问题
I am using a service account and domain wide delegation to access all email accounts under client's domain with read-only scope https://www.googleapis.com/auth/gmail.readonly In the message get request I use format option "metadata" with fields='payload/headers' which returns only email headers but not the content of the message.
Is there a way to restrict my app access to metadata only and not the content of the emails? This would ensure that my application can not read sensitive email content information and have access to metadata only.
Thanks!
回答1:
Set your scope to https://www.googleapis.com/auth/gmail.metadata.
See https://developers.google.com/gmail/api/auth/scopes
https://www.googleapis.com/auth/gmail.metadata
Read resources metadata including labels, history records, and email message headers, but not the message body or attachments
回答2:
The Gmail API now (as of November 2016) does support a gmail.metadata scope! C.f. https://developers.google.com/gmail/api/auth/scopes
It allows access to email headers, including subject, without email message data. Calls to message.get() with format=METADATA and format=MINIMAL will work with that scope, but not, for example, format=FULL or format=RAW.
回答3:
You can get only the specified headers via specifying 'format'=>'metadata' and 'metadataHeaders'=>array(headers you want to receive, excluding others). Check a sample get request in PHP below:
$service->users_messages->get($userId, $message->id,array('format'=>'metadata', 'metadataHeaders'=>array('From','To')));
The above code will only get From and To headers and wont show Subject header.
Hope this helps.
来源:https://stackoverflow.com/questions/30945053/gmail-api-read-metadata-only-scope