במדריך הזה מוסבר איך להקצות לקוח באמצעות ה-API של המפיץ.
כדי להקצות הרשאות לקוח כראוי, צריך לבצע מספר שלבים, תלויים זהב, בכמה ממשקי API בפלטפורמת Google Workspace.
בתרשים הקודם אפשר לראות באילו ממשקי API נעשה שימוש בכל שלב כדי להקצות לקוחות:
- משתמשים בממשק ה-API לאימות אתרים כדי להציב את האסימון לאימות הדומיין.
- כדי ליצור לקוח, צריך להשתמש ב-מפיץ API.
- משתמשים ב-Directory API כדי ליצור את המשתמש הראשון ולהגדיר אותו כאדמין.
- כדי ליצור מינוי, צריך להשתמש ב-מפיץ API.
- שימוש ב-Site Verification API כדי לאמת את הדומיין.
דרישות מוקדמות
- מופע של דומיין מפיץ של Google.
- הסכם שותף של Google Workspace שבוצע במלואו.
- חשבון Google.
- מאשרים את התנאים וההגבלות ב-Partner Sales Console.
- הורדה של ספריית לקוח לשפות שונות.
הגדרת הסביבה
כדי להשלים את המדריך, צריך להגדיר את הסביבה.
הפעלת ה-API
כדי להשתמש ב-Google APIs, צריך להפעיל אותם בפרויקט ב-Google Cloud. אפשר להפעיל ממשק API אחד או יותר בפרויקט אחד ב-Google Cloud.במסוף Google Cloud, מפעילים את Seller API, Site Verification API ו-Admin SDK API .
יצירה של חשבון שירות.
חשבון שירות הוא סוג מיוחד של חשבון, שאפליקציה (ולא אדם) משתמשת בו. אתם יכולים להשתמש בחשבון שירות כדי לגשת לנתונים או לבצע פעולות באמצעות החשבון הרובוטי, או כדי לגשת לנתונים מטעם משתמשי Google Workspace או Cloud Identity. למידע נוסף ראו את המאמר הסבר על חשבונות שירות.מסוף Google Cloud
- במסוף Google Cloud, נכנסים לתפריט > IAM & Admin > חשבונות שירות.
- לוחצים על Create service account.
- ממלאים את פרטי חשבון השירות ולוחצים על Create and continue.
- אופציונלי: מקצים תפקידים לחשבון השירות כדי לתת גישה למשאבים של הפרויקט ב-Google Cloud. לפרטים נוספים, אפשר לעיין במאמר בנושא הענקה, שינוי וביטול של הרשאות גישה למשאבים.
- לוחצים על המשך.
- אופציונלי: אפשר להזין משתמשים או קבוצות שיוכלו לנהל ולבצע פעולות באמצעות חשבון השירות הזה. פרטים נוספים זמינים במאמר ניהול התחזות לחשבון שירות.
- לוחצים על סיום. רושמים בצד את כתובת האימייל של חשבון השירות.
CLI של gcloud
- יוצרים את חשבון השירות:
gcloud iam service-accounts createSERVICE_ACCOUNT_NAME\ --display-name="SERVICE_ACCOUNT_NAME" - אופציונלי: מקצים תפקידים לחשבון השירות כדי לתת גישה למשאבים של הפרויקט ב-Google Cloud. לפרטים נוספים, אפשר לעיין במאמר בנושא הענקה, שינוי וביטול של הרשאות גישה למשאבים.
יצירת פרטי כניסה לחשבון שירות
פרטי הכניסה צריכים להיות בפורמט של זוג מפתחות ציבורי/פרטי. הקוד שלך משתמש בפרטי הכניסה האלה כדי לאשר פעולות של חשבון שירות באפליקציה.- במסוף Google Cloud, נכנסים לתפריט > IAM & Admin > חשבונות שירות.
- בוחרים את חשבון השירות.
- לוחצים על מפתחות > הוספת מפתח > יצירת מפתח חדש.
- בוחרים באפשרות JSON ולוחצים על יצירה.
זוג המפתחות הציבורי/הפרטי החדש נוצר והורדה למחשב כקובץ חדש. שומרים את קובץ ה-JSON שהורדתם בשם
credentials.jsonבספריית העבודה. הקובץ הזה הוא העותק היחיד של המפתח הזה. למידע נוסף על אחסון המפתח באופן מאובטח, כדאי לעיין במאמר ניהול מפתחות של חשבונות שירות. - לוחצים על Close.
