Questo tutorial mostra come eseguire il provisioning di un cliente utilizzando l'API Reseller.
Il provisioning corretto di un cliente prevede diversi passaggi reciprocamente dipendenti che si estendono su più API nella piattaforma Google Workspace.
Il diagramma precedente mostra quali API vengono utilizzate in ogni passaggio per eseguire il provisioning di un cliente:
- Utilizza l'API Site Verification per inserire il token di verifica del dominio.
- Utilizza l'API dei rivenditori per creare un cliente.
- Utilizza l'API Directory per creare il primo utente e assegnargli il ruolo di amministratore.
- Utilizza l'API dei rivenditori per creare un abbonamento.
- Utilizza l'API Site Verification per verificare il dominio.
Prerequisiti
- Istanza di un dominio rivenditore Google.
- Un contratto di partnership di Google Workspace pienamente eseguito.
- Un Account Google.
- Accetta i Termini di servizio nella Partner Sales Console.
- Scarica una libreria client per lingue diverse.
configura l'ambiente
Per completare questo tutorial, configura il tuo ambiente.
Abilita l'API
Prima di utilizzare le API di Google, devi attivarle in un progetto Google Cloud. Puoi attivare una o più API in un singolo progetto Google Cloud.Nella console Google Cloud, abilita l'API dei rivenditori, l'API Site Verification e l'API SDK Admin .
Crea un account di servizio
Un account di servizio è un tipo speciale di account utilizzato da un'applicazione, anziché da una persona. Puoi utilizzare un account di servizio per accedere ai dati o eseguire azioni da parte dell'account robot oppure per accedere ai dati per conto di utenti di Google Workspace o Cloud Identity. Per ulteriori informazioni, consulta Informazioni sugli account di servizio.Console Google Cloud
- Nella console Google Cloud, vai a Menu > IAM e amministrazione > Account di servizio.
- Fai clic su Crea account di servizio.
- Inserisci i dettagli dell'account di servizio, quindi fai clic su Crea e continua.
- (Facoltativo) Assegna ruoli al tuo account di servizio per concedere l'accesso alle risorse del progetto Google Cloud. Per maggiori dettagli, vedi Concessione, modifica e revoca dell'accesso alle risorse.
- Fai clic su Continua.
- (Facoltativo) Inserisci gli utenti o i gruppi che possono gestire ed eseguire azioni con questo account di servizio. Per maggiori dettagli, consulta Gestire l'impersonificazione degli account di servizio.
- Fai clic su Fine. Prendi nota dell'indirizzo email dell'account di servizio.
Interfaccia a riga di comando gcloud
- Crea l'account di servizio:
gcloud iam service-accounts createSERVICE_ACCOUNT_NAME\ --display-name="SERVICE_ACCOUNT_NAME" - (Facoltativo) Assegna ruoli al tuo account di servizio per concedere l'accesso alle risorse del progetto Google Cloud. Per maggiori dettagli, vedi Concessione, modifica e revoca dell'accesso alle risorse.
Crea le credenziali per un account di servizio
Le credenziali devono essere ottenute sotto forma di coppia di chiavi pubblica/privata. Queste credenziali vengono utilizzate dal tuo codice per autorizzare azioni relative all'account di servizio nella tua app.- Nella console Google Cloud, vai a Menu > IAM e amministrazione > Account di servizio.
- Seleziona il tuo account di servizio.
- Fai clic su Chiavi > Aggiungi chiave > Crea nuova chiave.
- Seleziona JSON, quindi fai clic su Crea.
Una nuova coppia di chiavi pubblica/privata viene generata e scaricata sul tuo computer come nuovo file. Salva il file JSON scaricato come
credentials.jsonnella directory di lavoro. Questo file è l'unica copia di questa chiave. Per informazioni su come archiviare la chiave in modo sicuro, consulta Gestire le chiavi degli account di servizio. - Fai clic su Chiudi.
Configura la delega a livello di dominio per un account di servizio
Per chiamare le API per conto degli utenti di un'organizzazione Google Workspace, al tuo account di servizio deve essere concessa la delega dell'autorità a livello di dominio nella Console di amministrazione Google Workspace da un account super amministratore. Per ulteriori informazioni, consulta Delega dell'autorità a livello di dominio a un account di servizio.- Nella console Google Cloud, vai a Menu > IAM e amministrazione > Account di servizio.
