We are used to being asked this question. Especially when people give Clint access to their Gmail accounts, even with read authorization.

Clint connects to the Gmail API through a method called restricted scope.

Gmail API restricted scope is Google's special security category for applications that access the most sensitive user data.

In simple terms:

Restricted scope = a highly secure API access permission that requires special permission for applications that access a user's top-secret Gmail data.

Therefore, gmail.readonly like Clint did or Gmail API /messages scopes used to read invoices fall into the restricted scope category.

🔒 Why is it called "Restricted Scope"?

Because applications that use these scopes:

• Direct access to the user's emails

• It can receive very sensitive content such as invoices, personal data, financial information, private correspondence

• Seriously audited by Google

That's why Google:

• Safety testing

• Penetration test

• Application code review

• Privacy policy + content hosting requirements

• CASA certification from external security partner

processes such as the CASA (Enterprise Tier 2) certification.

That's why Clint had to go through CASA (Enterprise Tier 2) certification by Google.

We passed. 😊