איך מגדירים הענקת גישה ברמת הדומיין לחשבון שירות
כדי להפעיל ממשקי API מטעם משתמשים בארגון ב-Google Workspace, חשבון השירות שלכם צריך לקבל הענקת סמכויות ברמת הדומיין במסוף Admin ב-Google Workspace מחשבון סופר-אדמין. למידע נוסף, ראו האצלת סמכות ברמת הדומיין לחשבון שירות.- במסוף Google Cloud, נכנסים לתפריט > IAM & Admin > חשבונות שירות.
- בוחרים את חשבון השירות.
- לוחצים על הצגת הגדרות מתקדמות.
- בקטע 'הענקת גישה ברמת הדומיין', מאתרים את 'מספר הלקוח' של חשבון השירות. צריך ללחוץ על 'העתקה' כדי להעתיק את הערך של מזהה הלקוח ללוח.
אם יש לכם הרשאת סופר-אדמין בחשבון Google Workspace הרלוונטי, לוחצים על הצגת מסוף Admin ב-Google Workspace, ואז נכנסים באמצעות חשבון משתמש של סופר-אדמין וממשיכים לבצע את השלבים הבאים.
אם אין לך הרשאת סופר-אדמין בחשבון Google Workspace הרלוונטי, צריך לפנות לסופר-אדמין בחשבון הזה ולשלוח לו את מספר הלקוח ואת הרשימה של היקפי ההרשאות של OAuth, כדי שהוא יוכל לבצע את השלבים הבאים במסוף Admin.
- במסוף Google Admin, נכנסים לתפריט > אבטחה > שליטה בגישה ובנתונים > בקרות API.
- לוחצים על ניהול הענקת גישה ברמת הדומיין.
- לוחצים על הוספת חדש.
- בשדה Client ID (מזהה לקוח), מדביקים את מזהה הלקוח שהעתקתם קודם לכן.
- בשדה 'היקפי OAuth', מזינים רשימה מופרדת בפסיקים של היקפי ההרשאות שנדרשים על ידי האפליקציה. זו אותה קבוצת היקפים שהגדרתם כשהגדרתם את מסך ההסכמה של OAuth.
- לוחצים על Authorize.
יצירת אובייקטים של שירות עם פרטי כניסה מאומתים
כדי להשתמש ב-Google API, קודם צריך להגדיר אימות ופרטי כניסה מתוך האפליקציה. ספריות הלקוח של Google יטפלו בכך בשמך. בכל הספריות יש תבניות ליצירת אובייקט של פרטי כניסה, ואפשר להעניק גישה לכל ממשקי ה-API ולהעביר אותם לכל שירות. בדרך כלל, לאפליקציה צריכה להיות קבוצה אחת של פרטי כניסה, וצריך להשתמש רק בפרויקט אחד בענן לכל האינטראקציות של Google API.
משתמשים בקובץ מפתח ה-JSON שיצרתם כשיצרתם את חשבון השירות.
Python
import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials
############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
]
credentials = ServiceAccountCredentials.from_json_keyfile_name(
JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)
reseller_service = build(
serviceName='reseller', version='v1', credentials=credentials)
directory_service = build(
serviceName='admin', version='directory_v1', credentials=credentials)
verification_service = build(
serviceName='siteVerification', version='v1', credentials=credentials)
Java
// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
/**
* This is a basic example of provisioning a Google Workspace customer.
*/
public class CodelabExample {
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
private static final List<String> OAUTH2_SCOPES = Arrays.asList(
ResellerScopes.APPS_ORDER,
SiteVerificationScopes.SITEVERIFICATION,
DirectoryScopes.ADMIN_DIRECTORY_USER
);
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static final String CUSTOMER_DOMAIN = "example.com";
public static final String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
public static void main(String[] args)
throws IOException, GeneralSecurityException, FileNotFoundException {
// Instantiate services with authenticated credentials
GoogleCredential jsonCredentials = GoogleCredential
.fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setServiceAccountScopes(OAUTH2_SCOPES)
.setServiceAccountUser(RESELLER_ADMIN_USER)
.setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
.setServiceAccountId(jsonCredentials.getServiceAccountId())
.build();
Reseller resellerService = new Reseller.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
Directory directoryService = new Directory.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
SiteVerification verificationService = new SiteVerification.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
C#
// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;
class CodelabExample
{
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
static string[] OAUTH2_SCOPES = {
ResellerService.Scope.AppsOrder,
DirectoryService.Scope.AdminDirectoryUser,
SiteVerificationService.Scope.Siteverification
};
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static String CUSTOMER_DOMAIN = "example.com";
public static String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
static void Main(string[] args)
{
GoogleCredential credential;
using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential
.FromStream(stream)
.CreateScoped(OAUTH2_SCOPES)
.CreateWithUser(RESELLER_ADMIN_USER);
}
var resellerService = new ResellerService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var directoryService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client);
Ruby
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');
// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################
// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
];
const authJWT = new google.auth.JWT({
keyFile: JSON_PRIVATE_KEY_FILE,
scopes: OAUTH2_SCOPES,
subject: RESELLER_ADMIN_USER,
});
const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
התחלת תהליך אימות הדומיין
השלב הזה הוא אופציונלי, אבל מומלץ אם יש לכם אפשרות לאמת את הדומיין של הלקוח. השלב הזה מסתיים בסוף המדריך לאחר אימות הדומיין.
