> Google doesn’t know or care about who’s using it at that point
is incorrect.
Google Drive uses OAuth. Users don't register API keys, apps do, and then users just log in with their Google account.
Google now requires apps to go through manual approval to actually use their OAuth keys, if those apps request certain endpoints. Doesn't matter if the app is local or cloud-hosted, if it makes certain REST requests, it needs special access, and Google controls which API keys get that special access.
> Google doesn’t know or care about who’s using it at that point
is incorrect.
Google Drive uses OAuth. Users don't register API keys, apps do, and then users just log in with their Google account.
Google now requires apps to go through manual approval to actually use their OAuth keys, if those apps request certain endpoints. Doesn't matter if the app is local or cloud-hosted, if it makes certain REST requests, it needs special access, and Google controls which API keys get that special access.
See https://developers.google.com/drive/api/guides/api-specific-...