Account Authentication for Installed Applications

This page is aimed at programmers who are developing client applications that access Google services and who want to implement a programmatic way to log into Google accounts.

It assumes you've read up on the service(s) being accessed and are aware of any access/authentication issues involved. You will need to know some service-specific details when incorporating ClientLogin. In addition, you will need to know how to make HTTPS POST requests and handle responses

Use this interface in your installed application to programmatically log into Google accounts. After collecting login information from a user, call ClientLogin to request access to the user's account.

Once the login information has been successfully authenticated, Google will return a token, which your application will reference each time it requests access to the user's account, such as to get or post data. The token remains valid for a set length of time, defined by whichever Google service you're working with.

ClientLogin uses standard security measures to protect user account information. To block bots and other entities from breaking user passwords, Google Accounts may add a visual CAPTCHA  to the authentication process when the server suspects an illegal intrusion, such as after too many incorrect login attempts. A CAPTCHA ensures that a real person is attempting login, and not a computer trying random strings (a "dictionary" attack).

ClientLogin can be used to authenticate both Google and hosted accounts. A hosted account is a user account that is part of the Google for Your Domain service.

ClientLogin does not support service sign ups or other account maintenance tasks. Users must have an existing account before using this feature.

If a user tries to log in without an account, this interface will return a "login failed" response. In addition, if other account maintenance steps--such as email verification or acceptance of terms--are not completed, the login attempt will fail.