אם לא תאמתו את הדומיין של הלקוח, יחולו עליו ההגבלות הבאות:
- הם יכולים לגשת רק למסוף Admin, שבו הם מתבקשים לבצע את תהליך האימות הידני של הדומיין.
- יכול להיות שהם יושעו 21 יום אחרי היצירה.
כדי לאחזר אסימון לאימות אתר, יש לבצע את הפעולות הבאות:
כדי לאחזר אסימון לאימות אתר, צריך להשתמש ב-Site Verification API. אי אפשר לאמת אם דומיין אומת בעבר, אבל אפשר לאמת אתרים כמה פעמים בלי בעיות. הפרמטרים
verificationMethodמשתנים בהתאם לאימות סוגINET_DOMAINאוSITE. יש לבחור אחת מהאפשרויות הבאות:לסוג
INET_DOMAIN, יש להשתמש באחד מהפרמטרים הבאים שלverificationMethod:DNS_TXTDNS_CNAME
בדוגמה הבאה לאחזור האסימון נעשה שימוש בסוג
INET_DOMAIN:Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response)Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response);Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspectNode.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; });לסוג
SITE, יש להשתמש באחד מהפרמטרים הבאים שלverificationMethod:FILEMETA
בדוגמה הבאה לאחזור האסימון נעשה שימוש בסוג
SITEעם שיטת האימותFILE. כשמשתמשים בסוג האימותSITE, צריך להוסיף תחילית של המזההhttp://אוhttps://.Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'SITE', 'identifier': CUSTOMER_SITE }, 'verificationMethod': 'FILE' }).execute() print(response)Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("SITE") .setIdentifier(CUSTOMER_SITE); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("FILE") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "SITE", Identifier = CUSTOMER_SITE }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "FILE", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'FILE', 'site' => [ 'type' => 'SITE', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r($response);Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'SITE', identifier: CUSTOMER_SITE }, verification_method: 'FILE' ) response = verification_service.get_web_resource_token(request) puts response.inspectNode.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'SITE', identifier: CUSTOMER_SITE, }, verificationMethod: 'FILE', } }).then(({data}) => { console.log(data); return data; });
יצירת לקוח באמצעות ה-API של המפיץ
משתמשים בשיטה Customers.Get כדי לבדוק אם הלקוח כבר קיים ב-Google Workspace:
Python
# Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raiseJava
// Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } }C#
// Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; }PHP
// Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } }Ruby
# Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end endNode.js
// Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } });בהתאם לתגובה, מבצעים את הפעולות הבאות:
אם הלקוח לא קיים, השיטה
customers.getתחזיר את קוד השגיאהHTTP 404. המשיכו לשלב הבא שבו יוצרים רשומת לקוחות ב-Google Workspace.אם השיטה
customers.getמוחזרת ללא שגיאות, צריך לבדוק אם הלקוח שלכם על ידי בדיקת גוף התגובה של המאפייןalternateEmail. אם הנכסalternateEmailחסר, צריך להעביר את הלקוח ואת המינויים שלו.
אפשר ליצור רשומת לקוח ב-Google Workspace. כדי ליצור מינויים עבור הלקוח, צריך ליצור רשומת לקוח לפי ההנחיות הבאות:
alternateEmailלא יכול להיות באותו דומיין כמוcustomerDomain.- הערך
postalAddress.countryCodeחייב להיות קוד מדינה בן שני תווים לפי תקן ISO.
בדוגמה הבאה מוצגת יצירה של רשומת לקוח:
Python
# Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response)Java
// Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse);C#
// Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse);PHP
// Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response);Ruby
# Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspectNode.js
// Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; });
יוצרים את המשתמש הראשון עם הרשאת האדמין באמצעות Admin SDK API
אחרי שמקצים לקוח, צריך ליצור את המשתמש הראשון ולשדרג אותו מיד לסופר-אדמין בדומיין, כדי שהלקוח יוכל לגשת לשירותים החדשים שלו ולאשר את התנאים וההגבלות החלים.
יוצרים את המשתמש הראשון ומגדירים את הסיסמה שלו. הסיסמאות צריכות להיות מורכבות מספיק ולהכיל לפחות שמונה תווים. למידע נוסף, עיינו במשאב
user.Python
# Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response)Java
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse);C#
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse);PHP
// Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response);Ruby
# Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspectNode.js
// Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; });אם הקריאה ליצירת המשתמש מחזירה
HTTP 409, יכול להיות ששם המשתמש כבר קיים כחשבון Google לצרכנים.שדרוג המשתמש לתפקיד סופר-אדמין:
Python
# Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute()Java
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin");C#
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin");PHP
// Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin );
Ruby
# Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)Node.js
// Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } });
יצירת מינוי ל-Google Workspace ללקוח
כשיוצרים מינוי ללקוח, צריך לציין מזהה או מזהה עסקה פנימי של הלקוח בשדה purchaseOrderId.
למידע נוסף על ארגומנטים וערכים ספציפיים קראו את המאמר ניהול מינויים.
על מנת ליצור מינוי, משתמשים בקריאה Subscriptions.Insert. בדוגמה הבאה נעשה שימוש במינוי
ANNUAL_YEARLY_PAY:Python
# Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response)Java
// Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse);C#
// Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse);PHP
// Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response);Ruby
# Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspectNode.js
// Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; });המינויים נמצאים במצב
SUSPENDEDעד שאדמין של לקוח מתחבר ומאשר את התנאים וההגבלות. האדמינים של הלקוחות מפנים לתנאים ולהגבלות בפעם הראשונה שהם ניגשים לנכס Google כלשהו (כמו Gmail או Google Drive).
אימות הדומיין והקצאה של בעלי דומיין
השלב הזה הוא אופציונלי, אבל מומלץ אם יש לכם אפשרות לאמת את הדומיין של הלקוח. הקריאה webResource.insert() ל-Site Verification API מאמתת דומיין ומקצה לו את הבעלים שציינתם בפרמטר owners[] בגוף הבקשה.
הדוגמה הבאה מראה איך לאמת INET_DOMAIN:
Python
# Verify domain and designate domain owners
response = verification_service.webResource().insert(
verificationMethod='DNS_TXT',
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
}).execute()
print(response)
Java
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.Site verifySite =
new SiteVerificationWebResourceResource.Site()
.setIdentifier(CUSTOMER_DOMAIN)
.setType("INET_DOMAIN");
List<String> owners = Arrays.asList(userEmail);
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
.setSite(verifySite)
.setOwners(owners);
SiteVerificationWebResourceResource verifyResponse =
verificationService.webResource().insert("DNS_TXT", resource).execute();
System.out.println("Site Verification Web Resource:\n" + verifyResponse);
C#
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.SiteData verifySite =
new SiteVerificationWebResourceResource.SiteData()
{
Identifier = CUSTOMER_DOMAIN,
Type = "INET_DOMAIN"
};
string[] owners = { userEmail };
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
{
Site = verifySite,
Owners = owners
};
SiteVerificationWebResourceResource verifyResponse =
verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
PHP
// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN,
],
'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);
$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);
Ruby
# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)
response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect
Node.js
// Verify domain and designate domain owners
const verifyDomainPromise = verificationService.webResource.insert({
verificationMethod: 'DNS_TXT',
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
}
}).then(({data}) => {
console.log(data);
return data;
});
אם הפעולה מצליחה, השיחה מחזירה קוד HTTP 200. אם לא ניתן לאמת את הדומיין באמצעות webResource.insert(), הוא יחזיר קוד שגיאה ברמת HTTP 400. מנסים שוב להפעיל את
webResource.insert() עם השהיה לפני ניסיון חוזר (backoff) עד שהדומיין יאומת.
סיכום של כל המידע
בדוגמה הבאה מוצג הקוד המלא להקצאת לקוח Google Workspace:
Python
"""This is a basic example of provisioning a Google Workspace customer.
"""
import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials
############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
]
credentials = ServiceAccountCredentials.from_json_keyfile_name(
JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)
reseller_service = build(
serviceName='reseller', version='v1', credentials=credentials)
directory_service = build(
serviceName='admin', version='directory_v1', credentials=credentials)
verification_service = build(
serviceName='siteVerification', version='v1', credentials=credentials)
# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
response = verification_service.webResource().getToken(
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'verificationMethod': 'DNS_TXT'
}).execute()
print(response)
# Determine if customer domain already has Google Workspace
try:
response = reseller_service.customers().get(
customerId=CUSTOMER_DOMAIN).execute()
print('Customer already exists if call succeeds')
sys.exit()
except HttpError as error:
if int(error.resp['status']) == 404:
print('Domain available for Google Workspace creation')
else:
raise
# Create customer resource
response = reseller_service.customers().insert(
body={
'customerDomain': CUSTOMER_DOMAIN,
'alternateEmail': 'marty.mcfly@gmail.com',
'postalAddress': {
'contactName': 'Marty McFly',
'organizationName': 'Acme Corp',
'postalCode': '10009',
'countryCode': 'US',
}
}).execute()
print(response)
# Create first admin user
response = directory_service.users().insert(
body={
'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN,
'name': {
'givenName': 'Marty',
'familyName': 'McFly',
},
'password': 'Timecircuit88'
}).execute()
print(response)
# Promote user to admin status
response = directory_service.users().makeAdmin(
userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={
'status': True
}).execute()
# Create subscription resource
response = reseller_service.subscriptions().insert(
customerId=CUSTOMER_DOMAIN,
body={
'customerId': CUSTOMER_DOMAIN,
'skuId': '1010020027',
'plan': {
'planName': 'ANNUAL_MONTHLY_PAY',
},
'seats': {
'numberOfSeats': 5,
},
'renewalSettings': { # only relevant for annual plans
'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY'
}
}).execute()
print(response)
# Verify domain and designate domain owners
response = verification_service.webResource().insert(
verificationMethod='DNS_TXT',
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
}).execute()
print(response)
Java
// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
/**
* This is a basic example of provisioning a Google Workspace customer.
*/
public class CodelabExample {
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
private static final List<String> OAUTH2_SCOPES = Arrays.asList(
ResellerScopes.APPS_ORDER,
SiteVerificationScopes.SITEVERIFICATION,
DirectoryScopes.ADMIN_DIRECTORY_USER
);
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static final String CUSTOMER_DOMAIN = "example.com";
public static final String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
public static void main(String[] args)
throws IOException, GeneralSecurityException, FileNotFoundException {
// Instantiate services with authenticated credentials
GoogleCredential jsonCredentials = GoogleCredential
.fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setServiceAccountScopes(OAUTH2_SCOPES)
.setServiceAccountUser(RESELLER_ADMIN_USER)
.setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
.setServiceAccountId(jsonCredentials.getServiceAccountId())
.build();
Reseller resellerService = new Reseller.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
Directory directoryService = new Directory.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
SiteVerification verificationService = new SiteVerification.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
SiteVerificationWebResourceGettokenRequest.Site getTokenSite =
new SiteVerificationWebResourceGettokenRequest.Site()
.setType("INET_DOMAIN")
.setIdentifier(CUSTOMER_DOMAIN);
SiteVerificationWebResourceGettokenRequest request =
new SiteVerificationWebResourceGettokenRequest()
.setVerificationMethod("DNS_TXT")
.setSite(getTokenSite);
SiteVerificationWebResourceGettokenResponse getTokenResponse =
verificationService.webResource().getToken(request).execute();
System.out.println("Site Verification Token: " + getTokenResponse.getToken());
// Determine if customer domain already has Google Workspace
try {
resellerService.customers().get(CUSTOMER_DOMAIN).execute();
System.out.println("Customer already exists if call succeeds");
System.exit(0);
} catch (HttpResponseException e) {
if (e.getStatusCode() == 404) {
System.out.println("Domain available for Google Workspace creation");
} else {
throw e;
}
}
// Create customer resource
Address address = new Address()
.setContactName("Marty McFly")
.setOrganizationName("Acme Corp")
