Skip to content

faq

Jump to bottom
Paweł Psztyć edited this page Mar 22, 2016 · 1 revision

Advanced REST Client FAQ

Signing in and permissions

Why do I need to be signed into the Chrome to use Google Drive?

The app is using chrome.identity API that will securely give the app an access token to be used to authenticate the request. The app need to declare some identity data to the browser (like client ID and scopes) so the browser may exchange it to the token if the user already authorized the app. However, if you are not signed into the Chrome the browser can't be sure if you have used the app before or not.

To simplify the flow - both for the user and the programmer - the API require the user to be signed in to Chrome in order to use it.

App permissions to access Google Services

The app is using following scopes:

  • https://www.googleapis.com/auth/drive.file
    • To be able to write and read files stored in Google Drive. The app will have access only to the files created or once opened by the app. It can't read any other file data.
  • https://www.googleapis.com/auth/drive.install
    • After granting this permissions the app will add itself to the list of apps connected to your Google Drive. Then the app will be listed in "Open with" list when you double click file that don't have default app. It is necessary to have this permission to open shared with you files - they can be opened only from Drive UI.
  • https://www.googleapis.com/auth/drive.metadata.readonly
    • The app have it's own files selector (Google's file picker won't work in Chrome Apps environment). To make queries possible (searching for a file name for example) this permission must be granted. If not, only files created by the app would be visible.
  • profile
    • This permission is used with server data sharing. To identify you as the user the app will use your ID (which is generated for this particular app) and will be used to identify your data stored on the backend. Naturally if you don't export data to the server you'll never see this permission request.

The list of permissions may change in the future. Especially permission to read your email address. This will be a case when you store some data in app's backend. Periodically we will send you an email with remainder that your data are there so you can remove it if they are not needed anymore.

Chrome permissions

The app is using following Chrome platform permissions.

  • The app can access data on all websites and exchange data in local network
    • I guess it's the whole point of the app ;) But it means that the app can perform ajax requests to any URL. So you can test your endpoint
  • Storage
    • Naturally the app need to store some information like current configuration or requests history etc. This will give right to use chrome.storage APIs to keep data that are required to normal work.
  • Identity
    • To enable chrome.identity API described above
  • SyncFileSystem
    • This API will be used very soon to synchronize history data between app's instances in background using Chrome and Drive infrastructure.

Google Analytics

Google Analytics service is used in the app. Data sent to the server are anonymous and can't be connected to any company or a person.

Data gathered by the app are only usage statistics so app authors can decide which part of the app should be developed and which not. All data are analysed after aggregation in summary reports. Also no data about the request or response made in the app are not sent to server.

We highly recommend to leave data collection turned on since it is the only source of information about real app usage.

Clone this wiki locally