Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

How to generate Google API keys

chrome-webstore-upload uses the Chrome Web Store API.

Here's how to get its 3 access keys: clientId, clientSecret, refreshToken

Note: the names you enter here don't really matter. This will take approximately 10 minutes and Google likes to change these screens often. Sorry.

  1. Visit

  2. Create a project:

    Google APIs: Create project
  3. Enter chrome-webstore-upload and Create

  4. Click on Configure consent screen

  5. Select on External and Create

  6. Only enter the Application name (e.g. chrome-webstore-upload) and required email fields, and click Save

    Consent screen configuration
  7. On the 3rd screen, add your own email address:

    Test users selection
  8. Visit

  9. Click Enable

  10. Visit

  11. Click Create credentials > OAuth client ID:

    Create credentials
  12. Select Desktop app (or Other), enter chrome-webstore-upload and click Create

    Configure client type
  13. Save your clientId and clientSecret, these are 2 of the required 3 keys

  14. Visit

  15. Click PUBLISH APP and confirm

    Publish app
  16. Place your clientId in this URL and open it:

  17. Follow its steps and warnings (this is your own personal app)

  18. Wait on this page:

    Last page of OAuth
  19. Run this in your browser console on that last page. It's a wizard to create your refresh_token:

(async () => {
  const response = await fetch('', {
    method: "POST",
    body: new URLSearchParams([
      ['client_id', prompt('Enter your clientId')],
      ['client_secret', prompt('Enter your clientSecret')],
      ['code', new URLSearchParams('approvalCode')],
      ['grant_type', 'authorization_code'],
      ['redirect_uri', 'urn:ietf:wg:oauth:2.0:oob']
    headers: {
      'Content-Type': 'application/x-www-form-urlencoded'
  const json = await response.json();
  if (!json.error) {
    if (typeof copy === 'function') {
      alert('The refresh_token has been copied into your clipboard. You’re done!');
    } else {
      console.log('Copy your token:', json.refresh_token);
      alert('Copy your refresh_token from the console output. You’re done!');
  1. Done. Now you should have clientId, clientSecret and refreshToken. You can use these for all your extensions, but don't share them!