يوضح لك هذا الدليل التوجيهي كيفية توفير المتطلبات اللازمة للعميل باستخدام واجهة برمجة تطبيقات المورّد.
تتضمن عملية توفير المتطلبات اللازمة للعميل عدة خطوات تعتمد على الاستخدام المتبادل، ويتم تنفيذ هذه الخطوات على عدة واجهات برمجة تطبيقات في منصة Google Workspace.
يوضح المخطط السابق واجهات برمجة التطبيقات المستخدمة في كل خطوة لتزويد العميل بما يلي:
- استخدِم Site Verification API لوضع الرمز المميّز لإثبات ملكية النطاق.
- استخدِم واجهة برمجة تطبيقات المورّد لإنشاء عميل.
- استخدِم Directory API لإنشاء المستخدم الأول وإسناده كمشرف.
- استخدِم واجهة برمجة تطبيقات المورّد لإنشاء اشتراك.
- استخدِم واجهة برمجة التطبيقات Site Verification API لإثبات ملكية النطاق.
المتطلبات الأساسية
- مثيل نطاق مورّد Google.
- اتفاقية شركاء Google Workspace منفَّذة بالكامل
- حساب على Google:
- وافِق على بنود الخدمة في Partner Sales Console.
- تنزيل مكتبة برامج للغات مختلفة
إعداد البيئة
لإكمال هذا الدليل التوجيهي، عليك إعداد بيئتك.
تفعيل واجهة برمجة التطبيقات
قبل استخدام Google APIs، عليك تفعيلها في مشروع على Google Cloud. يمكنك تفعيل واجهة برمجة تطبيقات واحدة أو أكثر في مشروع واحد على Google Cloud.في Google Cloud Console، فعِّل "واجهة برمجة تطبيقات المورّد" و"واجهة برمجة تطبيقات التحقّق من المواقع الإلكترونية" وAdmin SDK API .
إنشاء حساب خدمة
حساب الخدمة هو نوع خاص من الحسابات التي يستخدمها التطبيق، وليس كشخص. يمكنك استخدام حساب الخدمة للوصول إلى البيانات أو تنفيذ الإجراءات من خلال حساب الروبوت أو للوصول إلى البيانات نيابةً عن مستخدمي Google Workspace أو Cloud Identity. لمزيد من المعلومات، راجِع فهم حسابات الخدمة.وحدة تحكُّم Google Cloud
- في Google Cloud Console، انتقِل إلى القائمة > إدارة الهوية وإمكانية الوصول والمشرف > حسابات الخدمة.
- انقر على إنشاء حساب خدمة.
- املأ تفاصيل حساب الخدمة، ثم انقر على إنشاء ومتابعة.
- اختياري: عيّن الأدوار لحساب الخدمة لمنح الإذن بالوصول إلى موارد مشروعك على Google Cloud. لمزيد من التفاصيل، يُرجى الاطّلاع على مقالة منح الموارد وتغييرها وإبطالها.
- انقر على متابعة.
- اختياري: أدخِل المستخدمين أو المجموعات التي يمكنها إدارة الإجراءات وتنفيذها باستخدام حساب الخدمة هذا. للتعرُّف على المزيد من التفاصيل، يُرجى الاطِّلاع على إدارة انتحال هوية حساب الخدمة.
- انقر على تم. دوِّن عنوان البريد الإلكتروني لحساب الخدمة.
gcloud CLI
- أنشئ حساب الخدمة:
gcloud iam service-accounts createSERVICE_ACCOUNT_NAME\ --display-name="SERVICE_ACCOUNT_NAME" - اختياري: عيّن الأدوار لحساب الخدمة لمنح الإذن بالوصول إلى موارد مشروعك على Google Cloud. لمزيد من التفاصيل، يُرجى الاطّلاع على مقالة منح الموارد وتغييرها وإبطالها.
إنشاء بيانات اعتماد لحساب خدمة
عليك الحصول على بيانات الاعتماد في شكل زوج مفاتيح عام/خاص. يتم استخدام بيانات الاعتماد هذه من خلال الرمز للسماح بإجراءات حساب الخدمة داخل تطبيقك.- في Google Cloud Console، انتقِل إلى القائمة > إدارة الهوية وإمكانية الوصول والمشرف > حسابات الخدمة.
- اختَر حساب الخدمة.
- انقر على المفاتيح > إضافة مفتاح > إنشاء مفتاح جديد.
- اختَر JSON، ثم انقر على إنشاء.
