Extensions add to and enhance the capabilities of your backend in a few clicks.

Google OAuth

This extension provides functionality to enable authentication against a Google account. This extension supports three modes of authentication that can be leveraged for different requirements on your frontend application. Additional schema is merged into your user table to store necessary information in the google_oauth object.

Continue with Google

This mode is the most flexible because it allows both sign up and login in the same API request. If you want an extremely low friction entry point and don't have special sign up requirements, this is the best way to create a seamless experience for your customer.

Login with Google

This mode allow allows you to login to your application with your Google account. If you did not sign up previously through your Google account, then this API will fail. This API request is normally used in conjunction with the Sign up request.

Sign up with Google

This mode allow allows you to sign up to your application with your Google account. This request will only work once for your user as it throws an error if you have a customer that has already signed up previously with this same request. If you have special requirements like perhaps an invite code, then this request tends to be more flexible than the "continue with google" version.

Google OAuth - Installation


This extension requires a client id and a client secret from Google.

  1. If you don't have a Google project already, then go to the Google Developer Console, login with your Google account, and create a project.

  2. Now that you have your project created, you need to configure your OAuth consent screen. If you have already done this before, then you can skip to step 5.

  3. Click configure, and choose a User Type of External.

  4. Next you need to enter in some basic information: choose your application name, authorized domain, homepage link, and privacy link. If you don't have all of this information ready, then you can just enter a placeholder and come back to it later. Make sure to not adjust any of the "Scopes" or there may be a significant delay before being able to use your Oauth integration.

  5. Once your OAuth consent screen is ready, you need to go to the Credentials page.

  6. Click Create credentials -> OAuth client ID

  7. Select your application type depending on if this is a website, mobile app, etc.

  8. Name your OAuth client and click Create.

  9. Copy the client id and the client secret and make sure to enter it in the environment variable settings for this extension.

NOTE: Additional settings can be configured for restricting access. Once you have authentication working with Xano, it is recommended to revisit this to use these options with settings that make sense for your application.

Google OAuth - Database Table Integration

Google OAuth - API Group

Google OAuth - API Endpoint Anatomy

Google OAuth - Extension Installation Instructions

Google reCAPTCHA

This extension implements support for reCAPTCHA, which is a free service from Google that protects your site from spam and abuse.

This extension implements the server side version of the reCAPTCHA api. This allows you to use whatever reCAPTCHA implementation on your frontend or mobile app to prevent spam and then transmit that response to Xano to validate that the requested action can proceed or not based on the result score from Google.

This service has multiple implementations, so make sure to choose the right one that makes the most sense for your product:

reCAPTCHA v2 Checkbox

This is the original "I'm not a robot" checkbox that got this service popular. If Google suspects something suspicious, they will prompt you to solve a small challenge with images.

reCAPTCHA v2 Invisible

This is the next step in the checkbox mode. This allows you to skip the checkbox and only prompt the user with a small challenge if something suspicious is suspected.


This is the latest iteration of this service and provides actual scores. The benefit to this approach is that custom responses can be made on a per action basis. Some actions in your product are probably more sensitive than others so this allows you to have a more granular control around the complete experience.

Google reCAPTCHA extension



This extension requires a secret key and a site key from your Google reCAPTCHA account. The secret key is used within your Xano account and the site key will be used in your frontend.

  1. Head over to the reCAPTCHA homepage and click on Admin Console at the top of the page.

  2. If you land on a dashboard, then click the + button to register a new site. Otherwise, you may already be on that page.

  3. Enter a label for your site, choose the reCAPTCHA type, and finish configuring the remainder of the settings on the page.

  4. Copy the "site key" for your website or mobile app. Copy the "secret key" and make sure to enter it in the environment variable settings for this extension.

Sendgrid Email


This extension provides functionality to send plain text and dynamic template emails with Sendgrid.

Sendgrid is one of the premiere email service providers that provides a ton of features that make it easy to maintain the emails that you send.

This extension includes two functions to send either a basic plain text or a dynamic template email. Plain text emails are useful for debugging and simple notifications. Dynamic template emails allow more robust rich text solutions where data can be dynamically injected into the contents of the email.

Sendgrid Email Extension



This extension requires an api key from Sendgrid.

  1. If you don't already have a Sendgrid account, then signup here and create an account.

  2. Once logged in, go to Settings -> API Keys and then click Create API Key.

  3. Name your API Key, and choose either Full Access or Restricted Access with Mail Send enabled with Full Access, and then click Create & View.

  4. Copy the API Key and make sure to enter it in the environment variable settings for this extension.