I’m building a server application that needs to interact with Google Drive API to upload and download files automatically. My backend service will operate using one administrator account’s credentials and won’t require different users to log in.
I’m wondering if using the web server authentication flow is the right approach for this scenario. My plan is to authenticate once manually with the admin account, save the refresh token, and then use it for all future API calls without needing human intervention.
Is this the recommended method for server-to-server communication with Google Drive? Are there other authentication patterns I should consider instead?
Service accounts are perfect for this, but here’s the catch: they get their own separate Google Drive storage that’s completely isolated from your admin account. You can’t access any files already sitting in your admin’s Drive unless you share them with the service account email first. If you need those existing files, either share them or stick with OAuth2 using your admin’s refresh token - that gives you direct access to everything. I’ve done both ways and service accounts are way cleaner for automation, but that file isolation trips up tons of developers at first.
yea, totally agree! service accounts are perfect for this. way simpler than managing refresh tokens. just set one up in the google cloud console, save that json key and you’re good to go. no more oauth headaches!