- Seleziona il tuo account di servizio.
- Fai clic su Mostra impostazioni avanzate.
- In "Delega a livello di dominio", individua l'"ID client" del tuo account di servizio. Fai clic su Copia per copiare il valore dell'ID client negli appunti.
Se disponi dell'accesso come super amministratore all'account Google Workspace pertinente, fai clic su Visualizza la Console di amministrazione Google Workspace, quindi accedi con un account utente super amministratore e continua a seguire questi passaggi.
Se non hai accesso come super amministratore all'account Google Workspace pertinente, contatta un super amministratore dell'account e inviagli l'ID client e l'elenco degli ambiti OAuth dell'account di servizio, in modo che possa completare i seguenti passaggi nella Console di amministrazione.
- Nella Console di amministrazione Google, vai a Menu > Sicurezza > Accesso e controllo dei dati > Controlli API.
- Fai clic su Gestisci delega a livello di dominio.
- Fai clic su Aggiungi nuovo.
- Nel campo "ID client", incolla l'ID client copiato in precedenza.
- Nel campo "Ambiti OAuth", inserisci un elenco delimitato da virgole degli ambiti richiesti dall'applicazione. Si tratta dello stesso insieme di ambiti che hai definito durante la configurazione della schermata per il consenso OAuth.
- Fai clic su Autorizza.
Creazione di oggetti di servizio con credenziali autenticate
Per iniziare a utilizzare qualsiasi API di Google, devi prima configurare l'autenticazione e le credenziali all'interno dell'applicazione. Le librerie client di Google gestiscono questa operazione per tuo conto. Tutte le librerie presentano pattern per la creazione di un oggetto credenziali, a cui puoi concedere l'accesso a tutte le API e passarli a ciascun servizio. Un'applicazione in genere dovrebbe avere un unico set di credenziali e utilizzare un solo progetto cloud per tutte le interazioni con l'API di Google.
Utilizza il file di chiave JSON che hai generato quando hai creato un account di servizio.
Python
import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials
############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
]
credentials = ServiceAccountCredentials.from_json_keyfile_name(
JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)
reseller_service = build(
serviceName='reseller', version='v1', credentials=credentials)
directory_service = build(
serviceName='admin', version='directory_v1', credentials=credentials)
verification_service = build(
serviceName='siteVerification', version='v1', credentials=credentials)
Java
// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
/**
* This is a basic example of provisioning a Google Workspace customer.
*/
public class CodelabExample {
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
private static final List<String> OAUTH2_SCOPES = Arrays.asList(
ResellerScopes.APPS_ORDER,
SiteVerificationScopes.SITEVERIFICATION,
DirectoryScopes.ADMIN_DIRECTORY_USER
);
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static final String CUSTOMER_DOMAIN = "example.com";
public static final String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
public static void main(String[] args)
throws IOException, GeneralSecurityException, FileNotFoundException {
// Instantiate services with authenticated credentials
GoogleCredential jsonCredentials = GoogleCredential
.fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setServiceAccountScopes(OAUTH2_SCOPES)
.setServiceAccountUser(RESELLER_ADMIN_USER)
.setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
.setServiceAccountId(jsonCredentials.getServiceAccountId())
.build();
Reseller resellerService = new Reseller.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
Directory directoryService = new Directory.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
SiteVerification verificationService = new SiteVerification.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
C#
// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;
class CodelabExample
{
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
static string[] OAUTH2_SCOPES = {
ResellerService.Scope.AppsOrder,
DirectoryService.Scope.AdminDirectoryUser,
SiteVerificationService.Scope.Siteverification
};
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static String CUSTOMER_DOMAIN = "example.com";
public static String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
static void Main(string[] args)
{
GoogleCredential credential;
using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential
.FromStream(stream)
.CreateScoped(OAUTH2_SCOPES)
.CreateWithUser(RESELLER_ADMIN_USER);
}
var resellerService = new ResellerService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var directoryService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client);
Ruby
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');
// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################
// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
];
const authJWT = new google.auth.JWT({
keyFile: JSON_PRIVATE_KEY_FILE,
scopes: OAUTH2_SCOPES,
subject: RESELLER_ADMIN_USER,
});
const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
Avvia la procedura di verifica del dominio
Questo passaggio è facoltativo, ma consigliato se hai la possibilità di verificare il dominio del cliente. Questo passaggio termina alla fine del tutorial, quando verifichi il dominio.
