I’m building a study app that needs to access Google Drive files. Right now I’m using the Google Drive API to let users upload their study materials and save progress data. The thing is, I have to request full drive access permissions which makes some users uncomfortable.
Is there a way to limit the API access to just one folder instead of the entire drive? I noticed that other services like Dropbox have an app-specific folder feature where your app can only see files in that designated area.
Basically I just need to read uploaded CSV files and write some progress data back to the same location. Users don’t really want to give me access to all their personal documents when I only need a small workspace.
Does Google Drive API have any scope options that would let me work with just a single directory and its subfolders? Or am I stuck with requesting full drive permissions?
I hit this same problem last year with a document management tool. Here’s what worked: combine the drive.file scope with a smart folder strategy. When users first authenticate, create a dedicated app folder in their Drive root and save that folder ID. Then run all file operations inside that folder using the stored ID as parent. Sure, you could technically access other files they’ve opened with your app, but you’re self-limiting to just that folder. Users like this better since they can see the dedicated folder and know it’s your workspace. Just call out this limitation clearly in your privacy policy and app description.
yea, there’s no perfect fix, but here’s another workaround: have users share a specific folder with your app’s service account. they create a dedicated folder, share it with your app’s email, and you only access that folder. takes a bit more setup but gives way better control than the drive.file scope.
Unfortunately, Google Drive API doesn’t have true folder-scoped permissions like Dropbox. But you can use the https://www.googleapis.com/auth/drive.file scope instead of the broader drive access scope. This limits your app to only see and modify files the user creates through your app or explicitly opens with it. I’ve used this approach in a similar project and it works well - users upload files through your app, giving you access to just those specific files. You can also create a designated folder programmatically. It’s not complete folder isolation, but it eases privacy concerns since you only access files users share with your app.