.setCountryCode("US")
.setPostalCode("10009");
Customer customer = new Customer()
.setCustomerDomain(CUSTOMER_DOMAIN)
.setAlternateEmail("marty.mcfly@gmail.com")
.setPostalAddress(address);
Customer customerResponse = resellerService.customers()
.insert(customer).execute();
System.out.println("Created Customer:\n" + customerResponse);
// Create first admin user
String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
UserName name = new UserName();
name.setGivenName("Marty");
name.setFamilyName("McFly");
User user = new User();
user.setPrimaryEmail(userEmail);
user.setPassword("TimeCircuit88");
user.setName(name);
User userResponse = directoryService.users().insert(user).execute();
System.out.println("Created User:\n" + userResponse);
// Promote user to admin status
UserMakeAdmin admin = new UserMakeAdmin();
admin.setStatus(true);
directoryService.users().makeAdmin(userEmail, admin).execute();
System.out.println("User promoted to Admin");
// Create subscription resource
Seats seats = new Seats()
.setNumberOfSeats(5);
Subscription.Plan plan = new Subscription.Plan()
.setPlanName("ANNUAL_YEARLY_PAY");
RenewalSettings renewalSettings = new RenewalSettings()
.setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY");
Subscription subscription = new Subscription()
.setCustomerId(CUSTOMER_DOMAIN)
.setSeats(seats)
.setPlan(plan)
.setSkuId("1010020027")
.setRenewalSettings(renewalSettings);
Subscription subscriptionResponse = resellerService.subscriptions()
.insert(CUSTOMER_DOMAIN, subscription).execute();
System.out.println("Created Subscription:\n" + subscriptionResponse);
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.Site verifySite =
new SiteVerificationWebResourceResource.Site()
.setIdentifier(CUSTOMER_DOMAIN)
.setType("INET_DOMAIN");
List<String> owners = Arrays.asList(userEmail);
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
.setSite(verifySite)
.setOwners(owners);
SiteVerificationWebResourceResource verifyResponse =
verificationService.webResource().insert("DNS_TXT", resource).execute();
System.out.println("Site Verification Web Resource:\n" + verifyResponse);
}
}
C#
// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;
class CodelabExample
{
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
static string[] OAUTH2_SCOPES = {
ResellerService.Scope.AppsOrder,
DirectoryService.Scope.AdminDirectoryUser,
SiteVerificationService.Scope.Siteverification
};
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static String CUSTOMER_DOMAIN = "example.com";
public static String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
static void Main(string[] args)
{
GoogleCredential credential;
using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential
.FromStream(stream)
.CreateScoped(OAUTH2_SCOPES)
.CreateWithUser(RESELLER_ADMIN_USER);
}
var resellerService = new ResellerService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var directoryService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite =
new SiteVerificationWebResourceGettokenRequest.SiteData()
{
Type = "INET_DOMAIN",
Identifier = CUSTOMER_DOMAIN
};
SiteVerificationWebResourceGettokenRequest request =
new SiteVerificationWebResourceGettokenRequest()
{
VerificationMethod = "DNS_TXT",
Site = getTokenSite
};
SiteVerificationWebResourceGettokenResponse getTokenResponse =
verificationService.WebResource.GetToken(request).Execute();
Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
// Determine if customer domain already has Google Workspace
try
{
resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute();
Console.WriteLine("Customer already exists if call succeeds");
Environment.Exit(0);
}
catch (Google.GoogleApiException e) {
if (e.Error.Code == 404)
{
Console.WriteLine("Domain available for Google Workspace creation");
} else throw e;
}
// Create customer resource
Address address = new Address()
{
ContactName = "Marty McFly",
OrganizationName = "Acme Corp",
CountryCode = "US",
PostalCode = "10009"
};
Customer customer = new Customer()
{
CustomerDomain = CUSTOMER_DOMAIN,
AlternateEmail = "marty.mcfly@gmail.com",
PostalAddress = address
};
Customer customerResponse = resellerService.Customers.Insert(customer).Execute();
Console.WriteLine("Created Customer:\n{0}", customerResponse);
// Create first admin user
String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
UserName name = new UserName()
{
GivenName = "Marty",
FamilyName = "McFly"
};
User user = new User()
{
PrimaryEmail = userEmail,
Password = "TimeCircuit88",
Name = name
};
User userResponse = directoryService.Users.Insert(user).Execute();
Console.WriteLine("Created User:\n{0}", userResponse);
// Promote user to admin status
UserMakeAdmin admin = new UserMakeAdmin()
{
Status = true
};
directoryService.Users.MakeAdmin(admin, userEmail).Execute();
Console.WriteLine("User promoted to Admin");
