How to Find Your Google API Client ID & Client Secret?

Google API Client ID and Client Secret are like a username and password pair for your app when it connects to Google services. If you’re a beginner (WordPress user, plugin developer, marketer, or app builder) who isn’t familiar with developer tools, don’t worry – this guide will walk you through the entire process in simple terms. By the end, you’ll have your own Client ID and Client Secret for any Google API (Gmail, Sheets, YouTube, Calendar, etc.) and understand how to keep them secure.

What Are Client ID and Client Secret (And Why Do They Matter)?

A Google API Client ID is a public identifier for your application. Think of it as a unique username that Google’s systems recognize as your app. It typically looks like a long string (for example, 12390-abc123ef56gi.apps.googleusercontent.com). This ID is meant to be shared with Google and included in API calls – it’s how Google knows “oh, this request is coming from your app.”

A Client Secret, on the other hand, is like your app’s password. It’s a confidential key that should only be known to your application and Google. The Client Secret proves that your app is really your app when it asks Google for access. Why it matters: If someone else gets your Client Secret, they could pretend to be your app, so you must keep it safe (we’ll cover best practices on this later).

In short, the Client ID and Client Secret work together as a “lock-and-key” for using Google APIs. Whenever your app needs to do something like read a Google Sheet or send an email via Gmail on a user’s behalf, it will use these credentials to authenticate itself. Without a valid Client ID and Secret, Google’s APIs won’t let your app in.

How to Generate Your Google API Client ID and Client Secret (Step by Step)

Getting your Client ID and Secret might sound technical, but we’ll break it down into simple steps. You’ll use the Google Cloud Console, which is a web interface where Google lets you manage API settings, to create these credentials. The process is the same for any Google API you want to use – the only difference is you’ll enable the specific API (like YouTube or Calendar) in the process.

Let’s get started:

Step 1: Go to Google Cloud Console and Select a Project

First, head over to the Google Cloud Console. This is the control center for Google APIs. You can access it by visiting the Google Cloud Console in your web browser. Make sure you’re logged in with the Google account you want to use. you might be prompted to log in or agree to terms if it’s your first time.

Every API credential lives inside a project. Think of a project like a folder that contains all the settings and credentials for your app or integration. If you already have a project (maybe from a previous Google API use), you can select it from the drop-down. If not, create a new one:

• Click “Select a project” on the top navigation bar.
• In the project selector popup, click “New Project”.
• Give your project a name for example, “My First Google API Project” or something descriptive for what you’re building. You can leave “Organization” as “No organization” if you’re not using a Google Workspace account – that’s normal for individual users.
• Click “Create”.

After a moment, your new project will be created, and you should see your project’s name at the top of the console where it used to say “Select a project”. Congrats, you’ve set up your Google workspace!

Step 2: Enable the Google API You Need

Now that you have a project, the next step is to enable the specific Google API that you plan to use. Google offers a lot of APIs for Gmail, Google Sheets, YouTube, Google Calendar, and many more, and they keep them turned off by default until you enable them for your project. Enabling an API is like turning on that service for your app.

Let see how to enable your chosen API:

1. In the left-hand navigation menu of the Cloud Console, click “APIs & Services” > “Library”. This will take you to the API Library, where you can find all Google APIs.
2. Use the search bar to find the API you need for example, search "Gmail API", "Google Sheets API", "YouTube Data API", etc.
3. Click on the API in the search results, and then click the “Enable” button for that API.

If you’re planning to use multiple Google services, you can enable multiple APIs now by repeating the above for each one. For instance, for a WordPress plugin that integrates both Google Calendar and Drive, enable both APIs in your project. Enabling an API might take a few seconds, and once it’s done, your project is allowed to make requests to that Google service.

Step 3: Set Up the OAuth Consent Screen

Before you can create the actual Client ID and Secret, Google requires you to set up an OAuth consent screen. This is a crucial step that often confuses beginners, but it’s basically about telling Google what users will see when your app asks them for permission. Whenever an app like yours wants to use a Google account’s data, Google will show a consent prompt to the user – the OAuth consent screen is where you configure what that prompt says like the app name, your email, and what scopes of data you’re requesting.

In the Cloud Console:

• Click “OAuth consent screen” in the left menu under “APIs & Services”.
• If you are newly setting up your google auth platform then you will be asked for configuration. For that you need to click on “Get Started”
• You’ll be asked to choose an User Type for your app:
• Most likely, you’ll pick External (since you’re not limiting to a Google Workspace domain). Select External and click Create.
• Now fill out the App Information: at minimum, you need to provide an App name (this is what users will see on the consent prompt, for example “My WP YouTube Widget” or “Calendar Sync Tool”, and a User support email (your email, where users can reach you for support). You can also add an app logo and other details if you want, but for a basic setup those are optional.
• In the Developer contact information section, add your email again. This is so Google can contact you about any issues with the app.
• Click “Save and Continue” to proceed.

