يوضّح لك هذا البرنامج التعليمي كيفية توفير عميل باستخدام واجهة برمجة التطبيقات Reseller API.
يتطلّب توفير خدمة لعميل بشكل صحيح تنفيذ عدة خطوات مترابطة تمتد على مستوى واجهات برمجة تطبيقات متعددة في منصة Google Workspace.
يعرض المخطّط البياني السابق واجهات برمجة التطبيقات المستخدَمة في كل خطوة لتوفير حساب عميل:
- استخدِم Site Verification API لوضع رمز إثبات ملكية النطاق.
- استخدِم واجهة برمجة التطبيقات Reseller API لإنشاء عميل.
- استخدِم Directory API لإنشاء المستخدم الأوّل وجعله مشرفًا.
- استخدِم واجهة برمجة التطبيقات Reseller API لإنشاء اشتراك.
- استخدِم Site Verification API لإثبات ملكية النطاق.
المتطلبات الأساسية
- نسخة من نطاق مورِّد Google
- اتفاقية شريك Google Workspace مُنفَّذة بالكامل
- حساب Google
- وافِق على بنود الخدمة في "وحدة التحكّم في مبيعات الشركاء".
- تنزيل مكتبة عملاء للغات مختلفة
إعداد البيئة
لإكمال هذا الدليل التعليمي، عليك إعداد بيئتك.
تفعيل واجهة برمجة التطبيقات
قبل استخدام واجهات برمجة تطبيقات Google، عليك تفعيلها في مشروع على Google Cloud. يمكنك تفعيل واجهة برمجة تطبيقات واحدة أو أكثر في مشروع واحد على Google Cloud.في وحدة تحكّم Google Cloud، فعِّل Reseller API وSite Verification API وAdmin SDK API .
إنشاء حساب خدمة
حساب الخدمة هو نوع خاص من الحسابات يستخدمه التطبيق بدلاً من شخص. يمكنك استخدام حساب خدمة للوصول إلى البيانات أو تنفيذ إجراءات من خلال حساب الروبوت، أو للوصول إلى البيانات نيابةً عن مستخدمي Google Workspace أو Cloud Identity. لمزيد من المعلومات، يُرجى الاطّلاع على مقالة التعرّف على حسابات الخدمة.Google Cloud Console
- في Google Cloud Console، انتقِل إلى رمز القائمة > إدارة الهوية وإمكانية الوصول والمشرف > حسابات الخدمة.
- انقر على إنشاء حساب خدمة.
- املأ تفاصيل حساب الخدمة، ثم انقر على إنشاء ومتابعة.
- اختياري: يمكنك إسناد أدوار إلى حساب الخدمة لمنح إذن الوصول إلى موارد مشروعك على Google Cloud. لمزيد من التفاصيل، يُرجى الاطّلاع على منح إذن الوصول إلى الموارد وتغييره وإبطاله.
- انقر على متابعة.
- اختياري: أدخِل المستخدمين أو المجموعات التي يمكنها إدارة الإجراءات وتنفيذها باستخدام حساب الخدمة هذا. لمزيد من التفاصيل، يُرجى الاطّلاع على مقالة إدارة انتحال هوية حساب الخدمة.
- انقر على تم. دوِّن عنوان البريد الإلكتروني لحساب الخدمة.
gcloud CLI
- أنشئ حساب الخدمة باتّباع الخطوات التالية:
gcloud iam service-accounts createSERVICE_ACCOUNT_NAME\ --display-name="SERVICE_ACCOUNT_NAME" - اختياري: يمكنك إسناد أدوار إلى حساب الخدمة لمنح إذن الوصول إلى موارد مشروعك على Google Cloud. لمزيد من التفاصيل، يُرجى الاطّلاع على منح إذن الوصول إلى الموارد وتغييره وإبطاله.
إنشاء بيانات اعتماد لحساب خدمة
يجب الحصول على بيانات الاعتماد في شكل مفتاحَين عام/خاص. ويستخدم الرمز البرمجي هذه المعلومات لمنح الإذن بتنفيذ إجراءات حساب الخدمة في تطبيقك.- في Google Cloud Console، انتقِل إلى رمز القائمة > إدارة الهوية وإمكانية الوصول والمشرف > حسابات الخدمة.
