Authorizing requests
Stay organized with collections
Save and categorize content based on your preferences.
Note:The YouTube Content ID API is intended for use by YouTube content partners and is not accessible to all developers or to all YouTube users. If you do not see the YouTube Content ID API as one of the services listed in the Google API Console
, see the YouTube Help Center
to learn more about the YouTube Partner Program.
The YouTube Content ID API
supports the OAuth 2.0
protocol
for authorizing access to private user data.
The following list explains some core OAuth 2.0
concepts:
-
When a user first attempts to use features in your application that requires the user to be logged in to a Google Account or YouTube account
, your application initiates the OAuth 2.0
authorization process.
-
Your application directs the user to Google's authorization server. The link to that page specifies the scope
of access that your application is requesting for the user's account. The scope
specifies the resources that your application can retrieve, insert, update, or delete when acting as the authenticated user.
-
If the user consents to authorize your application to access those resources, Google returns a token to your application. Depending on your application's type, it either validates the token or exchanges it for a different type of token.
For example, a server-side web application exchanges the returned token for an access token and a refresh token. The access token lets the application authorize requests on the user's behalf, and the refresh token lets the application retrieve a new access token when the original access token expires.
Important:To use the OAuth 2.0 Authorization, you need to obtain authorization credentials in the Google API Console
.
For more details, see the OAuth 2.0 Authorization Guide
.
OAuth 2.0 flows
Google APIs support several OAuth 2.0 use cases:
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-28 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[[["\u003cp\u003eThe YouTube Content ID API is exclusive to YouTube content partners and is not available to all developers or users.\u003c/p\u003e\n"],["\u003cp\u003eThe API uses OAuth 2.0 for authorizing access to private user data, requiring users to be logged into a Google or YouTube account.\u003c/p\u003e\n"],["\u003cp\u003eApplications must specify the scope of access they need, defining which user resources they can manage, during the OAuth 2.0 process.\u003c/p\u003e\n"],["\u003cp\u003eGoogle's authorization process, upon user consent, returns tokens that allow applications to act on behalf of the user, with refresh tokens enabling the retrieval of new access tokens when needed.\u003c/p\u003e\n"],["\u003cp\u003eVarious OAuth 2.0 flows are supported to accommodate different application types, including server-side web apps, JavaScript web apps, mobile/desktop apps, limited-input devices, and server-to-server interactions.\u003c/p\u003e\n"]]],["The YouTube Content ID API utilizes OAuth 2.0 for authorization, allowing applications to access private user data. When users attempt to use features requiring a Google or YouTube login, the application initiates authorization. The user is directed to Google's server to approve the requested access scope. Upon approval, Google provides a token, which the application may validate or exchange for access and refresh tokens. Different OAuth 2.0 flows are supported, including server-side, JavaScript, mobile/desktop apps, limited-input devices, and service accounts.\n"],null,["# Authorizing requests\n\n**Note:** The YouTube Content ID API is intended for use by YouTube content partners and is not accessible to all developers or to all YouTube users. If you do not see the YouTube Content ID API as one of the services listed in the [Google API Console](https://console.cloud.google.com/), see the [YouTube Help Center](https://support.google.com/youtube/answer/72851) to learn more about the YouTube Partner Program.\n\n\nThe YouTube Content ID API supports the [OAuth 2.0 protocol](http://oauth.net/2/) for authorizing access to private user data.\n\nThe following list explains some core OAuth 2.0 concepts:\n\n- When a user first attempts to use features in your application that requires the user to be logged in to a Google Account or YouTube account, your application initiates the OAuth 2.0 authorization process.\n\n- Your application directs the user to Google's authorization server. The link to that page specifies the **scope** of access that your application is requesting for the user's account. The **scope** specifies the resources that your application can retrieve, insert, update, or delete when acting as the authenticated user.\n\n- If the user consents to authorize your application to access those resources, Google returns a token to your application. Depending on your application's type, it either validates the token or exchanges it for a different type of token.\n\n For example, a server-side web application exchanges the returned token for an access token and a refresh token. The access token lets the application authorize requests on the user's behalf, and the refresh token lets the application retrieve a new access token when the original access token expires.\n\n**Important:** To use the OAuth 2.0 Authorization, you need to [obtain authorization credentials in the Google API Console](/youtube/partner/guides/registering_an_application).\n\nFor more details, see the [OAuth 2.0 Authorization Guide](https://developers.google.com/identity/protocols/oauth2).\n\nOAuth 2.0 flows\n---------------\n\nGoogle APIs support several OAuth 2.0 use cases:\n\n- The [server-side web apps](/youtube/partner/guides/auth/server-side-web-apps) flow supports web applications that can securely store persistent information.\n- The [JavaScript web apps](/youtube/partner/guides/auth/client-side-web-apps) flow supports JavaScript applications running in a browser.\n- The [mobile and desktop apps](/youtube/partner/guides/auth/installed-apps) flow supports applications installed on a device, such as a phone or computer.\n- The [TVs and limited-input devices](/youtube/partner/guides/auth/devices) flow supports devices with limited input capabilities, such as game consoles and video cameras.\n- The [service account flow](/identity/protocols/oauth2/service-account) supports server-to-server interactions that do not access user information."]]
