictive. For example, if you are attempting to upload a file, you need a write scope like https://www.googleapis.com/auth/drive, not just drive.readonly.
  • Ensure that the user has actually authorized the requested scopes during the consent screen process.
• "API not enabled" error: Go to the Google Cloud API Library and explicitly enable the Google Drive API for your project.
• Python google-auth-oauthlib issues: If the browser doesn't open or the local server fails, ensure no other process is using the chosen port. You can specify a different port in flow.run_local_server(port=XXXX). Alternatively, use a manual authorization flow if a browser environment is unavailable, as described in the Google OAuth 2.0 for Devices documentation.
• Review Google Cloud Logs: The Google Cloud Logging service can provide more detailed error messages and insights into API call failures.