Skip to main content

Authorization

Follow this guide to create a new Blogger credential that will allow Nexla to authenticate to and exchange data with your Blogger account.
blogger_api_auth.png

Blogger

Prerequisites

The Blogger API v3 uses Google's OAuth 2.0 implementation for authentication. To create a Blogger credential in Nexla, you must first register an OAuth 2.0 client application in the Google Cloud Console, enable the Blogger API on the same project, and configure the OAuth consent screen. The steps below walk through the full process.

Create or Select a Google Cloud Project

  1. Sign in to the Google Cloud Console with the Google account that will own the OAuth application.

  2. In the project selector at the top of the console, click Select a project, then click New Project.

  3. Enter a descriptive name in the Project name field (for example, Nexla Blogger Integration), select an organization and billing account if applicable, and click Create.

  4. Once the project is created, ensure it is selected in the project selector before continuing.

Enable the Blogger API

The Blogger API must be enabled on the project before OAuth credentials issued by the project can be used to call it.

  1. In the Google Cloud Console, open the navigation menu and select APIs & Services > Library.

  2. Search for Blogger API v3 in the API Library, and click the matching result.

  3. Click Enable to activate the Blogger API for the project.

The OAuth consent screen is what Blogger users see when authorizing your application. It must be configured before client IDs can be created.

  1. In the Google Cloud Console, open APIs & Services > OAuth consent screen.

  2. Select the User Type that matches your use case:

    • Internal: Only available for Google Workspace organizations. Restricts access to users within the same organization and skips Google's app verification process.

    • External: Required for any application that will be authorized by users outside your Workspace organization (or for personal Google accounts). Applications using sensitive scopes may need to complete Google's verification process before being published.

  3. Click Create, and complete the App information fields. At minimum, enter an App name, a User support email, and a Developer contact email. Save and continue.

  4. On the Scopes step, click Add or Remove Scopes, and add one of the following Blogger scopes:

    • https://www.googleapis.com/auth/blogger — Full read and write access to manage the user's Blogger account. Required for any destination flow (create, update, delete, publish, moderate comments).

    • https://www.googleapis.com/auth/blogger.readonly — Read-only access to the user's Blogger account. Sufficient for source-only flows that ingest blog, post, page, comment, or page-view data.

  5. On the Test users step, add the Google accounts that will be used to authorize the application during development. While the app is in Testing mode, only listed test users can complete the consent flow.

  6. Review the summary, and save the consent screen configuration.

Create OAuth 2.0 Client Credentials

  1. In the Google Cloud Console, open APIs & Services > Credentials.

  2. Click Create Credentials, and select OAuth client ID.

  3. From the Application type pulldown menu, select Web application. This is the correct type for the server-side authorization-code flow that Nexla uses.

  4. Enter a descriptive name in the Name field (for example, Nexla Blogger OAuth Client).

  5. Under Authorized redirect URIs, click Add URI, and paste the Nexla OAuth callback URL shown in the Nexla credential overlay when you select the OAuth 2.0 authentication method. The redirect URI registered with Google must match the one used during the authorization flow exactly, including protocol and trailing slash.

  6. Click Create. Google displays the Client ID and Client secret for the new credential.

  7. Copy and store both the Client ID and Client secret securely. The Client secret can be retrieved again later from the Credentials page, but it should be treated as a password.

Important

The Client secret grants the ability to obtain access tokens on behalf of consenting users. Store it in a secure secret manager, never commit it to source control, and rotate it immediately if you suspect it has been exposed.

For complete information about Google OAuth 2.0 client setup, see the Google OAuth 2.0 documentation. For Blogger-specific authentication details, including the available scopes, see the Blogger API: Using the API guide.

Create a Blogger Credential

  • To create a new Blogger credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

OAuth 2.0 Authentication

Blogger credentials use Google's three-legged OAuth 2.0 flow. The Blogger user being connected signs in to Google directly and approves access for your registered OAuth application — your Client Secret is never shared with the end user.

  1. Enter the Client ID issued for your registered Google OAuth application in the Client ID field. This value is found on the APIs & Services > Credentials page in the Google Cloud Console.

  2. Enter the Client Secret issued for the same OAuth application in the Client Secret field. This value is treated as a secret and is shown alongside the Client ID on the Credentials page.

  3. Confirm that the Authorization URL field is set to https://accounts.google.com/o/oauth2/v2/auth. This is Google's standard OAuth 2.0 authorization endpoint and is shared by all Google APIs.

  4. Confirm that the Token URL field is set to https://oauth2.googleapis.com/token. This is Google's standard OAuth 2.0 token endpoint where Nexla exchanges the authorization code for an access token and refresh token.

  5. Confirm that the Access Scope field contains the appropriate Blogger scope for your use case:

    • Enter https://www.googleapis.com/auth/blogger for read and write access. Use this scope for any destination flow that creates, updates, deletes, publishes, or moderates Blogger content.

    • Enter https://www.googleapis.com/auth/blogger.readonly for read-only access. Use this scope for source-only flows that only ingest Blogger data.

    The scopes requested here must be a subset of the scopes configured on the OAuth consent screen in the Google Cloud Console. If a scope is missing from the consent screen, Google will reject the authorization request.

  6. Click Authorize to launch the Google consent screen. Sign in to the Google account that owns (or has access to) the Blogger blogs that will be connected, and approve the requested access.

  7. After the consent screen is approved, Google redirects back to Nexla with an authorization code. Nexla automatically exchanges this code for an access token and refresh token using the Token URL, and stores the resulting tokens on the credential. Nexla will use the refresh token to silently obtain new access tokens as needed, so the user does not need to re-authorize unless access is revoked.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.