- اختَر حساب الخدمة.
- انقر على المفاتيح > إضافة مفتاح > إنشاء مفتاح جديد.
- اختَر JSON، ثمّ انقر على إنشاء.
يتم إنشاء زوج مفتاح عام/خاص جديد وتنزيله على جهازك كملف جديد. احفظ ملف JSON الذي تم تنزيله باسم
credentials.jsonفي دليل العمل. هذا الملف هو النسخة الوحيدة من هذا المفتاح. للحصول على معلومات عن كيفية تخزين مفتاحك بأمان، راجِع إدارة مفاتيح حساب الخدمة. - انقر على إغلاق (Close).
إعداد تفويض على مستوى النطاق لحساب خدمة
لاستدعاء واجهات برمجة التطبيقات نيابةً عن المستخدمين في مؤسسة Google Workspace، يجب منح حساب الخدمة تفويضًا على مستوى النطاق من خلال حساب مشرف متميّز في وحدة تحكّم مشرف Google Workspace. لمزيد من المعلومات، يُرجى الاطّلاع على تفويض الإذن على مستوى النطاق لحساب خدمة.- في Google Cloud Console، انتقِل إلى رمز القائمة > إدارة الهوية وإمكانية الوصول والمشرف > حسابات الخدمة.
- اختَر حساب الخدمة.
- انقر على إظهار الإعدادات المتقدمة.
- ضمن "التفويض على مستوى النطاق"، ابحث عن "معرِّف العميل" لحساب الخدمة. انقر على رمز النسخ لنسخ قيمة معرّف العميل إلى الحافظة.
إذا كان لديك إذن وصول مشرف متميز إلى حساب Google Workspace ذي الصلة، انقر على عرض وحدة تحكّم المشرف في Google Workspace، ثم سجِّل الدخول باستخدام حساب مستخدِم مشرف متميز واستمِر في اتّباع هذه الخطوات.
إذا لم يكن لديك إذن وصول المشرف المتميّز إلى حساب Google Workspace ذي الصلة، تواصَل مع مشرف متميز لهذا الحساب وأرسِل إليه رقم تعريف العميل لحساب الخدمة وقائمة نطاقات OAuth حتى يتمكّن من إكمال الخطوات التالية في "وحدة تحكّم المشرف".
- في "وحدة تحكّم المشرف في Google"، انتقِل إلى رمز القائمة > الأمان > التحكّم في البيانات والوصول > عناصر التحكّم في واجهة برمجة التطبيقات.
- انقر على إدارة التفويض على مستوى النطاق.
- انقر على إضافة نطاق جديد.
- في حقل "معرِّف العميل"، الصِق معرِّف العميل الذي نسخته سابقًا.
- في حقل "نطاقات OAuth"، أدخِل قائمة مفصولة بفواصل بالنطاقات المطلوبة لتطبيقك. هذه هي المجموعة نفسها من النطاقات التي حدّدتها عند ضبط شاشة طلب الموافقة المتعلّقة ببروتوكول OAuth.
- انقر على تفويض.
إنشاء عناصر خدمة باستخدام بيانات اعتماد تمّت مصادقتها
لبدء استخدام أيّ من واجهات برمجة تطبيقات Google، عليك أولاً إعداد مصادقة وبيانات الاعتماد من داخل تطبيقك. تعالج مكتبات عملاء Google هذه العملية نيابةً عنك. تحتوي جميع المكتبات على أنماط لإنشاء ملف بيانات اعتماد، يمكنك من خلاله منح إذن الوصول إلى جميع واجهات برمجة التطبيقات ونقله إلى كل خدمة. من المفترض أن يتضمّن التطبيق عادةً مجموعة واحدة من بيانات الاعتماد وأن يستخدم مشروعًا واحدًا فقط على السحابة الإلكترونية لجميع تفاعلات Google API.
استخدِم ملف مفتاح JSON الذي أنشأته عند إنشاء حساب خدمة.
