授权第三方应用访问 Merchant Center 账号
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
本指南介绍了如何使用 OAuth 2.0 请求访问其他方的 Merchant Center 账号。如果您是第三方提供商,请使用此工作流程让您的应用请求访问客户的 Merchant Center 账号。
如果您要开发的内部应用只需要访问您的 Merchant Center 账号,请改为参阅访问您的账号。
请求应用验证
访问 Merchant API 的应用必须完成 OAuth 验证审核流程。未经验证的应用会收到警告,并且功能受限。
应用是指在 Google Cloud 中具有唯一 OAuth 2.0 客户端 ID 的任何内容。
验证流程通常需要 3 至 5 个工作日。如需了解详情并提交验证请求,请参阅应用验证。
此政策适用于所有应用。我们建议所有应用尽早完成验证流程,以免业务中断。
获取 OAuth 范围
设置增量授权,以避免出现范围选择问题。
如果您请求多个 OAuth 范围,应用的同意页面中默认会取消选中所有范围。当您的应用向用户显示意见征求界面时,用户必须手动选择每个范围才能授权访问。
如需使用 Merchant API,您的应用必须在 OAuth 权限请求页面上请求以下范围:
https://www.googleapis.com/auth/content
检查 OAuth 请求的响应,以验证您的应用是否已收到此范围。
如需了解详情,请参阅 OAuth 2.0 政策。
向请求授权
您的应用向 Merchant API 发送的每个请求都必须包含授权令牌。Google 也可通过此令牌来识别您的应用。
关于授权协议
您的应用必须使用 OAuth 2.0 向请求授权,其他任何授权协议均不受支持。如果您的应用使用使用 Google 账号登录,系统会代您执行授权方面的某些操作。
使用 OAuth 2.0 向请求授权
所有发送至 Merchant API 的请求都必须由已通过身份验证的用户授权。
根据您所开发的应用的类型,OAuth 2.0 的具体授权流程可能会有所不同。下面是适用于所有应用类型的大致流程:
- 开发应用时,您需要使用 Google API 控制台注册该应用。然后,Google 会提供您稍后需要用到的信息,例如客户端 ID 和客户端密钥。
- 在 Google API 控制台中激活 Merchant API。(如果 API 控制台中未列出该 API,请跳过这一步。)
- 当您的应用需要访问用户数据时,它会请求 Google 提供特定范围的访问权限。
- Google 会向相应用户显示权限请求页面,让用户授权您的应用请求他们的某些数据。
- 待该用户同意后,Google 会为您的应用提供一个时效很短的访问令牌。
- 您的应用会请求获取用户数据,并在请求中附上该访问令牌。
- 如果 Google 确定您的请求及令牌有效,就会返回您所请求的数据。
有些流程还包含其他步骤,例如使用刷新令牌获取新的访问令牌。如需详细了解适用于各类应用的不同流程,请参阅 Google 的 OAuth 2.0 文档。
以下是 Merchant API 的 OAuth 2.0 范围信息:
范围 |
含义 |
https://www.googleapis.com/auth/content |
读取/写入权限。 |
要通过 OAuth 2.0 请求访问权限,您的应用既需要授权范围信息,也需要 Google 在您注册应用时提供的信息(如客户端 ID 和客户端密钥)。
下面是一个可供您用于授权的示例。
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-08-29。
[null,null,["最后更新时间 (UTC):2025-08-29。"],[[["\u003cp\u003eThis guide explains how third-party providers can use OAuth 2.0 to request access to their clients' merchant accounts through their apps.\u003c/p\u003e\n"],["\u003cp\u003eApps accessing the Merchant API need to be verified to avoid limitations, a process that usually takes 3-5 business days.\u003c/p\u003e\n"],["\u003cp\u003eIncremental authorization is recommended during setup to prevent scope selection issues and ensure the app receives necessary permissions.\u003c/p\u003e\n"],["\u003cp\u003eAll Merchant API requests must be authorized using OAuth 2.0 with a valid access token, obtainable through the described authorization flow.\u003c/p\u003e\n"],["\u003cp\u003eDevelopers can find resources such as OAuth 2.0 scope information and authorization samples within the guide for implementation.\u003c/p\u003e\n"]]],["Third-party providers use OAuth 2.0 to access clients' merchant accounts, requiring app verification via Google Cloud (3-5 days). Apps must request the `https://www.googleapis.com/auth/content` scope on the consent screen, which users must manually select. Each Merchant API request needs an authorization token. The OAuth process involves registering the app, requesting a scope, user consent via a screen, receiving an access token, and attaching it to data requests.\n"],null,["# Authorize third-party app access to Merchant Center account\n\nThis guide explains how to use [OAuth 2.0](/identity/protocols/OAuth2) to\nrequest access to other parties' merchant center accounts. If you're a\nthird-party provider, use this workflow to let your app request access to your\nclients' Merchant Center accounts.\n\nIf you're developing an in-house app that needs access to only your Merchant\nCenter account, see [access your account](/merchant/api/guides/authorization/access-your-account)\ninstead.\n\nRequest app verification\n------------------------\n\nApps that access the Merchant API must go through the OAuth verification review\nprocess. Unverified apps will receive [warnings](//support.google.com/cloud/answer/7454865)\nand have [limited functionality](//support.google.com/cloud/answer/7454865#unverified-app-user-cap).