يتم إنشاء زوج المفتاح العام/الخاص وتنزيله على جهازك كملف جديد. احفظ ملف JSON الذي تم تنزيله بتنسيق
credentials.jsonفي دليل العمل. وهذا الملف هو النسخة الوحيدة من هذا المفتاح. للحصول على معلومات حول طريقة تخزين المفتاح بأمان، يُرجى الاطّلاع على إدارة مفاتيح حساب الخدمة. - انقر على إغلاق.
إعداد التفويض على مستوى النطاق لحساب الخدمة
لطلب البيانات من واجهات برمجة التطبيقات نيابةً عن المستخدمين في مؤسسة على Google Workspace، يجب أن يتم منح حساب الخدمة الخاص بك تفويضًا للسلطة على مستوى النطاق في "وحدة تحكّم مشرف Google Workspace" من خلال حساب مشرف متميّز. لمزيد من المعلومات، يُرجى الاطّلاع على تفويض صلاحية على مستوى النطاق لحساب خدمة.- في Google Cloud Console، انتقِل إلى القائمة > إدارة الهوية وإمكانية الوصول والمشرف > حسابات الخدمة.
- اختَر حساب الخدمة.
- انقر على إظهار الإعدادات المتقدمة.
- ضمن "التفويض على مستوى النطاق"، ابحث عن "معرّف العميل" لحساب الخدمة. انقر على نسخ لنسخ قيمة معرّف العميل إلى الحافظة.
إذا كان لديك إذن وصول مشرف متميّز إلى حساب Google Workspace ذي الصلة، انقر على عرض وحدة تحكّم مشرف Google Workspace، ثم سجِّل الدخول باستخدام حساب مستخدم مشرف متميّز وواصِل اتّباع الخطوات التالية.
إذا لم يكن لديك إذن وصول المشرف المتميّز إلى حساب Google Workspace ذي الصلة، تواصَل مع أحد المشرفين المتميزين لهذا الحساب وأرسِل إليه رقم تعريف العميل لحساب الخدمة وقائمة بنطاقات OAuth ليتمكّن من إكمال الخطوات التالية في "وحدة تحكُّم المشرف".
- في "وحدة تحكّم المشرف في Google"، انتقِل إلى القائمة > الأمان > التحكّم في الوصول والبيانات > عناصر التحكُّم في واجهة برمجة التطبيقات.
- انقر على إدارة التفويض على مستوى النطاق.
- انقر على إضافة جهة اتصال جديدة.
- في حقل "معرّف العميل"، الصِق معرّف العميل الذي نسخته سابقًا.
- في الحقل "نطاقات OAuth"، أدخِل قائمة بالنطاقات التي يتطلبها تطبيقك مفصولة بفواصل. هذه هي مجموعة النطاقات نفسها التي تم تحديدها عند ضبط شاشة طلب الموافقة المتعلّقة ببروتوكول OAuth.
- انقر على تفويض.
إنشاء كائنات الخدمة باستخدام بيانات اعتماد تمت مصادقتها
لبدء استخدام أي واجهة برمجة تطبيقات من Google، يجب أولاً إعداد المصادقة وبيانات الاعتماد من داخل تطبيقك. تتولى مكتبات عملاء Google معالجة هذا الأمر نيابةً عنك. وتضم كل المكتبات أنماطًا لإنشاء كائن بيانات اعتماد، والذي يمكنك منحه إذن الوصول إلى جميع واجهات برمجة التطبيقات وتمريره إلى كل خدمة. يجب أن يحتوي التطبيق عادةً على مجموعة واحدة من بيانات الاعتماد وأن يستخدم مشروعًا واحدًا فقط على السحابة الإلكترونية لجميع تفاعلات Google API.
استخدِم ملف مفتاح JSON الذي أنشأته عند إنشاء حساب الخدمة.
Python
import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials
############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
]
credentials = ServiceAccountCredentials.from_json_keyfile_name(
JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)
reseller_service = build(
serviceName='reseller', version='v1', credentials=credentials)
directory_service = build(
serviceName='admin', version='directory_v1', credentials=credentials)
verification_service = build(
serviceName='siteVerification', version='v1', credentials=credentials)
Java
// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
/**
* This is a basic example of provisioning a Google Workspace customer.
