In early 2024, Google started tightening their grip on external integrations and apps by applying restrictions and requiring partners to answer increasingly complex security assessments to continue using the integration. This has affected Transloadit, which provides the Uppy plugins for Google Drive and Google Photos through our hosted Companion, and thus also affects our customers. We have been trying to keep up with Google’s verification requirements (which have to be renewed every year), but as a small company, we eventually realized that we cannot afford to keep this up in the long term. For this reason, Google blocked our app, and this is why our customers (and their end users) using Transloadit’s Google OAuth2 app ID were suddenly presented with errors like Google hasn't verified this app or This app is blocked from Google. We cannot guarantee that our integration with external providers will work indefinitely, and now this has proven itself. This is also why we have recommended customers use their own credentials, as Transloadit’s app credentials were mostly meant to be used for POC purposes and as a way to easily get started with Uppy without much initial friction.

Navigating Google's API changes

Google photos changes

Additionally, in September 2024, Google announced that they will change the Google Photos API to only allow apps to access the files that were uploaded by the same app. This change is launched from March 2025. Because Uppy doesn’t allow people to upload files to their Google Photos account, this effectively means that our newly developed Google Photos plugin (@uppy/google-photos) is not usable anymore, and we will be deleting it soon.

Solutions

Option 1: use your own Google Drive OAuth2 credentials

If you’re using the existing Google Drive plugin, one option is to continue using the plugin (@uppy/google-drive). However, this means that you have to go through the Google verification process yourself. You can then use Uppy with Transloadit’s Companion server using your own OAuth2 credentials. Note that this verification process could take up to 8 weeks and has to be re-done every year, according to Google. See our guide on using custom credentials for how to set up your own credentials for use with Transloadit’s hosted Companion server.

Option 2: migrate to the Google Picker plugins

As many companies can’t handle the extensive requirements of getting the token with these restrictive scopes, we immediately started working on two new plugins: @uppy/google-drive-picker and @uppy/google-photos-picker.

We released these plugins in December 2024, which instead use the Google Picker UI to significantly reduce the verification process. Google Drive requires no verification, and Google Photos requires a very light verification when using the Picker API.

The downside is less control, inability to select folders, downloading an additional bundle, and a less consistent user experience. However, for many companies, this trade-off is worth avoiding the extensive verification process.

You may also use Transloadit’s Companion server for these new Google Picker plugins if you don’t want to run your own Companion server. See the new plugins @uppy/google-drive-picker and @uppy/google-photos-picker for how to get started.

For issues and the current state of the Picker plugins, see the Picker plugins status tracking issue.

Honorable mention: Instagram

During the same time period, Facebook also decided to deprecate the Instagram API, which Uppy and Companion use to allow users to select photos from their Instagram account. Starting December 4, 2024, no API will be available for retrieving users' photos on Instagram, except business accounts which is a separate API. This would require a completely new integration to be implemented in Uppy, which we have not prioritized.

See also

There are also similar stories by other companies: