Verified by Google

Josh Josh SendTidings 2 min
Editorial illustration: a hand-pressed circular postmark stamp on cream paper. Dashed forest-green outer ring with 'VERIFIED BY GOOGLE' curved along the top half, 'OAUTH 2.0' in stamp-red at the centre, and a small forest-green tick below it. Slight tilt, ink uneven and authentic.

Small milestone, but the right kind.

SendTidings is now a verified app on Google Cloud Console. Translation: when you or your clients sign in with Google — or connect Google Analytics or Google Search Console for the monthly report — you’ll see the standard Google consent screen. No orange “this app isn’t verified” warning. No “advanced → continue anyway” workaround. Just a clean handshake.

What changed

Before today, every new Google connection hit two pieces of friction:

  1. The warning screen. First-time users got Google’s “this app isn’t verified” interstitial, which says, in roughly so many words: “scary unknown app, are you sure?” The honest answer is yes — we read your analytics, we don’t write anything back, we don’t sell anything — but the warning’s the warning, and watching a client click through it before their first report wasn’t a great look.

  2. The 7-day refresh-token wall. Google’s OAuth consent screens default to Testing mode, which expires refresh tokens after 7 days. Every new connection would just stop working the following week. We shipped dashboard alerts and an email digest for this, but the right fix was always to get verified and have Google stop doing it.

Both are gone for new connections, as of yesterday. Existing connections keep working unchanged — verification flips a switch on Google’s side, it doesn’t migrate the tokens.

Why it took a while

Google’s verification process is the kind of thing nobody writes blog posts about, because it’s almost entirely paperwork. You submit a consent-screen application, list the scopes you use, link your privacy policy, your homepage, your sender domain, and wait. Then you respond to clarifying emails. Then you wait some more.

For the scopes SendTidings uses — read-only Analytics and Search Console data — verification took a few back-and-forths and a couple of weeks of waiting. Nothing dramatic. Just patient.

The thing nobody tells you is that the time spent waiting is its own product-design pressure. Every week unverified is a week where new agency signups are clicking through a warning screen. You start thinking about how to phrase that in onboarding (“don’t worry, it’s safe, we’re just unverified”). You start writing a docs article about why it’s normal. You start eyeing your dashboard alerts to make sure the 7-day notice actually fires before things break.

All of that goes in the bin now. Quietly.

What’s next

The reports look the same. The setup steps are the same. The friction in front of the first Google connection just got quieter.

Connect once, send forever — as intended.

Read next
All posts →

More from the blog.