Se non verifichi il dominio del cliente, il cliente avrà le seguenti restrizioni:
- Hanno accesso solo alla Console di amministrazione, dove vengono guidati attraverso la procedura di verifica manuale del dominio.
- Potrebbero essere sospesi 21 giorni dopo la creazione.
Per recuperare un token di verifica del sito:
Per recuperare un token di verifica del sito, utilizza l'API Site Verification. Non puoi verificare se un dominio è stato convalidato in precedenza, ma puoi convalidare i siti più volte senza problemi. I parametri
verificationMethodvariano a seconda che tu stia convalidando un tipoINET_DOMAINoSITE. Scegli una delle seguenti opzioni:Per il tipo
INET_DOMAIN, utilizza uno dei seguenti parametriverificationMethod:DNS_TXTDNS_CNAME
Il seguente esempio di recupero di token utilizza un tipo
INET_DOMAIN:Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response)Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response);Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspectNode.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; });Per il tipo
SITE, utilizza uno dei seguenti parametriverificationMethod:FILEMETA
Il seguente esempio di recupero del token utilizza un tipo
SITEcon il metodo di verificaFILE. Quando utilizzi il tipo di verificaSITE, devi precedere l'identificatore conhttp://ohttps://.Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'SITE', 'identifier': CUSTOMER_SITE }, 'verificationMethod': 'FILE' }).execute() print(response)Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("SITE") .setIdentifier(CUSTOMER_SITE); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("FILE") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "SITE", Identifier = CUSTOMER_SITE }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "FILE", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'FILE', 'site' => [ 'type' => 'SITE', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r($response);Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'SITE', identifier: CUSTOMER_SITE }, verification_method: 'FILE' ) response = verification_service.get_web_resource_token(request) puts response.inspectNode.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'SITE', identifier: CUSTOMER_SITE, }, verificationMethod: 'FILE', } }).then(({data}) => { console.log(data); return data; });
Inserisci il token di verifica del sito nel record o nel sito DNS.
Creare un cliente con l'API dei rivenditori
Utilizza il metodo Customers.Get per determinare se un cliente esiste già in Google Workspace:
Python
# Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raiseJava
// Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } }C#
// Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; }PHP
// Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } }Ruby
# Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end endNode.js
// Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } });A seconda della risposta, procedi nel seguente modo:
Se il cliente non esiste, il metodo
customers.getrestituisce un codice di erroreHTTP 404. Vai al passaggio successivo per creare un record di clienti in Google Workspace.Se il metodo
customers.getrestituisce senza errori, verifica se il cliente è tuo controllando il corpo della risposta per la proprietàalternateEmail. Se la proprietàalternateEmailnon è presente, devi trasferire il cliente e i suoi abbonamenti.
Creare un record relativo a un cliente in Google Workspace. Prima di poter creare abbonamenti per il cliente, devi creare un record relativo al cliente utilizzando le seguenti linee guida:
alternateEmailnon può trovarsi nello stesso dominio dicustomerDomain.- Il
postalAddress.countryCodedeve essere un codice paese ISO di due caratteri.
L'esempio seguente mostra la creazione di record di clienti:
Python
# Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response)Java
// Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse);C#
// Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse);PHP
// Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response);Ruby
# Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspectNode.js
// Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; });
Creare il primo utente amministratore con l'API SDK Admin
Dopo aver eseguito il provisioning di un cliente, devi creare il primo utente ed eseguire immediatamente l'upgrade dell'utente a super amministratore di dominio in modo che il cliente possa accedere ai nuovi servizi e accettare eventuali Termini di servizio applicabili.