*/
public class CodelabExample {
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
private static final List<String> OAUTH2_SCOPES = Arrays.asList(
ResellerScopes.APPS_ORDER,
SiteVerificationScopes.SITEVERIFICATION,
DirectoryScopes.ADMIN_DIRECTORY_USER
);
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static final String CUSTOMER_DOMAIN = "example.com";
public static final String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
public static void main(String[] args)
throws IOException, GeneralSecurityException, FileNotFoundException {
// Instantiate services with authenticated credentials
GoogleCredential jsonCredentials = GoogleCredential
.fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setServiceAccountScopes(OAUTH2_SCOPES)
.setServiceAccountUser(RESELLER_ADMIN_USER)
.setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
.setServiceAccountId(jsonCredentials.getServiceAccountId())
.build();
Reseller resellerService = new Reseller.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
Directory directoryService = new Directory.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
SiteVerification verificationService = new SiteVerification.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
C#
// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;
class CodelabExample
{
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
static string[] OAUTH2_SCOPES = {
ResellerService.Scope.AppsOrder,
DirectoryService.Scope.AdminDirectoryUser,
SiteVerificationService.Scope.Siteverification
};
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static String CUSTOMER_DOMAIN = "example.com";
public static String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
static void Main(string[] args)
{
GoogleCredential credential;
using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential
.FromStream(stream)
.CreateScoped(OAUTH2_SCOPES)
.CreateWithUser(RESELLER_ADMIN_USER);
}
var resellerService = new ResellerService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var directoryService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client);
Ruby
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');
// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################
// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
];
const authJWT = new google.auth.JWT({
keyFile: JSON_PRIVATE_KEY_FILE,
scopes: OAUTH2_SCOPES,
subject: RESELLER_ADMIN_USER,
});
const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
بدء عملية إثبات ملكية النطاق
هذه الخطوة اختيارية، ولكن نوصى بها إذا كانت لديك إمكانية إثبات ملكية نطاق العميل. يتم إكمال هذه الخطوة في نهاية البرنامج التعليمي عند إثبات ملكية النطاق.
في حال عدم إثبات ملكية نطاق العميل، ستكون هناك القيود التالية له:
- وليس بإمكانه الوصول إلى "وحدة تحكُّم المشرف" إلا حيث يتم إرشاده خلال العملية اليدوية لإثبات ملكية النطاق.
- وقد يتم تعليقها بعد 21 يومًا من إنشائها.
لاسترداد الرمز المميّز لإثبات ملكية الموقع الإلكتروني، اتّبِع الخطوات التالية:
لاسترداد رمز مميَّز لإثبات ملكية الموقع الإلكتروني، استخدِم Site Verification API. لا يمكنك إثبات ملكية نطاق ما إذا كان قد سبق له إثبات ملكيته، أم لا، ولكن يمكنك إثبات ملكية المواقع الإلكترونية عدة مرات بدون أي مشاكل. تختلف معلَمات
verificationMethodبناءً على ما إذا كنت تتحقّق من صحة النوعINET_DOMAINأوSITE. عليك تحديد أحد الخيارات التالية:بالنسبة إلى النوع
INET_DOMAIN، استخدِم إحدى مَعلماتverificationMethodالتالية:DNS_TXTDNS_CNAME
يستخدم المثال التالي لاسترداد الرمز المميز النوع
INET_DOMAIN:Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response)Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response);Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspectNode.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; });بالنسبة إلى النوع
SITE، استخدِم إحدى مَعلماتverificationMethodالتالية:FILEMETA
يستخدم المثال التالي لاسترداد الرمز المميّز نوع
SITEمع طريقة إثبات الملكيةFILE. عند استخدام النوعSITEلإثبات الملكية، عليك إضافة البادئةhttp://أوhttps://إلى المعرّف السابق.Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'SITE', 'identifier': CUSTOMER_SITE }, 'verificationMethod': 'FILE' }).execute() print(response)Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("SITE") .setIdentifier(CUSTOMER_SITE); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("FILE") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "SITE", Identifier = CUSTOMER_SITE }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "FILE", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'FILE', 'site' => [ 'type' => 'SITE', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r($response);Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'SITE', identifier: CUSTOMER_SITE }, verification_method: 'FILE' ) response = verification_service.get_web_resource_token(request) puts response.inspectNode.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'SITE', identifier: CUSTOMER_SITE, }, verificationMethod: 'FILE', } }).then(({data}) => { console.log(data); return data; });
ضَع الرمز المميّز لإثبات ملكية الموقع الإلكتروني في سجلّ نظام أسماء النطاقات أو الموقع الإلكتروني.
إنشاء عميل باستخدام واجهة برمجة تطبيقات المورّد
استخدِم الإجراء Customers.Get لتحديد ما إذا كان العميل مشتركًا حاليًا في Google Workspace:
Python
# Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raiseJava
// Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } }C#
// Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; }PHP
// Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } }Ruby
# Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end endNode.js
// Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } });بناءً على الرد، قم بما يلي:
إذا لم يكن العميل موجودًا، تعرض الطريقة
customers.getرمز الخطأHTTP 404. يُرجى المتابعة إلى الخطوة التالية التي تنشئ فيها سجلّ العملاء في Google Workspace.إذا ظهرت الطريقة
customers.getبدون خطأ، حدِّد ما إذا كان العميل ملكك من خلال الاطّلاع على نص الاستجابة الخاص بالسمةalternateEmail. إذا كانت السمةalternateEmailغير متوفّرة، عليك نقل العميل واشتراكاته.
إنشاء سجلّ عميل في Google Workspace يجب إنشاء سجل عميل قبل أن تتمكن من إنشاء اشتراكات لهذا العميل باتّباع الإرشادات التالية:
- لا يمكن أن تكون السمة
alternateEmailعلى النطاق نفسه مثلcustomerDomain. - يجب أن يكون
postalAddress.countryCodeرمز بلد من حرفين وفقًا لمعيار ISO.
يوضح المثال التالي إنشاء سجلّ للعميل:
Python
# Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response)Java
// Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse);C#
// Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse);PHP
// Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response);Ruby
# Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspectNode.js
// Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; });- لا يمكن أن تكون السمة
إنشاء أوّل مستخدم إداري لديه واجهة برمجة التطبيقات Admin SDK API
بعد توفير الخدمة للعميل، يجب إنشاء المستخدم الأول وترقية المستخدم فورًا إلى مشرف متميز للنطاق حتى يتمكن العميل من الوصول إلى الخدمات الجديدة وقبول أي بنود خدمة سارية.
إنشاء المستخدم الأول وضبط كلمة مروره يجب أن تكون كلمات المرور عالية التعقيد ويجب أن تحتوي على ثمانية أحرف على الأقل. لمزيد من المعلومات، اطّلِع على مرجع
user.Python
# Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response)Java
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse);C#
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse);PHP
// Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response);Ruby
# Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspectNode.js
// Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; });إذا أدّت دعوة إنشاء المستخدم إلى عرض خطأ
HTTP 409، قد يكون اسم المستخدم متوفرًا حاليًا كحساب مستهلِك على Google.ترقية المستخدم إلى دور المشرف المتميّز:
Python
# Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute()Java
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin");C#
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin");PHP
// Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin );
Ruby
# Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)Node.js
// Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } });
إنشاء اشتراك Google Workspace لعميل
عند إنشاء اشتراك لعميل، يجب وضع معرّف أو معرّف معاملة داخلي لهذا العميل في الحقل purchaseOrderId.
لمزيد من المعلومات حول وسيطات وقيم معيّنة، يُرجى الاطّلاع على
إدارة الاشتراكات.
لإنشاء اشتراك، استخدم الاستدعاء Subscriptions.Insert. يستخدم المثال التالي اشتراك
ANNUAL_YEARLY_PAY:Python
# Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response)Java
// Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse);C#
// Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse);PHP
// Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response);Ruby
# Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspectNode.js
// Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; });تكون الاشتراكات في حالة
SUSPENDEDإلى أن يسجّل مشرف العميل الدخول ويوافق على "بنود الخدمة". تتم إعادة توجيه مشرفي العملاء إلى "بنود الخدمة" عند تسجيل الدخول للمرة الأولى عند الدخول إلى أي من خدمات Google (مثل Gmail أو Google Drive).
إثبات ملكية النطاق وتحديد مالكي النطاق
هذه الخطوة اختيارية ولكن ننصحك باستخدامها إذا كانت لديك إمكانية إثبات ملكية
نطاق العميل. يتحقّق كل من طلب البيانات من واجهة برمجة التطبيقات لإثبات ملكية الموقع الإلكتروني webResource.insert() من ملكية النطاق، ويعيّن له المالكين الذين تحدّدهم في معلَمة owners[] لنص الطلب.
يوضّح المثال التالي كيفية إثبات ملكية INET_DOMAIN:
Python
# Verify domain and designate domain owners
response = verification_service.webResource().insert(
verificationMethod='DNS_TXT',
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
}).execute()
print(response)
Java
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.Site verifySite =
new SiteVerificationWebResourceResource.Site()
.setIdentifier(CUSTOMER_DOMAIN)
.setType("INET_DOMAIN");
List<String> owners = Arrays.asList(userEmail);
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
.setSite(verifySite)
.setOwners(owners);
SiteVerificationWebResourceResource verifyResponse =
verificationService.webResource().insert("DNS_TXT", resource).execute();
System.out.println("Site Verification Web Resource:\n" + verifyResponse);
C#
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.SiteData verifySite =
new SiteVerificationWebResourceResource.SiteData()
{
Identifier = CUSTOMER_DOMAIN,
Type = "INET_DOMAIN"
};
string[] owners = { userEmail };
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
{
Site = verifySite,
Owners = owners
};
SiteVerificationWebResourceResource verifyResponse =
verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
PHP
// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN,
],
'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);
$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);
Ruby
# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)
response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect
Node.js
// Verify domain and designate domain owners
const verifyDomainPromise = verificationService.webResource.insert({
verificationMethod: 'DNS_TXT',
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
}
}).then(({data}) => {
console.log(data);
return data;
});
في حال نجاح هذا الاستدعاء، ستعرض هذه المكالمة الرمز HTTP 200. إذا لم يتمكن webResource.insert()
من إثبات ملكية النطاق، سيتم عرض رمز خطأ على مستوى HTTP 400. أعِد محاولة الاتصال
بـ webResource.insert() مع تأخير التأخّر حتى يتم
إثبات ملكية النطاق بنجاح.
وضع كل العناصر معًا
يوضّح المثال التالي الرمز الكامل لإدارة حسابات عملاء Google Workspace:
Python
"""This is a basic example of provisioning a Google Workspace customer.
"""
import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials
############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
]
credentials = ServiceAccountCredentials.from_json_keyfile_name(
JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)
reseller_service = build(
serviceName='reseller', version='v1', credentials=credentials)
directory_service = build(
serviceName='admin', version='directory_v1', credentials=credentials)
verification_service = build(
serviceName='siteVerification', version='v1', credentials=credentials)
# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
response = verification_service.webResource().getToken(
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'verificationMethod': 'DNS_TXT'
}).execute()
print(response)
# Determine if customer domain already has Google Workspace
try:
response = reseller_service.customers().get(
customerId=CUSTOMER_DOMAIN).execute()
print('Customer already exists if call succeeds')
sys.exit()
except HttpError as error:
if int(error.resp['status']) == 404:
print('Domain available for Google Workspace creation')
else:
raise
# Create customer resource
response = reseller_service.customers().insert(
body={
'customerDomain': CUSTOMER_DOMAIN,
'alternateEmail': 'marty.mcfly@gmail.com',
'postalAddress': {
'contactName': 'Marty McFly',
'organizationName': 'Acme Corp',
'postalCode': '10009',
'countryCode': 'US',
}
}).execute()
print(response)
# Create first admin user
response = directory_service.users().insert(
body={
'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN,
'name': {
'givenName': 'Marty',
'familyName': 'McFly',
},
'password': 'Timecircuit88'
}).execute()
print(response)
# Promote user to admin status
response = directory_service.users().makeAdmin(
userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={
'status': True
}).execute()
# Create subscription resource
response = reseller_service.subscriptions().insert(
customerId=CUSTOMER_DOMAIN,
body={
'customerId': CUSTOMER_DOMAIN,
'skuId': '1010020027',
'plan': {
'planName': 'ANNUAL_MONTHLY_PAY',
},
'seats': {
'numberOfSeats': 5,
},
'renewalSettings': { # only relevant for annual plans
'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY'
}
}).execute()
print(response)
# Verify domain and designate domain owners
response = verification_service.webResource().insert(
verificationMethod='DNS_TXT',
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
}).execute()
print(response)
Java
// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
/**
* This is a basic example of provisioning a Google Workspace customer.
*/
public class CodelabExample {
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
private static final List<String> OAUTH2_SCOPES = Arrays.asList(
ResellerScopes.APPS_ORDER,
SiteVerificationScopes.SITEVERIFICATION,
DirectoryScopes.ADMIN_DIRECTORY_USER
);
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static final String CUSTOMER_DOMAIN = "example.com";
public static final String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
public static void main(String[] args)
throws IOException, GeneralSecurityException, FileNotFoundException {
// Instantiate services with authenticated credentials
GoogleCredential jsonCredentials = GoogleCredential
.fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setServiceAccountScopes(OAUTH2_SCOPES)
.setServiceAccountUser(RESELLER_ADMIN_USER)
.setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
.setServiceAccountId(jsonCredentials.getServiceAccountId())
.build();
Reseller resellerService = new Reseller.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
Directory directoryService = new Directory.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
SiteVerification verificationService = new SiteVerification.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
SiteVerificationWebResourceGettokenRequest.Site getTokenSite =
new SiteVerificationWebResourceGettokenRequest.Site()
.setType("INET_DOMAIN")
.setIdentifier(CUSTOMER_DOMAIN);
SiteVerificationWebResourceGettokenRequest request =
new SiteVerificationWebResourceGettokenRequest()
.setVerificationMethod("DNS_TXT")
.setSite(getTokenSite);
SiteVerificationWebResourceGettokenResponse getTokenResponse =
verificationService.webResource().getToken(request).execute();
System.out.println("Site Verification Token: " + getTokenResponse.getToken());
// Determine if customer domain already has Google Workspace
try {
resellerService.customers().get(CUSTOMER_DOMAIN).execute();
System.out.println("Customer already exists if call succeeds");
System.exit(0);
} catch (HttpResponseException e) {
if (e.getStatusCode() == 404) {
System.out.println("Domain available for Google Workspace creation");
} else {