Python
import sys from apiclient.discovery import build from apiclient.http import HttpError from oauth2client.service_account import ServiceAccountCredentials ############## REPLACE WITH YOUR OWN VALUES #################### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com' ################################################################ # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ] credentials = ServiceAccountCredentials.from_json_keyfile_name( JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER) reseller_service = build( serviceName='reseller', version='v1', credentials=credentials) directory_service = build( serviceName='admin', version='directory_v1', credentials=credentials) verification_service = build( serviceName='siteVerification', version='v1', credentials=credentials)
Java
// OAuth2 and HTTP import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; import com.google.api.client.http.HttpResponseException; import com.google.api.client.json.jackson2.JacksonFactory; // Directory API import com.google.api.services.admin.directory.Directory; import com.google.api.services.admin.directory.DirectoryScopes; import com.google.api.services.admin.directory.model.User; import com.google.api.services.admin.directory.model.UserMakeAdmin; import com.google.api.services.admin.directory.model.UserName; // Reseller API import com.google.api.services.reseller.Reseller; import com.google.api.services.reseller.ResellerScopes; import com.google.api.services.reseller.model.Address; import com.google.api.services.reseller.model.Customer; import com.google.api.services.reseller.model.RenewalSettings; import com.google.api.services.reseller.model.Seats; import com.google.api.services.reseller.model.Subscription; // Site Verification API import com.google.api.services.siteVerification.SiteVerification; import com.google.api.services.siteVerification.SiteVerificationScopes; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource; // Java library imports import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.List; /** * This is a basic example of provisioning a Google Workspace customer. */ public class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes private static final List<String> OAUTH2_SCOPES = Arrays.asList( ResellerScopes.APPS_ORDER, SiteVerificationScopes.SITEVERIFICATION, DirectoryScopes.ADMIN_DIRECTORY_USER ); /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static final String CUSTOMER_DOMAIN = "example.com"; public static final String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ public static void main(String[] args) throws IOException, GeneralSecurityException, FileNotFoundException { // Instantiate services with authenticated credentials GoogleCredential jsonCredentials = GoogleCredential .fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE)); GoogleCredential credentials = new GoogleCredential.Builder() .setTransport(GoogleNetHttpTransport.newTrustedTransport()) .setJsonFactory(JacksonFactory.getDefaultInstance()) .setServiceAccountScopes(OAUTH2_SCOPES) .setServiceAccountUser(RESELLER_ADMIN_USER) .setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey()) .setServiceAccountId(jsonCredentials.getServiceAccountId()) .build(); Reseller resellerService = new Reseller.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); Directory directoryService = new Directory.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); SiteVerification verificationService = new SiteVerification.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build();
#C
// OAuth2 and HTTP using Google.Apis.Auth.OAuth2; using Google.Apis.Services; // Reseller API using Google.Apis.Reseller.v1; using Google.Apis.Reseller.v1.Data; // Directory API using Google.Apis.Admin.Directory.directory_v1; using User = Google.Apis.Admin.Directory.directory_v1.Data.User; using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName; using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin; //Site Verification API using Google.Apis.SiteVerification.v1; using Google.Apis.SiteVerification.v1.Data; // System imports using System; using System.IO; class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes static string[] OAUTH2_SCOPES = { ResellerService.Scope.AppsOrder, DirectoryService.Scope.AdminDirectoryUser, SiteVerificationService.Scope.Siteverification }; /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static String CUSTOMER_DOMAIN = "example.com"; public static String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ static void Main(string[] args) { GoogleCredential credential; using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read)) { credential = GoogleCredential .FromStream(stream) .CreateScoped(OAUTH2_SCOPES) .CreateWithUser(RESELLER_ADMIN_USER); } var resellerService = new ResellerService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var directoryService = new DirectoryService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var verificationService = new SiteVerificationService(new BaseClientService.Initializer() { HttpClientInitializer = credential, });
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client);
Ruby
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises const {google} = require('googleapis'); // ############## REPLACE WITH YOUR OWN VALUES #################### const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; const CUSTOMER_DOMAIN = 'example.com'; const CUSTOMER_SITE = 'https://www.example.com/'; // ################################################################ // Full List of scopes: https://developers.google.com/identity/protocols/googlescopes const OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ]; const authJWT = new google.auth.JWT({ keyFile: JSON_PRIVATE_KEY_FILE, scopes: OAUTH2_SCOPES, subject: RESELLER_ADMIN_USER, }); const resellerService = google.reseller({version: 'v1', auth: authJWT}); const directoryService = google.admin({version: 'directory_v1', auth: authJWT}); const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
بدء عملية إثبات ملكية النطاق
هذه الخطوة اختيارية، ولكن يُنصح بها إذا كان بإمكانك إثبات ملكية نطاق العميل. يتم إكمال هذه الخطوة في نهاية الدليل التعليمي عند إثبات ملكية النطاق.