Crea il primo utente e imposta la sua password. Le password devono essere di adeguata complessità e contenere almeno otto caratteri. Per ulteriori informazioni, consulta la risorsa di
user.Python
# Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response)Java
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse);C#
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse);PHP
// Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response);Ruby
# Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspectNode.js
// Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; });Se la chiamata per creare l'utente restituisce un valore
HTTP 409, il nome utente potrebbe esistere già come Account Google consumer.Esegui l'upgrade dell'utente al ruolo di super amministratore:
Python
# Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute()Java
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin");C#
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin");PHP
// Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin );
Ruby
# Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)Node.js
// Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } });
Creare un abbonamento a Google Workspace per un cliente
Quando crei un abbonamento per un cliente, devi inserire un ID o un identificatore della transazione interna per il cliente nel campo purchaseOrderId.
Per ulteriori informazioni su argomenti e valori specifici, consulta Gestione degli abbonamenti.
Per creare un abbonamento, utilizza la chiamata Subscriptions.Insert. L'esempio seguente utilizza una sottoscrizione
ANNUAL_YEARLY_PAY:Python
# Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response)Java
// Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse);C#
// Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse);PHP
// Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response);Ruby
# Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspectNode.js
// Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; });Gli abbonamenti sono in stato
SUSPENDEDfinché un amministratore del cliente non accede e accetta i Termini di servizio. Gli amministratori dei clienti vengono reindirizzati ai Termini di servizio al primo accesso quando accedono a qualsiasi proprietà di Google (ad esempio, Gmail o Google Drive).
Verificare il dominio e designare i proprietari
Questo passaggio è facoltativo, ma consigliato se hai la possibilità di verificare il dominio del cliente. La chiamata webResource.insert() dell'API Site Verification verifica un dominio e vi assegna i proprietari da te specificati nel parametro owners[] del corpo della richiesta.
L'esempio seguente mostra come verificare un INET_DOMAIN:
Python
# Verify domain and designate domain owners
response = verification_service.webResource().insert(
verificationMethod='DNS_TXT',
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
}).execute()
print(response)
Java
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.Site verifySite =
new SiteVerificationWebResourceResource.Site()
.setIdentifier(CUSTOMER_DOMAIN)
.setType("INET_DOMAIN");
List<String> owners = Arrays.asList(userEmail);
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
.setSite(verifySite)
.setOwners(owners);
SiteVerificationWebResourceResource verifyResponse =
verificationService.webResource().insert("DNS_TXT", resource).execute();
System.out.println("Site Verification Web Resource:\n" + verifyResponse);
C#
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.SiteData verifySite =
new SiteVerificationWebResourceResource.SiteData()
{
Identifier = CUSTOMER_DOMAIN,
Type = "INET_DOMAIN"
};
string[] owners = { userEmail };
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
{
Site = verifySite,
Owners = owners
};
SiteVerificationWebResourceResource verifyResponse =
verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
PHP
// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN,
],
'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);
$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);
Ruby
# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)
response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect
Node.js
// Verify domain and designate domain owners
const verifyDomainPromise = verificationService.webResource.insert({
verificationMethod: 'DNS_TXT',
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
}
}).then(({data}) => {
console.log(data);
return data;
});
Se l'operazione ha esito positivo, la chiamata restituisce un codice HTTP 200. Se webResource.insert()
non riesce a verificare il dominio, viene restituito un codice di errore di livello HTTP 400. Riprova a effettuare la chiamata webResource.insert() con un ritardo di backoff finché il dominio non sarà stato verificato.
Riassumendo
L'esempio seguente mostra il codice completo per il provisioning di un cliente di Google Workspace:
Python
"""This is a basic example of provisioning a Google Workspace customer.