throw e;
}
}
// Create customer resource
Address address = new Address()
.setContactName("Marty McFly")
.setOrganizationName("Acme Corp")
.setCountryCode("US")
.setPostalCode("10009");
Customer customer = new Customer()
.setCustomerDomain(CUSTOMER_DOMAIN)
.setAlternateEmail("marty.mcfly@gmail.com")
.setPostalAddress(address);
Customer customerResponse = resellerService.customers()
.insert(customer).execute();
System.out.println("Created Customer:\n" + customerResponse);
// Create first admin user
String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
UserName name = new UserName();
name.setGivenName("Marty");
name.setFamilyName("McFly");
User user = new User();
user.setPrimaryEmail(userEmail);
user.setPassword("TimeCircuit88");
user.setName(name);
User userResponse = directoryService.users().insert(user).execute();
System.out.println("Created User:\n" + userResponse);
// Promote user to admin status
UserMakeAdmin admin = new UserMakeAdmin();
admin.setStatus(true);
directoryService.users().makeAdmin(userEmail, admin).execute();
System.out.println("User promoted to Admin");
// Create subscription resource
Seats seats = new Seats()
.setNumberOfSeats(5);
Subscription.Plan plan = new Subscription.Plan()
.setPlanName("ANNUAL_YEARLY_PAY");
RenewalSettings renewalSettings = new RenewalSettings()
.setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY");
Subscription subscription = new Subscription()
.setCustomerId(CUSTOMER_DOMAIN)
.setSeats(seats)
.setPlan(plan)
.setSkuId("1010020027")
.setRenewalSettings(renewalSettings);
Subscription subscriptionResponse = resellerService.subscriptions()
.insert(CUSTOMER_DOMAIN, subscription).execute();
System.out.println("Created Subscription:\n" + subscriptionResponse);
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.Site verifySite =
new SiteVerificationWebResourceResource.Site()
.setIdentifier(CUSTOMER_DOMAIN)
.setType("INET_DOMAIN");
List<String> owners = Arrays.asList(userEmail);
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
.setSite(verifySite)
.setOwners(owners);
SiteVerificationWebResourceResource verifyResponse =
verificationService.webResource().insert("DNS_TXT", resource).execute();
System.out.println("Site Verification Web Resource:\n" + verifyResponse);
}
}
C#
// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;
class CodelabExample
{
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
static string[] OAUTH2_SCOPES = {
ResellerService.Scope.AppsOrder,
DirectoryService.Scope.AdminDirectoryUser,
SiteVerificationService.Scope.Siteverification
};
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static String CUSTOMER_DOMAIN = "example.com";
public static String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
static void Main(string[] args)
{
GoogleCredential credential;
using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential
.FromStream(stream)
.CreateScoped(OAUTH2_SCOPES)
.CreateWithUser(RESELLER_ADMIN_USER);
}
var resellerService = new ResellerService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var directoryService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite =
new SiteVerificationWebResourceGettokenRequest.SiteData()
{
Type = "INET_DOMAIN",
Identifier = CUSTOMER_DOMAIN
};
SiteVerificationWebResourceGettokenRequest request =
new SiteVerificationWebResourceGettokenRequest()
{
VerificationMethod = "DNS_TXT",
Site = getTokenSite
};
SiteVerificationWebResourceGettokenResponse getTokenResponse =
verificationService.WebResource.GetToken(request).Execute();
Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
// Determine if customer domain already has Google Workspace
try
{
resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute();
Console.WriteLine("Customer already exists if call succeeds");
Environment.Exit(0);
}
catch (Google.GoogleApiException e) {
if (e.Error.Code == 404)
{
Console.WriteLine("Domain available for Google Workspace creation");
} else throw e;
}
// Create customer resource
Address address = new Address()
{
ContactName = "Marty McFly",
OrganizationName = "Acme Corp",
CountryCode = "US",
PostalCode = "10009"
};
Customer customer = new Customer()
{
CustomerDomain = CUSTOMER_DOMAIN,
AlternateEmail = "marty.mcfly@gmail.com",
PostalAddress = address
};
Customer customerResponse = resellerService.Customers.Insert(customer).Execute();
Console.WriteLine("Created Customer:\n{0}", customerResponse);
// Create first admin user
String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
UserName name = new UserName()
{
GivenName = "Marty",
FamilyName = "McFly"
};
User user = new User()
{
PrimaryEmail = userEmail,
Password = "TimeCircuit88",
Name = name
};
User userResponse = directoryService.Users.Insert(user).Execute();
Console.WriteLine("Created User:\n{0}", userResponse);
// Promote user to admin status
UserMakeAdmin admin = new UserMakeAdmin()
{
Status = true
};