في حال عدم إثبات ملكية نطاق العميل، سيتم فرض قيود عليه التالية:
- ولا يمكنهم الوصول إلا إلى "وحدة تحكّم المشرف" حيث يتم توجيههم خلال عملية إثبات ملكية النطاق يدويًا.
- وقد يتم تعليقها بعد 21 يومًا من إنشائها.
لاسترداد رمز مميّز لإثبات ملكية الموقع الإلكتروني، اتّبِع الخطوات التالية:
لاسترداد رمز مميّز لإثبات ملكية الموقع الإلكتروني، استخدِم Site Verification API. لا يمكنك التحقّق مما إذا سبق إثبات ملكية نطاق معيّن، ولكن يمكنك إثبات ملكية المواقع الإلكترونية عدّة مرات بدون أي مشاكل. تختلف مَعلمات
verificationMethodاستنادًا إلى ما إذا كان يتم التحقّق من نوعINET_DOMAINأوSITE. عليك تحديد أحد الخيارات التالية:بالنسبة إلى النوع
INET_DOMAIN، استخدِم إحدى مَعلماتverificationMethodالتالية:DNS_TXTDNS_CNAME
يستخدِم مثال استرداد الرمز المميّز التالي نوع
INET_DOMAIN:Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response)
Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());
#C
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response);
Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspect
Node.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; });
بالنسبة إلى النوع
SITE، استخدِم إحدى مَعلماتverificationMethodالتالية:FILEMETA
يستخدِم مثال استرداد الرمز المميّز التالي نوع
SITEمع طريقة إثبات الهويةFILE. عند استخدام نوع إثبات الهويةSITE، يجب إضافةhttp://أوhttps://قبل المعرّف.Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'SITE', 'identifier': CUSTOMER_SITE }, 'verificationMethod': 'FILE' }).execute() print(response)
Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("SITE") .setIdentifier(CUSTOMER_SITE); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("FILE") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());
#C
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "SITE", Identifier = CUSTOMER_SITE }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "FILE", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'FILE', 'site' => [ 'type' => 'SITE', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r($response);
Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'SITE', identifier: CUSTOMER_SITE }, verification_method: 'FILE' ) response = verification_service.get_web_resource_token(request) puts response.inspect
Node.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'SITE', identifier: CUSTOMER_SITE, }, verificationMethod: 'FILE', } }).then(({data}) => { console.log(data); return data; });
ضع الرمز المميّز لإثبات ملكية الموقع الإلكتروني في سجلّ نظام أسماء النطاقات أو الموقع الإلكتروني.
إنشاء عميل باستخدام واجهة برمجة تطبيقات المورّد
استخدِم الأسلوب Customers.Get لتحديد ما إذا كان عميل متوفّرًا في Google Workspace:
Python
# Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raise
Java
// Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } }
#C
// Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; }
PHP
// Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } }
Ruby
# Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end end
Node.js
// Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } });
استنادًا إلى الردّ، اتّبِع الخطوات التالية:
إذا لم يكن العميل متوفّرًا، ستعرض الطريقة
customers.getرمز الخطأHTTP 404. انتقِل إلى الخطوة التالية التي يتم فيها إنشاء سجلّ العملاء في Google Workspace.إذا كانت الطريقة
customers.getتعرض القيمة بدون خطأ، حدِّد ما إذا كان العميل تابعًا لك من خلال التحقّق من نص الردّ الخاص بالخاصّيةalternateEmail. إذا لم يكن موقعalternateEmailمتوفّرًا، عليك نقل العميل واشتراكاته.
أنشئ سجلّ عميل في Google Workspace. يجب إنشاء ملف شخصي للعميل قبل أن تتمكّن من إنشاء اشتراكات له باستخدام الإرشادات التالية:
- لا يمكن أن يكون
alternateEmailعلى النطاق نفسه الذي يتوفّر فيهcustomerDomain. - يجب أن يكون
postalAddress.countryCodeرمز بلد مكوّنًا من حرفَين وفقًا لمعيار المنظمة الدولية للمعايير (ISO).