"""
import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials
############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
]
credentials = ServiceAccountCredentials.from_json_keyfile_name(
JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)
reseller_service = build(
serviceName='reseller', version='v1', credentials=credentials)
directory_service = build(
serviceName='admin', version='directory_v1', credentials=credentials)
verification_service = build(
serviceName='siteVerification', version='v1', credentials=credentials)
# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
response = verification_service.webResource().getToken(
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'verificationMethod': 'DNS_TXT'
}).execute()
print(response)
# Determine if customer domain already has Google Workspace
try:
response = reseller_service.customers().get(
customerId=CUSTOMER_DOMAIN).execute()
print('Customer already exists if call succeeds')
sys.exit()
except HttpError as error:
if int(error.resp['status']) == 404:
print('Domain available for Google Workspace creation')
else:
raise
# Create customer resource
response = reseller_service.customers().insert(
body={
'customerDomain': CUSTOMER_DOMAIN,
'alternateEmail': 'marty.mcfly@gmail.com',
'postalAddress': {
'contactName': 'Marty McFly',
'organizationName': 'Acme Corp',
'postalCode': '10009',
'countryCode': 'US',
}
}).execute()
print(response)
# Create first admin user
response = directory_service.users().insert(
body={
'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN,
'name': {
'givenName': 'Marty',
'familyName': 'McFly',
},
'password': 'Timecircuit88'
}).execute()
print(response)
# Promote user to admin status
response = directory_service.users().makeAdmin(
userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={
'status': True
}).execute()
# Create subscription resource
response = reseller_service.subscriptions().insert(
customerId=CUSTOMER_DOMAIN,
body={
'customerId': CUSTOMER_DOMAIN,
'skuId': '1010020027',
'plan': {
'planName': 'ANNUAL_MONTHLY_PAY',
},
'seats': {
'numberOfSeats': 5,
},
'renewalSettings': { # only relevant for annual plans
'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY'
}
}).execute()
print(response)
# Verify domain and designate domain owners
response = verification_service.webResource().insert(
verificationMethod='DNS_TXT',
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
}).execute()
print(response)
Java
// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
/**
* This is a basic example of provisioning a Google Workspace customer.
*/
public class CodelabExample {
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
private static final List<String> OAUTH2_SCOPES = Arrays.asList(
ResellerScopes.APPS_ORDER,
SiteVerificationScopes.SITEVERIFICATION,
DirectoryScopes.ADMIN_DIRECTORY_USER
);
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static final String CUSTOMER_DOMAIN = "example.com";
public static final String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
public static void main(String[] args)
throws IOException, GeneralSecurityException, FileNotFoundException {
// Instantiate services with authenticated credentials
GoogleCredential jsonCredentials = GoogleCredential
.fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setServiceAccountScopes(OAUTH2_SCOPES)
.setServiceAccountUser(RESELLER_ADMIN_USER)
.setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
.setServiceAccountId(jsonCredentials.getServiceAccountId())
.build();
Reseller resellerService = new Reseller.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
Directory directoryService = new Directory.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
SiteVerification verificationService = new SiteVerification.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
SiteVerificationWebResourceGettokenRequest.Site getTokenSite =
new SiteVerificationWebResourceGettokenRequest.Site()
.setType("INET_DOMAIN")
.setIdentifier(CUSTOMER_DOMAIN);
SiteVerificationWebResourceGettokenRequest request =
new SiteVerificationWebResourceGettokenRequest()
.setVerificationMethod("DNS_TXT")
.setSite(getTokenSite);
SiteVerificationWebResourceGettokenResponse getTokenResponse =
verificationService.webResource().getToken(request).execute();
System.out.println("Site Verification Token: " + getTokenResponse.getToken());
// Determine if customer domain already has Google Workspace
try {
resellerService.customers().get(CUSTOMER_DOMAIN).execute();
System.out.println("Customer already exists if call succeeds");
System.exit(0);
} catch (HttpResponseException e) {
if (e.getStatusCode() == 404) {
System.out.println("Domain available for Google Workspace creation");
} else {
throw e;
}
}
// Create customer resource
Address address = new Address()
.setContactName("Marty McFly")
.setOrganizationName("Acme Corp")