\n\nAn app is anything with a unique OAuth 2.0 Client ID in Google Cloud.\n\nThe verification process typically takes 3-5 business days. To learn more and to\nsubmit a request for verification, see [verification for apps](//support.google.com/cloud/answer/7454865#verification).\n\nThis policy applies to all apps. We recommend all apps undergo the verification\nprocess as early as possible to avoid business interruptions.\n\nGet OAuth scopes\n----------------\n\nSet up [incremental authorization](/identity/protocols/oauth2/web-server#incrementalAuth)\nto avoid issues with scope selection.\n\nAll [OAuth scopes](/identity/protocols/oauth2/scopes) are\nunselected by default in the consent screen for your app if you request more\nthan one. When your app presents the consent screen to a user, the user has to\nmanually select each scope to authorize access.\n\nTo use Merchant API, your app must request the following scope on the OAuth\nconsent screen: \n\n https://www.googleapis.com/auth/content\n\nCheck the response from an OAuth request to verify that your app received this\nscope.\n\nSee [OAuth 2.0 policies](/identity/protocols/oauth2/policies#unbundled-consent)\nfor more details.\n\nAuthorize requests\n------------------\n\nEvery request your application sends to the Merchant API must include an authorization token. The token also identifies your application to Google.\n\n### About authorization protocols\n\nYour application must use [OAuth 2.0](https://developers.google.com/identity/protocols/OAuth2) to authorize requests. No other authorization protocols are supported. If your application uses [Sign In With Google](https://developers.google.com/identity/gsi/web), some aspects of authorization are handled for you.\n\n### Authorizing requests with OAuth 2.0\n\nAll requests to the Merchant API must be authorized by an authenticated user.\n\nThe details of the authorization process, or \"flow,\" for OAuth 2.0 vary somewhat depending on what kind of application you're writing. The following general process applies to all application types:\n\n1. When you create your application, you register it using the [Google API Console](https://console.cloud.google.com/). Google then provides information you'll need later, such as a client ID and a client secret.\n2. Activate the Merchant API in the Google API Console. (If the API isn't listed in the API Console, then skip this step.)\n3. When your application needs access to user data, it asks Google for a particular **scope** of access.\n4. Google displays a **consent screen** to the user, asking them to authorize your application to request some of their data.\n5. If the user approves, then Google gives your application a short-lived **access token**.\n6. Your application requests user data, attaching the access token to the request.\n7. If Google determines that your request and the token are valid, it returns the requested data.\n\nSome flows include additional steps, such as using **refresh tokens** to acquire new access tokens. For detailed information about flows for various types of applications, see Google's [OAuth 2.0 documentation](https://developers.google.com/identity/protocols/OAuth2).\n\nHere's the OAuth 2.0 scope information for the Merchant API:\n\n| Scope | Meaning |\n|-------------------------------------------|--------------------|\n| `https://www.googleapis.com/auth/content` | Read/write access. |\n\nTo request access using OAuth 2.0, your application needs the scope information, as well as\ninformation that Google supplies when you register your application (such as the client ID and the\nclient secret).\n\nHere's a [sample](/merchant/api/samples/authorization) you can use for\nauthorization."]]