directoryService.Users.MakeAdmin(admin, userEmail).Execute();
Console.WriteLine("User promoted to Admin");
// Create subscription resource
Seats seats = new Seats()
{
NumberOfSeats = 5
};
Subscription.PlanData plan = new Subscription.PlanData()
{
PlanName = "ANNUAL_YEARLY_PAY"
};
RenewalSettings renewalSettings = new RenewalSettings()
{
RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY"
};
Subscription subscription = new Subscription()
{
CustomerId = CUSTOMER_DOMAIN,
Seats = seats,
Plan = plan,
SkuId = "1010020027",
RenewalSettings = renewalSettings
};
Subscription subscriptionResponse = resellerService.Subscriptions
.Insert(subscription, CUSTOMER_DOMAIN).Execute();
Console.WriteLine("Created Subscription:\n" + subscriptionResponse);
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.SiteData verifySite =
new SiteVerificationWebResourceResource.SiteData()
{
Identifier = CUSTOMER_DOMAIN,
Type = "INET_DOMAIN"
};
string[] owners = { userEmail };
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
{
Site = verifySite,
Owners = owners
};
SiteVerificationWebResourceResource verifyResponse =
verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
}
}
PHP
// https://developers.google.com/api-client-library/php/
require_once 'vendor/autoload.php';
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
######### REPLACE WITH YOUR OWN VALUES ###############
$JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
$RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
$CUSTOMER_DOMAIN = 'example.com';
$CUSTOMER_SITE = 'https://www.example.com/';
######################################################
$client = new Google_Client();
$client->setAuthConfig($JSON_PRIVATE_KEY_FILE);
$client->setSubject($RESELLER_ADMIN_USER);
$client->setScopes($OAUTH2_SCOPES);
$resellerService = new Google_Service_Reseller($client);
$directoryService = new Google_Service_Directory($client);
$verificationService = new Google_Service_SiteVerification($client);
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([
'verificationMethod' => 'DNS_TXT',
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN
]
]);
$response = $verificationService->webResource->getToken($body);
print_r ($response);
// Determine if customer domain already has Google Workspace
try {
$response = $resellerService->customers->get($CUSTOMER_DOMAIN);
exit('Customer already exists if call succeeds');
} catch(Google_Service_Exception $e) {
if ($e->getErrors()[0]['reason'] == 'notFound'){
print ("Domain available for Google Workspace creation\n");
} else {
throw $e;
}
}
// Create customer resource
$customer = new Google_Service_Reseller_Customer([
'customerDomain' => $CUSTOMER_DOMAIN,
'alternateEmail' => 'marty.mcfly@gmail.com',
'postalAddress' => [
'contactName' => 'Marty McFly',
'organizationName' => 'Acme Corp',
'countryCode' => 'US',
'postalCode' => '10009'
]
]);
$response = $resellerService->customers->insert($customer);
print_r ($response);
// Create first admin user
$user = new Google_Service_Directory_User([
'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN,
'password' => 'Timecircuit88',
'name' => [
'givenName' => 'Marty',
'familyName' => 'McFly',
'fullName' => 'Marty McFly'
]
]);
$response = $directoryService->users->insert($user);
print_r ($response);
// Promote user to admin status
$makeAdmin = new Google_Service_Directory_UserMakeAdmin([
'status' => true
]);
$directoryService->users->makeAdmin(
'marty.mcfly@' . $CUSTOMER_DOMAIN,
$makeAdmin
);
// Create subscription resource
$subscription = new Google_Service_Reseller_Subscription([
'customerId' => $CUSTOMER_DOMAIN,
'skuId' => '1010020027',
'plan' => [
'planName' => 'ANNUAL_MONTHLY_PAY'
],
'seats' => [
'numberOfSeats' => '5'
],
'renewalSettings' => [
'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY'
]
]);
$response = $resellerService->subscriptions->insert(
$CUSTOMER_DOMAIN,
$subscription
);
print_r ($response);
// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN,
],
'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);
$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);
Ruby
require 'googleauth'
require 'google/apis/reseller_v1'
require 'google/apis/site_verification_v1'
require 'google/apis/admin_directory_v1'
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/admin.directory.user',
'https://reseller.googleapis.com/auth/siteverification',
]
####### REPLACE WITH YOUR OWN VALUES ###############
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com/'
####################################################
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open(JSON_PRIVATE_KEY_FILE),
scope: OAUTH2_SCOPES)
credentials.sub = RESELLER_ADMIN_USER
Google::Apis::RequestOptions.default.authorization = credentials
reseller_service = Google::Apis::ResellerV1::ResellerService.new
directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new
verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