.setCountryCode("US")
.setPostalCode("10009");
Customer customer = new Customer()
.setCustomerDomain(CUSTOMER_DOMAIN)
.setAlternateEmail("marty.mcfly@gmail.com")
.setPostalAddress(address);
Customer customerResponse = resellerService.customers()
.insert(customer).execute();
System.out.println("Created Customer:\n" + customerResponse);
// Create first admin user
String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
UserName name = new UserName();
name.setGivenName("Marty");
name.setFamilyName("McFly");
User user = new User();
user.setPrimaryEmail(userEmail);
user.setPassword("TimeCircuit88");
user.setName(name);
User userResponse = directoryService.users().insert(user).execute();
System.out.println("Created User:\n" + userResponse);
// Promote user to admin status
UserMakeAdmin admin = new UserMakeAdmin();
admin.setStatus(true);
directoryService.users().makeAdmin(userEmail, admin).execute();
System.out.println("User promoted to Admin");
// Create subscription resource
Seats seats = new Seats()
.setNumberOfSeats(5);
Subscription.Plan plan = new Subscription.Plan()
.setPlanName("ANNUAL_YEARLY_PAY");
RenewalSettings renewalSettings = new RenewalSettings()
.setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY");
Subscription subscription = new Subscription()
.setCustomerId(CUSTOMER_DOMAIN)
.setSeats(seats)
.setPlan(plan)
.setSkuId("1010020027")
.setRenewalSettings(renewalSettings);
Subscription subscriptionResponse = resellerService.subscriptions()
.insert(CUSTOMER_DOMAIN, subscription).execute();
System.out.println("Created Subscription:\n" + subscriptionResponse);
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.Site verifySite =
new SiteVerificationWebResourceResource.Site()
.setIdentifier(CUSTOMER_DOMAIN)
.setType("INET_DOMAIN");
List<String> owners = Arrays.asList(userEmail);
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
.setSite(verifySite)
.setOwners(owners);
SiteVerificationWebResourceResource verifyResponse =
verificationService.webResource().insert("DNS_TXT", resource).execute();
System.out.println("Site Verification Web Resource:\n" + verifyResponse);
}
}
C#
// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;
class CodelabExample
{
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
static string[] OAUTH2_SCOPES = {
ResellerService.Scope.AppsOrder,
DirectoryService.Scope.AdminDirectoryUser,
SiteVerificationService.Scope.Siteverification
};
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static String CUSTOMER_DOMAIN = "example.com";
public static String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
static void Main(string[] args)
{
GoogleCredential credential;
using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential
.FromStream(stream)
.CreateScoped(OAUTH2_SCOPES)
.CreateWithUser(RESELLER_ADMIN_USER);
}
var resellerService = new ResellerService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var directoryService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite =
new SiteVerificationWebResourceGettokenRequest.SiteData()
{
Type = "INET_DOMAIN",
Identifier = CUSTOMER_DOMAIN
};
SiteVerificationWebResourceGettokenRequest request =
new SiteVerificationWebResourceGettokenRequest()
{
VerificationMethod = "DNS_TXT",
Site = getTokenSite
};
SiteVerificationWebResourceGettokenResponse getTokenResponse =
verificationService.WebResource.GetToken(request).Execute();
Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
// Determine if customer domain already has Google Workspace
try
{
resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute();
Console.WriteLine("Customer already exists if call succeeds");
Environment.Exit(0);
}
catch (Google.GoogleApiException e) {
if (e.Error.Code == 404)
{
Console.WriteLine("Domain available for Google Workspace creation");
} else throw e;
}
// Create customer resource
Address address = new Address()
{
ContactName = "Marty McFly",
OrganizationName = "Acme Corp",
CountryCode = "US",
PostalCode = "10009"
};
Customer customer = new Customer()
{
CustomerDomain = CUSTOMER_DOMAIN,
AlternateEmail = "marty.mcfly@gmail.com",
PostalAddress = address
};
Customer customerResponse = resellerService.Customers.Insert(customer).Execute();
Console.WriteLine("Created Customer:\n{0}", customerResponse);
// Create first admin user
String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
UserName name = new UserName()
{
GivenName = "Marty",
FamilyName = "McFly"
};
User user = new User()
{
PrimaryEmail = userEmail,
Password = "TimeCircuit88",
Name = name
};
User userResponse = directoryService.Users.Insert(user).Execute();
Console.WriteLine("Created User:\n{0}", userResponse);
// Promote user to admin status
UserMakeAdmin admin = new UserMakeAdmin()
{
Status = true
};
directoryService.Users.MakeAdmin(admin, userEmail).Execute();
Console.WriteLine("User promoted to Admin");