يوضّح المثال التالي عملية إنشاء سجلّ عميل:
Python
# Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response)
Java
// Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse);
#C
// Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse);
PHP
// Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response);
Ruby
# Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspect
Node.js
// Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; });
- لا يمكن أن يكون
إنشاء أوّل مستخدم مشرف باستخدام Admin SDK API
بعد توفير حساب عميل، عليك إنشاء المستخدم الأول و upgrade the user to a domain super administrator على الفور كي يتمكّن العميل من الوصول إلى خدماته الجديدة وقبول أي بنود خدمة سارية.
أنشئ المستخدم الأول واضبط كلمة مروره. يجب أن تكون كلمات المرور معقدة بما يكفي وأن تحتوي على ثمانية أحرف على الأقل. لمزيد من المعلومات، اطّلِع على مرجع
user.Python
# Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response)
Java
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse);
#C
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse);
PHP
// Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response);
Ruby
# Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspect
Node.js
// Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; });
إذا كانت طلب إنشاء المستخدم يعرض القيمة
HTTP 409، قد يكون اسم المستخدم متوفّرًا حاليًا كحساب مستهلك على Google.يمكنك ترقية المستخدم إلى دور المشرف المتميّز باتّباع الخطوات التالية:
Python
# Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute()
Java
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin");
#C
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin");
PHP
// Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin );
Ruby
# Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)
Node.js
// Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } });
إنشاء اشتراك Google Workspace لعميل
عند إنشاء اشتراك لعميل، يجب وضع معرّف أو رقم تعريف معاملة داخلي لهذا العميل في حقلpurchaseOrderId.
لمزيد من المعلومات عن الوسيطات والقيم المحدّدة، يُرجى الاطّلاع على مقالة إدارة الاشتراكات.
لإنشاء اشتراك، استخدِم Subscriptions.Insert call. يستخدِم المثال التالي اشتراكًا في
ANNUAL_YEARLY_PAY:Python
# Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response)
Java
// Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse);
#C
// Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse);
PHP
// Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response);
Ruby
# Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspect
Node.js
// Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; });
تكون الاشتراكات في الحالة
SUSPENDEDإلى أن يسجِّل مشرف العميل الدخول ويقبل بنود الخدمة. تتم إعادة توجيه مشرفي العملاء إلى بنود الخدمة عند تسجيل الدخول لأول مرة عند الوصول إلى أي موقع إلكتروني تابع لشركة Google (مثل Gmail أو Google Drive).
إثبات ملكية النطاق وتعيين مالكي النطاق
هذه الخطوة اختيارية، ولكن يُنصح بها إذا كان بإمكانك إثبات ملكية
نطاق العميل. يؤدي طلب واجهة برمجة التطبيقات Site Verification API webResource.insert() إلى
إثبات ملكية نطاق وتعيين المالكين الذين تحدّدهم في المَعلمة
owners[] ضمن نص الطلب.
يوضّح المثال التالي كيفية إثبات ملكية INET_DOMAIN:
Python
# Verify domain and designate domain owners response = verification_service.webResource().insert( verificationMethod='DNS_TXT', body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN] }).execute() print(response)
Java
// Verify domain and designate domain owners SiteVerificationWebResourceResource.Site verifySite = new SiteVerificationWebResourceResource.Site() .setIdentifier(CUSTOMER_DOMAIN) .setType("INET_DOMAIN"); List<String> owners = Arrays.asList(userEmail); SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() .setSite(verifySite) .setOwners(owners); SiteVerificationWebResourceResource verifyResponse = verificationService.webResource().insert("DNS_TXT", resource).execute(); System.out.println("Site Verification Web Resource:\n" + verifyResponse);
#C
// Verify domain and designate domain owners SiteVerificationWebResourceResource.SiteData verifySite = new SiteVerificationWebResourceResource.SiteData() { Identifier = CUSTOMER_DOMAIN, Type = "INET_DOMAIN" }; string[] owners = { userEmail }; SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() { Site = verifySite, Owners = owners }; SiteVerificationWebResourceResource verifyResponse = verificationService.WebResource.Insert(resource, "DNS_TXT").Execute(); Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
PHP
// Verify domain and designate domain owners $body = new Google_Service_SiteVerification_SiteVerificationWebResourceResource([ 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN, ], 'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN] ]); $response = $verificationService->webResource->insert('DNS_TXT', $body); print_r ($response);
Ruby
# Verify domain and designate domain owners webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, owners: ['marty.mcfly@' + CUSTOMER_DOMAIN] ) response = verification_service.insert_web_resource('DNS_TXT', webResource) puts response.inspect
Node.js
// Verify domain and designate domain owners const verifyDomainPromise = verificationService.webResource.insert({ verificationMethod: 'DNS_TXT', requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`], } }).then(({data}) => { console.log(data); return data; });
في حال نجاح هذا الطلب، يعرض رمز HTTP 200. إذا تعذّر على webResource.insert()
إثبات ملكية النطاق، يتم عرض رمز خطأ على مستوى HTTP 400. أعِد الاتصال بالرقم webResource.insert() مع إضافة فترة انتظار إلى أن يتم إثبات ملكية النطاق بنجاح.
