Hi,

We have developed a complete SaaS platform (Coviflex ) that makes it possible for employees to set their working agenda (WFH, out of office, office and in which desk, ...) with many other various features.

We would like to be able to synchronize their Coviflex Schedule to their usual Google Agenda.

In the one hand, by using the new Working Location feature (preview for now) to set the working location given by Coviflex.

On the other hand (and while WorkinLocationg are in preview), we want to create Events in their own Calendar that can details in which office, which desk they are working from. So anyone in the company can see it.

My concern is about the privacy. It seems that we cannot precise that one Google API key / or app can access only to workingLocation events or only to one specific extendedProperties of the events. 

By enabling the Google Calendar API key, it's then a full CRUD that is allowed by the user on all one's event.

Is that correct?

Is there a way we can add a policy so the access given by the user to one's calendar can only be used to get WorkingLocation events or one specific extendedProperties but none of others (and personal maybe) events ?

Thank you