// Create subscription resource
Seats seats = new Seats()
{
NumberOfSeats = 5
};
Subscription.PlanData plan = new Subscription.PlanData()
{
PlanName = "ANNUAL_YEARLY_PAY"
};
RenewalSettings renewalSettings = new RenewalSettings()
{
RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY"
};
Subscription subscription = new Subscription()
{
CustomerId = CUSTOMER_DOMAIN,
Seats = seats,
Plan = plan,
SkuId = "1010020027",
RenewalSettings = renewalSettings
};
Subscription subscriptionResponse = resellerService.Subscriptions
.Insert(subscription, CUSTOMER_DOMAIN).Execute();
Console.WriteLine("Created Subscription:\n" + subscriptionResponse);
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.SiteData verifySite =
new SiteVerificationWebResourceResource.SiteData()
{
Identifier = CUSTOMER_DOMAIN,
Type = "INET_DOMAIN"
};
string[] owners = { userEmail };
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
{
Site = verifySite,
Owners = owners
};
SiteVerificationWebResourceResource verifyResponse =
verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
}
}
PHP
// https://developers.google.com/api-client-library/php/
require_once 'vendor/autoload.php';
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
######### REPLACE WITH YOUR OWN VALUES ###############
$JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
$RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
$CUSTOMER_DOMAIN = 'example.com';
$CUSTOMER_SITE = 'https://www.example.com/';
######################################################
$client = new Google_Client();
$client->setAuthConfig($JSON_PRIVATE_KEY_FILE);
$client->setSubject($RESELLER_ADMIN_USER);
$client->setScopes($OAUTH2_SCOPES);
$resellerService = new Google_Service_Reseller($client);
$directoryService = new Google_Service_Directory($client);
$verificationService = new Google_Service_SiteVerification($client);
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([
'verificationMethod' => 'DNS_TXT',
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN
]
]);
$response = $verificationService->webResource->getToken($body);
print_r ($response);
// Determine if customer domain already has Google Workspace
try {
$response = $resellerService->customers->get($CUSTOMER_DOMAIN);
exit('Customer already exists if call succeeds');
} catch(Google_Service_Exception $e) {
if ($e->getErrors()[0]['reason'] == 'notFound'){
print ("Domain available for Google Workspace creation\n");
} else {
throw $e;
}
}
// Create customer resource
$customer = new Google_Service_Reseller_Customer([
'customerDomain' => $CUSTOMER_DOMAIN,
'alternateEmail' => 'marty.mcfly@gmail.com',
'postalAddress' => [
'contactName' => 'Marty McFly',
'organizationName' => 'Acme Corp',
'countryCode' => 'US',
'postalCode' => '10009'
]
]);
$response = $resellerService->customers->insert($customer);
print_r ($response);
// Create first admin user
$user = new Google_Service_Directory_User([
'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN,
'password' => 'Timecircuit88',
'name' => [
'givenName' => 'Marty',
'familyName' => 'McFly',
'fullName' => 'Marty McFly'
]
]);
$response = $directoryService->users->insert($user);
print_r ($response);
// Promote user to admin status
$makeAdmin = new Google_Service_Directory_UserMakeAdmin([
'status' => true
]);
$directoryService->users->makeAdmin(
'marty.mcfly@' . $CUSTOMER_DOMAIN,
$makeAdmin
);
// Create subscription resource
$subscription = new Google_Service_Reseller_Subscription([
'customerId' => $CUSTOMER_DOMAIN,
'skuId' => '1010020027',
'plan' => [
'planName' => 'ANNUAL_MONTHLY_PAY'
],
'seats' => [
'numberOfSeats' => '5'
],
'renewalSettings' => [
'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY'
]
]);
$response = $resellerService->subscriptions->insert(
$CUSTOMER_DOMAIN,
$subscription
);
print_r ($response);
// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN,
],
'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);
$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);
Ruby
require 'googleauth'
require 'google/apis/reseller_v1'
require 'google/apis/site_verification_v1'
require 'google/apis/admin_directory_v1'
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/admin.directory.user',
'https://reseller.googleapis.com/auth/siteverification',
]
####### REPLACE WITH YOUR OWN VALUES ###############
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com/'
####################################################
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open(JSON_PRIVATE_KEY_FILE),
scope: OAUTH2_SCOPES)
credentials.sub = RESELLER_ADMIN_USER
Google::Apis::RequestOptions.default.authorization = credentials
reseller_service = Google::Apis::ResellerV1::ResellerService.new
directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new
verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
verification_method: 'DNS_TXT'