verification_method: 'DNS_TXT'
)
response = verification_service.get_web_resource_token(request)
puts response.inspect
# Determine if customer domain already has Google Workspace
begin
reseller_service.get_customer(CUSTOMER_DOMAIN)
abort('Customer already exists if call succeeds')
rescue Google::Apis::ClientError => ex
if ex.status_code == 404
puts 'Domain available for Google Workspace creation'
else
raise ex
end
end
# Create customer resource
customer = Google::Apis::ResellerV1::Customer.new(
customer_domain: CUSTOMER_DOMAIN,
alternate_email: 'marty.mcfly@gmail.com',
postal_address: {
contact_name: 'Marty McFly',
organization_name: 'Acme Corp',
country_code: 'US',
postal_code: '10009'})
response = reseller_service.insert_customer(customer)
puts response.inspect
# Create first admin user
user = Google::Apis::AdminDirectoryV1::User.new(
name: {
given_name: 'Marty',
family_name: 'McFly',
full_name: 'Marty McFly'
},
password: 'Timecircuit88',
primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN,
)
response = directory_service.insert_user(user)
puts response.inspect
# Promote user to admin status
admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new(
status: true
)
response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)
# Create subscription resource
subscription = Google::Apis::ResellerV1::Subscription.new(
customer_id: CUSTOMER_DOMAIN,
sku_id: '1010020027',
plan: {
plan_name: 'ANNUAL_MONTHLY_PAY'
},
seats: {
number_of_seats: 5,
},
renewal_settings: {
renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY'
}
)
response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription)
puts response.inspect
# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)
response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');
// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################
// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
];
const authJWT = new google.auth.JWT({
keyFile: JSON_PRIVATE_KEY_FILE,
scopes: OAUTH2_SCOPES,
subject: RESELLER_ADMIN_USER,
});
const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
// Run all the steps one after each other, and exit as soon as one of them fail
Promise.resolve()
.then(() => {
/**
* Retrieve the site verification token and place it according to:
* https://developers.google.com/site-verification/v1/getting_started#tokens
*/
const getTokenPromise = verificationService.webResource.getToken({
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
verificationMethod: 'DNS_TXT',
}
}).then(({data}) => {
console.log(data);
return data;
});
return getTokenPromise;
})
.then(() => {
// Determine if customer domain already has Google Workspace
const getCustomerPromise = resellerService.customers.get({
customerId: CUSTOMER_DOMAIN
}).then(() => {
throw new Error('Customer already exists');
}, resErr => {
if (resErr.code === 404) {
console.log('Domain available for Google Workspace creation');
} else {
throw resErr;
}
});
return getCustomerPromise;
})
.then(() => {
// Create customer resource
const insertCustomerPromise = resellerService.customers.insert({
requestBody: {
customerDomain: CUSTOMER_DOMAIN,
alternateEmail: 'marty.mcfly@gmail.com',
postalAddress: {
contactName: 'Marty McFly',
organizationName: 'Acme Corp',
postalCode: '10009',
countryCode: 'US',
}
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertCustomerPromise;
})
.then(() => {
// Create first admin user
const insertUserPromise = directoryService.users.insert({
requestBody: {
primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`,
name: {
givenName: 'Marty',
familyName: 'McFly',
},
password: 'Timecircuit88',
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertUserPromise;
}).then(() => {
// Promote user to admin status
const makeAdminPromise = directoryService.users.makeAdmin({
userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`,
requestBody: {
status: true
}
});
return makeAdminPromise;
})
.then(() => {
// Create subscription resource
const insertSubscriptionPromise = resellerService.subscriptions.insert({
customerId: CUSTOMER_DOMAIN,
requestBody: {
customerId: CUSTOMER_DOMAIN,
skuId: '1010020027',
plan: {
planName: 'ANNUAL_MONTHLY_PAY',
},
seats: {
numberOfSeats: 5,
},
renewalSettings: { // only relevant for annual plans
renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY',
}
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertSubscriptionPromise;
})
.then(() => {
// Verify domain and designate domain owners
const verifyDomainPromise = verificationService.webResource.insert({
verificationMethod: 'DNS_TXT',
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
}
}).then(({data}) => {
console.log(data);
return data;
});
return verifyDomainPromise;
})
.catch(err => {
console.error('Error:', err.message);
if (err.code) {
console.log('Error code:', err.code);
}
if (err.errors) {
console.log('Details:', err.errors);
}
});