I’m working on a Google App Engine project that needs to integrate with Google Drive API. I want to set up a system where my app manages its own Drive storage without requiring users to sign in.
Here’s what I’m trying to accomplish:
Create a shared storage space that belongs to my application account
Let users upload files without any Google account or authentication
Allow public access to download files from this shared space
No login prompts or permission screens for end users
Storage should handle large amounts of data as the app grows
I’m looking for guidance on the best approach to implement this. Should I use service accounts? How do I handle the Drive API authentication on the backend while keeping the frontend anonymous? Any code examples or configuration tips would be really helpful.
Service accounts are definitely the way to go here. I built something similar last year and it worked perfectly. Create a dedicated Google service account for app-managed storage without any user authentication needed. Just authenticate your backend with the service account credentials file and handle all Drive operations server-side. Your frontend only talks to your own API endpoints - never directly to Google’s APIs. This keeps users completely anonymous while your app manages everything through the service account. One thing to watch out for - folder permissions matter. Set up a specific folder structure where your service account has full control and configure sharing settings for public access. You’ll hit API quotas with heavy usage, so implement rate limiting and consider caching strategies early. The service account approach scales well but you need careful quota management as you grow.
You’re on the right track with service accounts, but there’s a setup step that gets missed a lot. I did this for a client and the key was getting the service account JSON credentials right and making sure your App Engine has proper IAM permissions. Download the service account key file and either store it securely in your project or use App Engine’s built-in authentication. For Drive, create a folder owned by your service account, then share it publicly with ‘anyone with the link can view’ permissions. That’s how you get anonymous downloads. Route all uploads through your backend API - users hit your endpoints, your server authenticates with the service account, then uploads to Drive. Don’t forget file validation and virus scanning since users can upload whatever they want. Storage limits are pretty generous but keep an eye on usage in Google Cloud Console so you don’t get hit with surprise charges.
service accounts work great, but enable the drive api in google cloud console first - i wasted hours on that one lol. if you don’t need folders, use cloud storage buckets instead. much easier setup and handles large files better.