You can now block all third-party API access to Google Workspace data with a new setting. This complements other available OAuth settings which help you
When selected, all third-party apps are denied access to Workspace and end user data, blocking all OAuth 2.0 scopes. This also means that users cannot use their Google Workspace accounts to sign into third-party apps and websites.

This new setting adds another layer of protection over your Workspace and end user data. Not every third party application has robust security measures in place or conforms to your security policy — by restricting third-party APIs from requesting sensitive information, such as login or email scopes, you can ensure your data and user data stays secure.

When all third party API access is blocked, an app will not be able to access any Workspace user date, across web and mobile. If users try to authorize an untrusted app, they’ll see an authorization error message. Admins can customize this error message if they choose.

Getting started

This feature will be OFF by default and can be enabled in the Admin console by going to Security > API controls and selecting “Block all third-party API Access”. Visit the Help Center to learn more about blocking all third-party API access or controlling which third-party & internal apps access Google Workspace data.