5 STEPS to Deploy Google Sheets External Editors add-on

Max Makhrov

5 min readSep 5, 2023

We deploy an add-on that lives in Spreadsheet — editor add-on. More here:

https://developers.google.com/apps-script/add-ons/how-tos/building-editor-addons

This guide is not documentation, but a condensed reminder of what you must do.

#1/5. Google Cloud Project

Google Cloud Console is home:
https://console.cloud.google.com

Google Cloud Console splits all your work into projects. Addon lives in 1 project.

🔪You cannot change the project’s ID since you’ve created it. Be careful from the very beginning.

Add users if needed

If you are developing an add-on from different Google accounts, add users in the Console.

In the Navigation Menu go to IAM and Admin > IAM (IAM stands for Identity and Access Management).

Grant access to a few users by Gmail.

Configure OAuth Consent details

Use this link to get there: https://console.cloud.google.com/apis/credentials/consent

OAuth, which stands for “Open Authorization”, is a common thing for approving public apps.

It asks you to select User Type:

Internal or External

We will not discuss this option here. Select External.

Next page, app Information. Fill in the required fields only. Save and continue.

Add test users! In the section with test users add all emails that must have access to the developer version of the add-on. This will let your team continue testing the add-on.

Get the project number

Select your project from the top of the screen, and copy the project number.

#2/5. Add-on Sheet & Google Apps Script

Go to your Apps Script with an add-on.

Associate Add-On with your Google Cloud Project

Go to your app’s script editor with the add-on code. Go to the ⚙️Project Settings. Change the Google Cloud Platform (GCP) Project number there.

Deploy as an Add-On

Deploy your add-on in Google Apps Script.

Note your scopes

On the ℹ️Overview page. Find the “Project OAuth Scopes” section. You need to add them by links.

Be careful and do not add scopes you do not want to use in production as you need to explain their usage to Google. Limit them in the manifest file:

appscript.json

{
  "timeZone": "America/New_York",
  "oauthScopes": [
    "https://www.googleapis.com/auth/spreadsheets",
    "https://www.googleapis.com/auth/script.container.ui",
    "https://www.googleapis.com/auth/script.external_request",
    "https://www.googleapis.com/auth/script.send_mail",
    "https://www.googleapis.com/auth/userinfo.email"
  ]
}

Create a video and paste it on YouTube

You must show the auth screen where the user selects an email and agrees to give the permissions.

💣Be very attentive here. The screen URL contains your project ID. You should find and show it in the video. This parameter is called “client_id”:

During the video show how your add-on uses each of the required permissions. Show your add-on functions.

Load the video on YouTube.

#3/5. Your Website

The add-on should have a page on a website that belongs to you.

Add-On page

Create a page describing your add-on. It should have links to Privacy and Terms (described later).

☢️Add trademark char after each mention of Google products:
Sheets™. This rule works for all screens and forms you fill.

Privacy policy

Create a page on your site with a privacy policy, like mine:
https://www.cooltables.online/addons/range2image/privacy_policy
The privacy policy should be clear about what your add-on does.

🧨You cannot create a perfect privacy policy from scratch. Google’s safety team will write you again and again with requests to improve policy. Get ready for the long process…

Terms of Service

Create a page on your site with terms of service, like mine:
https://www.cooltables.online/me/terms
You take no responsibility for possible harm your add-on may do.

#4/5. Google Cloud Project again

Start the verification process of the OAuth Scopes

Use this link to get there: https://console.cloud.google.com/apis/credentials/consent

There should be a button to stop testing the app and prepare for verification.

In the “add domain” section add the Application home page. Add the domain in the section below.

Save and continue…

Find scopes needed in your Apps Script Editor. Add them all, one by one.

Paste your YouTube video link. Fill in other fields as well.

Verify OAuth by Google

You’ll have to verify the add-on twice: OAuth, and as an Add-on itself. Two separate Google teams are in charge of these 2 verifications. Start from OAuth verification.

Market SDK Registration

Go to APIs & services:

In the search bar at the top enter:

Marketplace SDK

Find and enable this service. Visit subpage: App configuration.

In the “App Configuration,” the hardest field is “Sheets Add-on Project Script ID”. This is the ID of your add-on script, the URL part. The “Add-on script version” is just a number (1,2,3) of your add-on deployment.

Next, see the “Store listing”. Fill the required fields there (almost all).

👆🏼You may try to publish the add-on now, but no way it will work until you get the OAuth verification first. Still, my advice is to prepare and load the logo, banner, and screenshots. You can then show these materials to the Safety team to help them understand you are a serious fellow.

#5/5. You and your patience

No one knows what troubles and quirks are waiting for you on this path. No one knows how long it will take. Be patient and kind. And you’ll do it!

bureaucratic maze — Photo by Susan Q Yin on Unsplash