وضع كل العناصر معًا
يعرض المثال التالي الرمز الكامل لتوفير العميل في Google Workspace:
Python
"""This is a basic example of provisioning a Google Workspace customer. """ import sys from apiclient.discovery import build from apiclient.http import HttpError from oauth2client.service_account import ServiceAccountCredentials ############## REPLACE WITH YOUR OWN VALUES #################### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com' ################################################################ # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ] credentials = ServiceAccountCredentials.from_json_keyfile_name( JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER) reseller_service = build( serviceName='reseller', version='v1', credentials=credentials) directory_service = build( serviceName='admin', version='directory_v1', credentials=credentials) verification_service = build( serviceName='siteVerification', version='v1', credentials=credentials) # Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response) # Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raise # Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response) # Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response) # Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute() # Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response) # Verify domain and designate domain owners response = verification_service.webResource().insert( verificationMethod='DNS_TXT', body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN] }).execute() print(response)
Java
// OAuth2 and HTTP import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; import com.google.api.client.http.HttpResponseException; import com.google.api.client.json.jackson2.JacksonFactory; // Directory API import com.google.api.services.admin.directory.Directory; import com.google.api.services.admin.directory.DirectoryScopes; import com.google.api.services.admin.directory.model.User; import com.google.api.services.admin.directory.model.UserMakeAdmin; import com.google.api.services.admin.directory.model.UserName; // Reseller API import com.google.api.services.reseller.Reseller; import com.google.api.services.reseller.ResellerScopes; import com.google.api.services.reseller.model.Address; import com.google.api.services.reseller.model.Customer; import com.google.api.services.reseller.model.RenewalSettings; import com.google.api.services.reseller.model.Seats; import com.google.api.services.reseller.model.Subscription; // Site Verification API import com.google.api.services.siteVerification.SiteVerification; import com.google.api.services.siteVerification.SiteVerificationScopes; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource; // Java library imports import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.List; /** * This is a basic example of provisioning a Google Workspace customer. */ public class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes private static final List<String> OAUTH2_SCOPES = Arrays.asList( ResellerScopes.APPS_ORDER, SiteVerificationScopes.SITEVERIFICATION, DirectoryScopes.ADMIN_DIRECTORY_USER ); /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static final String CUSTOMER_DOMAIN = "example.com"; public static final String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ public static void main(String[] args) throws IOException, GeneralSecurityException, FileNotFoundException { // Instantiate services with authenticated credentials GoogleCredential jsonCredentials = GoogleCredential .fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE)); GoogleCredential credentials = new GoogleCredential.Builder() .setTransport(GoogleNetHttpTransport.newTrustedTransport()) .setJsonFactory(JacksonFactory.getDefaultInstance()) .setServiceAccountScopes(OAUTH2_SCOPES) .setServiceAccountUser(RESELLER_ADMIN_USER) .setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey()) .setServiceAccountId(jsonCredentials.getServiceAccountId()) .build(); Reseller resellerService = new Reseller.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); Directory directoryService = new Directory.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); SiteVerification verificationService = new SiteVerification.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); // Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken()); // Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } } // Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse); // Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse); // Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin"); // Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse); // Verify domain and designate domain owners SiteVerificationWebResourceResource.Site verifySite = new SiteVerificationWebResourceResource.Site() .setIdentifier(CUSTOMER_DOMAIN) .setType("INET_DOMAIN"); List<String> owners = Arrays.asList(userEmail); SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() .setSite(verifySite) .setOwners(owners); SiteVerificationWebResourceResource verifyResponse = verificationService.webResource().insert("DNS_TXT", resource).execute(); System.out.println("Site Verification Web Resource:\n" + verifyResponse); } }
#C