Next, you’ll be asked to define Scopes – the specific data your app wants permission to access. For a beginner-friendly guide, you can skip adding extra scopes for now. Google will automatically include basic scopes like “userinfo.email” and others. If you know you need specific scopes like Gmail send, Sheets read, etc, you can add them here by clicking “Add or Remove Scopes” and selecting from the list. Otherwise, just click Save and Continue to use the default basic scopes.

After that, for testing purposes, you should add yourself and anyone else who will test the app as a Test User. This allows you to run your app while the consent screen is in “Testing” mode (unverified):

• Under Test users, click “+ Add Users” and enter your Google account email. You can add others if you plan on having colleagues test the integration.
• Click Save and Continue.

Finally, you’ll see a Summary of your OAuth consent screen configuration. Review it. make sure the app name and your email are correct and then click Back to Dashboard or Save if that’s an option). Your OAuth consent screen is now configured for testing.

Why is this important? Because without completing the consent screen setup, Google won’t let you create an OAuth Client ID. Also, if you skip adding test users or forget to set the app to production later, other users might see an “unverified app” warning or get blocked by the 100-user cap for testing. But for now, in testing mode, up to 100 different users that you add as test users can use the app without verification. If your app is just for yourself or a small team, you might not need to go through verification and publishing.

Step 4: Create Your OAuth Client ID Credentials

Now we get to the main event – generating the Client ID and Client Secret. This happens in the Credentials section of the Cloud Console.

Navigate to APIs & Services > Credentials in the left menu.

On the Credentials page, you might see some options like API keys or service accounts, but our focus is on creating an OAuth 2.0 Client ID:

• Click the “+ CREATE CREDENTIALS” button at the top of the page.
• In the dropdown, select “OAuth client ID”.

Now you’ll be prompted to configure the OAuth client:

Choose Application Type: Google needs to know what type of application this Client ID will be used for. The options include Web Application, Android, iOS, Desktop App, etc. If you’re a WordPress plugin developer or building a web-based integration, choose Web application. If you’re making a command-line tool or an app that runs on your computer, you might choose Desktop app. For most marketing tools or plugins, Web application is the right choice even if it’s just a local development, web is fine if a user will ultimately authenticate via a browser

Select the type that best fits your scenario:

• Web application – for web-based apps (including JavaScript running on a web page, server-side web apps, or anything where a user will use a browser to log in).
• Desktop app – for applications running on a PC or Mac (or command-line scripts).
• Other types (Android, iOS, etc.) – only if you’re building a mobile app for those platforms.

After selecting the application type, you’ll need to provide a name and other details:

Name: Give your OAuth client a name. This is just for you to remember what it’s for. For example, “WordPress YouTube Plugin OAuth” or “MyApp Desktop OAuth Client”. The name can be anything that helps you identify it later among your credentials.

Authorized JavaScript Origins (for Web): If you selected Web application, you'll see a field for Authorized JavaScript Origins. This is where you need to list the base URLs from which your app will operate. For example, if your WordPress site is hosted at https://example.com, add that URL here. This setting is used when your app interacts with Google’s APIs directly from the browser (like if you’re using Google’s JavaScript APIs).

Authorized Redirect URIs (for Web): The Redirect URI is an important part of the authentication process. This is the URL where Google will redirect users after they approve the OAuth consent screen. For instance, if you're sending form data to Google Sheets using an automation plugin like Bit Integrations, follow these steps:

1. Buy a paid plan for the plugin and install and activate it on your WordPress site.
2. Activate the license and create an integration within the plugin.
3. Search for Bit Forms and connect it as the action.
4. Select Google Sheets as the trigger.
5. After that, you’ll be able to see the Redirect URI within the plugin settings. This is the URL that you’ll need to input in the Google Cloud Console under Authorized Redirect URIs.

If you're unsure about the Redirect URI, many WordPress plugins or services will tell you what URL to use. Typically, it will be a page on your site or a custom endpoint. If you're building your own app, the Redirect URI will be a specific URL in your app where Google sends users after they authenticate.

For Desktop app type, you won’t need to set origins or redirect URIs. Instead, Google will automatically give you a loopback IP address (like https://127.0.0.1:...) as the default redirect URI.

Once you’ve filled in these fields with the appropriate URLs, click Create to generate your Client ID and Client Secret.

Step 5: Copy Your Client ID and Client Secret

After clicking Create, Google will generate your credentials. You’ll see a screen showing your new OAuth client ID and client secret right away. This is the “ta-da!” moment – those are the values you’ve been looking for.

Go ahead and copy them: you might want to paste them into a safe place temporarily (like a text file or a password manager).

?Important: Treat the Client Secret like a password. Don’t share it publicly or commit it to a public repository. It should be kept private.

At this point, it’s also a good idea to click OK on that popup, which will take you back to the Credentials page. You should now see your new OAuth 2.0 Client ID listed in the Credentials table.?

There will be a download icon (??) next to it – clicking that will let you download the credentials as a JSON file. The JSON contains the client ID, secret, and other info.