// Create subscription resource
Seats seats = new Seats()
{
NumberOfSeats = 5
};
Subscription.PlanData plan = new Subscription.PlanData()
{
PlanName = "ANNUAL_YEARLY_PAY"
};
RenewalSettings renewalSettings = new RenewalSettings()
{
RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY"
};
Subscription subscription = new Subscription()
{
CustomerId = CUSTOMER_DOMAIN,
Seats = seats,
Plan = plan,
SkuId = "1010020027",
RenewalSettings = renewalSettings
};
Subscription subscriptionResponse = resellerService.Subscriptions
.Insert(subscription, CUSTOMER_DOMAIN).Execute();
Console.WriteLine("Created Subscription:\n" + subscriptionResponse);
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.SiteData verifySite =
new SiteVerificationWebResourceResource.SiteData()
{
Identifier = CUSTOMER_DOMAIN,
Type = "INET_DOMAIN"
};
string[] owners = { userEmail };
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
{
Site = verifySite,
Owners = owners
};
SiteVerificationWebResourceResource verifyResponse =
verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
}
}
PHP
// https://developers.google.com/api-client-library/php/
require_once 'vendor/autoload.php';
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
######### REPLACE WITH YOUR OWN VALUES ###############
$JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
$RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
$CUSTOMER_DOMAIN = 'example.com';
$CUSTOMER_SITE = 'https://www.example.com/';
######################################################
$client = new Google_Client();
$client->setAuthConfig($JSON_PRIVATE_KEY_FILE);
$client->setSubject($RESELLER_ADMIN_USER);
$client->setScopes($OAUTH2_SCOPES);
$resellerService = new Google_Service_Reseller($client);
$directoryService = new Google_Service_Directory($client);
$verificationService = new Google_Service_SiteVerification($client);
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([
'verificationMethod' => 'DNS_TXT',
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN
]
]);
$response = $verificationService->webResource->getToken($body);
print_r ($response);
// Determine if customer domain already has Google Workspace
try {
$response = $resellerService->customers->get($CUSTOMER_DOMAIN);
exit('Customer already exists if call succeeds');
} catch(Google_Service_Exception $e) {
if ($e->getErrors()[0]['reason'] == 'notFound'){
print ("Domain available for Google Workspace creation\n");
} else {
throw $e;
}
}
// Create customer resource
$customer = new Google_Service_Reseller_Customer([
'customerDomain' => $CUSTOMER_DOMAIN,
'alternateEmail' => 'marty.mcfly@gmail.com',
'postalAddress' => [
'contactName' => 'Marty McFly',
'organizationName' => 'Acme Corp',
'countryCode' => 'US',
'postalCode' => '10009'
]
]);
$response = $resellerService->customers->insert($customer);
print_r ($response);
// Create first admin user
$user = new Google_Service_Directory_User([
'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN,
'password' => 'Timecircuit88',
'name' => [
'givenName' => 'Marty',
'familyName' => 'McFly',
'fullName' => 'Marty McFly'
]
]);
$response = $directoryService->users->insert($user);
print_r ($response);
// Promote user to admin status
$makeAdmin = new Google_Service_Directory_UserMakeAdmin([
'status' => true
]);
$directoryService->users->makeAdmin(
'marty.mcfly@' . $CUSTOMER_DOMAIN,
$makeAdmin
);
// Create subscription resource
$subscription = new Google_Service_Reseller_Subscription([
'customerId' => $CUSTOMER_DOMAIN,
'skuId' => '1010020027',
'plan' => [
'planName' => 'ANNUAL_MONTHLY_PAY'
],
'seats' => [
'numberOfSeats' => '5'
],
'renewalSettings' => [
'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY'
]
]);
$response = $resellerService->subscriptions->insert(
$CUSTOMER_DOMAIN,
$subscription
);
print_r ($response);
// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN,
],
'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);
$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);
Ruby
require 'googleauth'
require 'google/apis/reseller_v1'
require 'google/apis/site_verification_v1'
require 'google/apis/admin_directory_v1'
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/admin.directory.user',
'https://reseller.googleapis.com/auth/siteverification',
]
####### REPLACE WITH YOUR OWN VALUES ###############
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com/'
####################################################
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open(JSON_PRIVATE_KEY_FILE),
scope: OAUTH2_SCOPES)
credentials.sub = RESELLER_ADMIN_USER
Google::Apis::RequestOptions.default.authorization = credentials
reseller_service = Google::Apis::ResellerV1::ResellerService.new
directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new
verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
verification_method: 'DNS_TXT'