// OAuth2 and HTTP using Google.Apis.Auth.OAuth2; using Google.Apis.Services; // Reseller API using Google.Apis.Reseller.v1; using Google.Apis.Reseller.v1.Data; // Directory API using Google.Apis.Admin.Directory.directory_v1; using User = Google.Apis.Admin.Directory.directory_v1.Data.User; using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName; using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin; //Site Verification API using Google.Apis.SiteVerification.v1; using Google.Apis.SiteVerification.v1.Data; // System imports using System; using System.IO; class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes static string[] OAUTH2_SCOPES = { ResellerService.Scope.AppsOrder, DirectoryService.Scope.AdminDirectoryUser, SiteVerificationService.Scope.Siteverification }; /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static String CUSTOMER_DOMAIN = "example.com"; public static String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ static void Main(string[] args) { GoogleCredential credential; using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read)) { credential = GoogleCredential .FromStream(stream) .CreateScoped(OAUTH2_SCOPES) .CreateWithUser(RESELLER_ADMIN_USER); } var resellerService = new ResellerService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var directoryService = new DirectoryService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var verificationService = new SiteVerificationService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); // Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token); // Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; } // Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse); // Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse); // Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin"); // Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse); // Verify domain and designate domain owners SiteVerificationWebResourceResource.SiteData verifySite = new SiteVerificationWebResourceResource.SiteData() { Identifier = CUSTOMER_DOMAIN, Type = "INET_DOMAIN" }; string[] owners = { userEmail }; SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() { Site = verifySite, Owners = owners }; SiteVerificationWebResourceResource verifyResponse = verificationService.WebResource.Insert(resource, "DNS_TXT").Execute(); Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse); } }
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client); // Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response); // Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } } // Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response); // Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response); // Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin ); // Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response); // Verify domain and designate domain owners $body = new Google_Service_SiteVerification_SiteVerificationWebResourceResource([ 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN, ], 'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN] ]); $response = $verificationService->webResource->insert('DNS_TXT', $body); print_r ($response);
Ruby
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new # Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspect # Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end end # Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspect # Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspect # Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status) # Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspect # Verify domain and designate domain owners webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, owners: ['marty.mcfly@' + CUSTOMER_DOMAIN] ) response = verification_service.insert_web_resource('DNS_TXT', webResource) puts response.inspect
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises const {google} = require('googleapis'); // ############## REPLACE WITH YOUR OWN VALUES #################### const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; const CUSTOMER_DOMAIN = 'example.com'; const CUSTOMER_SITE = 'https://www.example.com/'; // ################################################################ // Full List of scopes: https://developers.google.com/identity/protocols/googlescopes const OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ]; const authJWT = new google.auth.JWT({ keyFile: JSON_PRIVATE_KEY_FILE, scopes: OAUTH2_SCOPES, subject: RESELLER_ADMIN_USER, }); const resellerService = google.reseller({version: 'v1', auth: authJWT}); const directoryService = google.admin({version: 'directory_v1', auth: authJWT}); const verificationService = google.siteVerification({version: 'v1', auth: authJWT}); // Run all the steps one after each other, and exit as soon as one of them fail Promise.resolve() .then(() => { /** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; }); return getTokenPromise; }) .then(() => { // Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } }); return getCustomerPromise; }) .then(() => { // Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; }); return insertCustomerPromise; }) .then(() => { // Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; }); return insertUserPromise; }).then(() => { // Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } }); return makeAdminPromise; }) .then(() => { // Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; }); return insertSubscriptionPromise; }) .then(() => { // Verify domain and designate domain owners const verifyDomainPromise = verificationService.webResource.insert({ verificationMethod: 'DNS_TXT', requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`], } }).then(({data}) => { console.log(data); return data; }); return verifyDomainPromise; }) .catch(err => { console.error('Error:', err.message); if (err.code) { console.log('Error code:', err.code); } if (err.errors) { console.log('Details:', err.errors); } });