?If you’re a developer, you might use that in your code. If you’re not, you can still download it for safekeeping or skip it. The key thing is you have the Client ID and Secret strings themselves.

Now you have what you came for! You can take the Client ID and Client Secret and input them into your application or plugin that requires it. For example, if you were setting up a WordPress plugin that integrates Google Calendar, it might ask you for these values in its settings page. You would paste the Client ID and Secret there to connect the plugin to your Google API project.

Best Practices: Keep Your Credentials Secure

Before we wrap up, let’s talk about a few best practices for managing your Google API Client ID and Secret:

• Never expose your Client Secret publicly. It’s called a “secret” for a reason. Don’t publish it in documentation, commit it to GitHub unless in a private repo or using secure methods, or share it in forums. If you suspect your secret has been compromised, you can go to the Cloud Console, edit your OAuth client, and reset the secret to invalidate the old one.
• Use environment variables or secure storage. If you are writing code like in a plugin or app, don’t hardcode the Client Secret. Instead, store it in a configuration file or environment variable that isn’t exposed publicly. This way, even if your code is visible, the sensitive key is not.
• One project per app (generally). It’s usually a good idea to create separate Google Cloud projects for different applications or purposes. This keeps things organized and credentials isolated. For instance, if you have one app for YouTube and another for Calendar, using separate projects can help manage access and quotas separately. However, for simplicity, you can also enable multiple APIs in one project and use one set of credentials – both approaches work, so choose what’s simpler for you.
• Restrict API keys vs. OAuth: Sometimes Google APIs offer API keys (for public data) and OAuth 2.0 client IDs for user data. Don’t confuse the two. API keys are simpler but only for certain data. For accessing user-specific data like a user’s Gmail or their private YouTube playlists, you need the OAuth method (Client ID/Secret). Always follow the method required by the API’s documentation.
• Monitor usage and API console. After your app is up and running, keep an eye on the API usage in the Cloud Console. This can show you if everything is functioning correctly or if you’re hitting any limits.

Sum Up

Finding your Google API Client ID and Client Secret is a straightforward process when broken down into steps: you create a project in Google Cloud Console, enable the API you need, configure an OAuth consent screen, and then create an OAuth 2.0 Client ID credential to get the ID/Secret pair. These credentials allow your app or plugin to securely call Google APIs on behalf of users. Remember that the Client ID is a public identifier (okay to share in code or URLs), while the Client Secret must be guarded like a password. This guide applies to any Google API – whether you’re connecting to Google Drive, Gmail, YouTube, or others, the steps in the Cloud Console are essentially the same. By following this guide, even non-developers can navigate Google’s developer tools with confidence and get the credentials they need for powerful integrations.

FAQ

Q: Do I need to pay to use Google APIs or get a Client ID and Secret?

A: No, creating a project and obtaining OAuth 2.0 credentials (Client ID/Secret) on Google Cloud is free.

Q: Can I use one Client ID/Secret for multiple Google APIs (like both Calendar and Sheets)? A: Yes. You can enable multiple APIs in the same Google Cloud project and use a single OAuth Client ID for all those APIs. For example, enable both the Calendar API and Sheets API in your project, then the Client ID you created can be used to access both, as long as you request the appropriate scopes on the OAuth consent screen. Alternatively, you can create separate projects and credentials for each API if you prefer isolation.

Q: My app is only for me (or a small group). Do I need to get it verified by Google?

A: If your app is just for personal use or testing (up to 100 users), you don’t need to go through Google’s verification process. By adding test users and keeping the app in “testing” status (External but not published), you can operate within the 100-user cap without verification.

Q: Where can I find my Client ID and Secret later if I forget them?

A: In the Google Cloud Console, navigate to APIs & Services > Credentials for your project. You’ll see a list of credentials. Your OAuth 2.0 Client IDs are listed there. You can click on the name of your OAuth client to view the Client ID and you’ll have an option to reveal the Client Secret. You can also download the JSON file for the credentials from that page if needed.

Q: What’s the difference between an API key and an OAuth 2.0 Client ID?

A: An API key is a simple key (string) that identifies your project for certain API requests. API keys are often used for accessing public data or for simple services (like Google Maps embedding).

An OAuth 2.0 Client ID is used for requests that require user authorization. If your app needs to access a user’s private data (for example, their Google Calendar events or YouTube account info), you must use OAuth 2.0 with a Client ID/Secret and go through the user consent flow. API keys don’t require user consent but are limited to public data and have different security considerations (you typically restrict API keys by domain or IP).

Q: How do I secure my Client Secret in a WordPress site or other app?

A: In a WordPress site, if a plugin asks for the Client Secret, it will usually store it in the database (often encrypted) or in a configuration file. Make sure your site is secure (using SSL, up-to-date plugins, etc.). If you’re coding an app, avoid hardcoding the secret; read it from a secure configuration. Rotate (change) the secret if you suspect it’s compromised – you can do this by going to the Cloud Console, editing your OAuth client, and generating a new secret.