)
response = verification_service.get_web_resource_token(request)
puts response.inspect
# Determine if customer domain already has Google Workspace
begin
reseller_service.get_customer(CUSTOMER_DOMAIN)
abort('Customer already exists if call succeeds')
rescue Google::Apis::ClientError => ex
if ex.status_code == 404
puts 'Domain available for Google Workspace creation'
else
raise ex
end
end
# Create customer resource
customer = Google::Apis::ResellerV1::Customer.new(
customer_domain: CUSTOMER_DOMAIN,
alternate_email: 'marty.mcfly@gmail.com',
postal_address: {
contact_name: 'Marty McFly',
organization_name: 'Acme Corp',
country_code: 'US',
postal_code: '10009'})
response = reseller_service.insert_customer(customer)
puts response.inspect
# Create first admin user
user = Google::Apis::AdminDirectoryV1::User.new(
name: {
given_name: 'Marty',
family_name: 'McFly',
full_name: 'Marty McFly'
},
password: 'Timecircuit88',
primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN,
)
response = directory_service.insert_user(user)
puts response.inspect
# Promote user to admin status
admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new(
status: true
)
response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)
# Create subscription resource
subscription = Google::Apis::ResellerV1::Subscription.new(
customer_id: CUSTOMER_DOMAIN,
sku_id: '1010020027',
plan: {
plan_name: 'ANNUAL_MONTHLY_PAY'
},
seats: {
number_of_seats: 5,
},
renewal_settings: {
renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY'
}
)
response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription)
puts response.inspect
# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)
response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');
// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################
// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
];
const authJWT = new google.auth.JWT({
keyFile: JSON_PRIVATE_KEY_FILE,
scopes: OAUTH2_SCOPES,
subject: RESELLER_ADMIN_USER,
});
const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
// Run all the steps one after each other, and exit as soon as one of them fail
Promise.resolve()
.then(() => {
/**
* Retrieve the site verification token and place it according to:
* https://developers.google.com/site-verification/v1/getting_started#tokens
*/
const getTokenPromise = verificationService.webResource.getToken({
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
verificationMethod: 'DNS_TXT',
}
}).then(({data}) => {
console.log(data);
return data;
});
return getTokenPromise;
})
.then(() => {
// Determine if customer domain already has Google Workspace
const getCustomerPromise = resellerService.customers.get({
customerId: CUSTOMER_DOMAIN
}).then(() => {
throw new Error('Customer already exists');
}, resErr => {
if (resErr.code === 404) {
console.log('Domain available for Google Workspace creation');
} else {
throw resErr;
}
});
return getCustomerPromise;
})
.then(() => {
// Create customer resource
const insertCustomerPromise = resellerService.customers.insert({
requestBody: {
customerDomain: CUSTOMER_DOMAIN,
alternateEmail: 'marty.mcfly@gmail.com',
postalAddress: {
contactName: 'Marty McFly',
organizationName: 'Acme Corp',
postalCode: '10009',
countryCode: 'US',
}
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertCustomerPromise;
})
.then(() => {
// Create first admin user
const insertUserPromise = directoryService.users.insert({
requestBody: {
primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`,
name: {
givenName: 'Marty',
familyName: 'McFly',
},
password: 'Timecircuit88',
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertUserPromise;
}).then(() => {
// Promote user to admin status
const makeAdminPromise = directoryService.users.makeAdmin({
userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`,
requestBody: {
status: true
}
});
return makeAdminPromise;
})
.then(() => {
// Create subscription resource
const insertSubscriptionPromise = resellerService.subscriptions.insert({
customerId: CUSTOMER_DOMAIN,
requestBody: {
customerId: CUSTOMER_DOMAIN,
skuId: '1010020027',
plan: {
planName: 'ANNUAL_MONTHLY_PAY',
},
seats: {
numberOfSeats: 5,
},
renewalSettings: { // only relevant for annual plans
renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY',
}
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertSubscriptionPromise;
})
.then(() => {
// Verify domain and designate domain owners
const verifyDomainPromise = verificationService.webResource.insert({
verificationMethod: 'DNS_TXT',
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
}
}).then(({data}) => {
console.log(data);
return data;
});
return verifyDomainPromise;
})
.catch(err => {
console.error('Error:', err.message);
if (err.code) {
console.log('Error code:', err.code);
}
if (err.errors) {
console.log('Details:', err.errors);
}
});