)
response = verification_service.get_web_resource_token(request)
puts response.inspect
# Determine if customer domain already has Google Workspace
begin
reseller_service.get_customer(CUSTOMER_DOMAIN)
abort('Customer already exists if call succeeds')
rescue Google::Apis::ClientError => ex
if ex.status_code == 404
puts 'Domain available for Google Workspace creation'
else
raise ex
end
end
# Create customer resource
customer = Google::Apis::ResellerV1::Customer.new(
customer_domain: CUSTOMER_DOMAIN,
alternate_email: 'marty.mcfly@gmail.com',
postal_address: {
contact_name: 'Marty McFly',
organization_name: 'Acme Corp',
country_code: 'US',
postal_code: '10009'})
response = reseller_service.insert_customer(customer)
puts response.inspect
# Create first admin user
user = Google::Apis::AdminDirectoryV1::User.new(
name: {
given_name: 'Marty',
family_name: 'McFly',
full_name: 'Marty McFly'
},
password: 'Timecircuit88',
primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN,
)
response = directory_service.insert_user(user)
puts response.inspect
# Promote user to admin status
admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new(
status: true
)
response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)
# Create subscription resource
subscription = Google::Apis::ResellerV1::Subscription.new(
customer_id: CUSTOMER_DOMAIN,
sku_id: '1010020027',
plan: {
plan_name: 'ANNUAL_MONTHLY_PAY'
},
seats: {
number_of_seats: 5,
},
renewal_settings: {
renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY'
}
)
response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription)
puts response.inspect
# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)
response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');
// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################
// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
];
const authJWT = new google.auth.JWT({
keyFile: JSON_PRIVATE_KEY_FILE,
scopes: OAUTH2_SCOPES,
subject: RESELLER_ADMIN_USER,
});
const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
// Run all the steps one after each other, and exit as soon as one of them fail
Promise.resolve()
.then(() => {
/**
* Retrieve the site verification token and place it according to:
* https://developers.google.com/site-verification/v1/getting_started#tokens
*/
const getTokenPromise = verificationService.webResource.getToken({
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
verificationMethod: 'DNS_TXT',
}
}).then(({data}) => {
console.log(data);
return data;
});
return getTokenPromise;
})
.then(() => {
// Determine if customer domain already has Google Workspace
const getCustomerPromise = resellerService.customers.get({
customerId: CUSTOMER_DOMAIN
}).then(() => {
throw new Error('Customer already exists');
}, resErr => {
if (resErr.code === 404) {
console.log('Domain available for Google Workspace creation');
} else {
throw resErr;
}
});
return getCustomerPromise;
})
.then(() => {
// Create customer resource
const insertCustomerPromise = resellerService.customers.insert({
requestBody: {
customerDomain: CUSTOMER_DOMAIN,
alternateEmail: 'marty.mcfly@gmail.com',
postalAddress: {
contactName: 'Marty McFly',
organizationName: 'Acme Corp',
postalCode: '10009',
countryCode: 'US',
}
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertCustomerPromise;
})
.then(() => {
// Create first admin user
const insertUserPromise = directoryService.users.insert({
requestBody: {
primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`,
name: {
givenName: 'Marty',
familyName: 'McFly',
},
password: 'Timecircuit88',
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertUserPromise;
}).then(() => {
// Promote user to admin status
const makeAdminPromise = directoryService.users.makeAdmin({
userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`,
requestBody: {
status: true
}
});
return makeAdminPromise;
})
.then(() => {
// Create subscription resource
const insertSubscriptionPromise = resellerService.subscriptions.insert({
customerId: CUSTOMER_DOMAIN,
requestBody: {
customerId: CUSTOMER_DOMAIN,
skuId: '1010020027',
plan: {
planName: 'ANNUAL_MONTHLY_PAY',
},
seats: {
numberOfSeats: 5,
},
renewalSettings: { // only relevant for annual plans
renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY',
}
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertSubscriptionPromise;
})
.then(() => {
// Verify domain and designate domain owners
const verifyDomainPromise = verificationService.webResource.insert({
verificationMethod: 'DNS_TXT',
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
}
}).then(({data}) => {
console.log(data);
return data;
});
return verifyDomainPromise;
})
.catch(err => {
console.error('Error:', err.message);
if (err.code) {
console.log('Error code:', err.code);
}
if (err.errors) {
console.log('Details:', err.errors);
}
});