Предоставление клиента

В этом руководстве показано, как подготовить клиента с помощью API реселлера.

Правильная подготовка клиента включает в себя несколько взаимозависимых шагов, которые охватывают несколько API на платформе Google Workspace.

На предыдущей диаграмме показано, какие API используются на каждом этапе подготовки клиента:

• Используйте API проверки сайта, чтобы разместить токен проверки домена.
• Используйте API реселлера для создания клиента.
• Используйте API каталога, чтобы создать первого пользователя и сделать его администратором.
• Используйте API реселлера для создания подписки.
• Используйте API проверки сайта, чтобы подтвердить домен.

Предварительные условия

• Экземпляр домена реселлера Google.
• Полностью оформленное партнерское соглашение Google Workspace.

• Аккаунт Google.
• Примите Условия обслуживания в консоли партнерских продаж.
• Загрузите клиентскую библиотеку для разных языков .

Настройте свою среду

Чтобы завершить это руководство, настройте свою среду.

Включить API

• В консоли Google Cloud включите Reseller API, Site Verification API и Admin SDK API.

  Включить APIS

Создать учетную запись службы

Создайте учетные данные для учетной записи службы

1. В консоли Google Cloud выберите menu > IAM и администрирование > Учетные записи служб .

   Перейти к учетным записям служб

2. Выберите свою учетную запись службы.
3. Нажмите «Ключи» > «Добавить ключ» > «Создать новый ключ» .
4. Выберите JSON , затем нажмите «Создать» .

   Ваша новая пара открытого/закрытого ключей генерируется и загружается на ваш компьютер в виде нового файла. Сохраните загруженный файл JSON как credentials.json в своем рабочем каталоге. Этот файл является единственной копией этого ключа. Информацию о том, как безопасно хранить ключ, см. в разделе Управление ключами учетной записи службы .

5. Нажмите Закрыть .

Настройка делегирования на уровне домена для сервисного аккаунта

1. В консоли Google Cloud выберите menu > IAM и администрирование > Учетные записи служб .

   Перейти к учетным записям служб

2. Выберите свою учетную запись службы.
3. Нажмите Показать дополнительные настройки .
4. В разделе «Делегирование на уровне домена» найдите «Идентификатор клиента» своего сервисного аккаунта. Нажмите «Копировать content_copy , чтобы скопировать значение идентификатора клиента в буфер обмена.

5. Если у вас есть доступ суперадминистратора к соответствующей учетной записи Google Workspace, нажмите «Просмотреть консоль администратора Google Workspace» , затем войдите в систему, используя учетную запись суперадминистратора, и продолжайте выполнять следующие действия.

   Если у вас нет доступа суперадминистратора к соответствующему аккаунту Google Workspace, обратитесь к суперадминистратору этого аккаунта и отправьте ему идентификатор клиента вашего сервисного аккаунта и список областей OAuth, чтобы он мог выполнить следующие шаги в консоли администратора.

1. В консоли администратора Google перейдите в menu «Меню» > «Безопасность» > « Доступ и контроль данных» > «Управление API» .

   Перейти к элементам управления API

2. Нажмите «Управление делегированием всего домена» .
3. Нажмите Добавить новый .
4. В поле «Идентификатор клиента» вставьте ранее скопированный идентификатор клиента.
5. В поле «Области OAuth» введите через запятую список областей, необходимых вашему приложению. Это тот же набор областей, которые вы определили при настройке экрана согласия OAuth.
6. Нажмите «Авторизовать» .

Создание объектов службы с проверенными учетными данными.

Чтобы начать работу с любым API Google, вам сначала необходимо настроить аутентификацию и учетные данные в вашем приложении. Клиентские библиотеки Google сделают это от вашего имени. Во всех библиотеках есть шаблоны для создания объекта учетных данных, которому вы можете предоставить доступ ко всем API и передать их в каждую службу. Обычно приложение должно иметь один набор учетных данных и использовать только один облачный проект для всех взаимодействий с API Google.

Используйте файл ключей JSON, который вы создали при создании учетной записи службы.

import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials

############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################

# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
    'https://reseller.googleapis.com/auth/apps.order',
    'https://reseller.googleapis.com/auth/siteverification',
    'https://reseller.googleapis.com/auth/admin.directory.user',
]

credentials = ServiceAccountCredentials.from_json_keyfile_name(
    JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)

reseller_service = build(
    serviceName='reseller', version='v1', credentials=credentials)

directory_service = build(
    serviceName='admin', version='directory_v1', credentials=credentials)

verification_service = build(
    serviceName='siteVerification', version='v1', credentials=credentials)

// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;

/**
 * This is a basic example of provisioning a Google Workspace customer.
 */
public class CodelabExample {
  // Full List of scopes:
  // https://developers.google.com/identity/protocols/googlescopes
  private static final List<String> OAUTH2_SCOPES = Arrays.asList(
    ResellerScopes.APPS_ORDER,
    SiteVerificationScopes.SITEVERIFICATION,
    DirectoryScopes.ADMIN_DIRECTORY_USER
  );

  /***************** REPLACE WITH YOUR OWN VALUES ********************************/
  public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
  public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
  public static final String CUSTOMER_DOMAIN = "example.com";
  public static final String CUSTOMER_SITE = "https://www.example.com/";
  /*******************************************************************************/

  public static void main(String[] args)
      throws IOException, GeneralSecurityException, FileNotFoundException {
    // Instantiate services with authenticated credentials
    GoogleCredential jsonCredentials = GoogleCredential
      .fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
    GoogleCredential credentials = new GoogleCredential.Builder()
      .setTransport(GoogleNetHttpTransport.newTrustedTransport())
      .setJsonFactory(JacksonFactory.getDefaultInstance())
      .setServiceAccountScopes(OAUTH2_SCOPES)
      .setServiceAccountUser(RESELLER_ADMIN_USER)
      .setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
      .setServiceAccountId(jsonCredentials.getServiceAccountId())
      .build();

    Reseller resellerService = new Reseller.Builder(
        credentials.getTransport(),
        credentials.getJsonFactory(),
        credentials).setApplicationName("Google Workspace Creator").build();

    Directory directoryService = new Directory.Builder(
        credentials.getTransport(),
        credentials.getJsonFactory(),
        credentials).setApplicationName("Google Workspace Creator").build();

    SiteVerification verificationService = new SiteVerification.Builder(
        credentials.getTransport(),
        credentials.getJsonFactory(),
        credentials).setApplicationName("Google Workspace Creator").build();

// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;

class CodelabExample
{
    // Full List of scopes:
    // https://developers.google.com/identity/protocols/googlescopes
    static string[] OAUTH2_SCOPES = {
        ResellerService.Scope.AppsOrder,
        DirectoryService.Scope.AdminDirectoryUser,
        SiteVerificationService.Scope.Siteverification
    };

    /***************** REPLACE WITH YOUR OWN VALUES ********************************/
    public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
    public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
    public static String CUSTOMER_DOMAIN = "example.com";
    public static String CUSTOMER_SITE = "https://www.example.com/";
    /*******************************************************************************/

    static void Main(string[] args)
    {
        GoogleCredential credential;

        using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
        {
            credential = GoogleCredential
                .FromStream(stream)
                .CreateScoped(OAUTH2_SCOPES)
                .CreateWithUser(RESELLER_ADMIN_USER);
        }

        var resellerService = new ResellerService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
        });

        var directoryService = new DirectoryService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
        });

        var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
        });

// https://developers.google.com/api-client-library/php/
require_once 'vendor/autoload.php';

// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
$OAUTH2_SCOPES = [
  Google_Service_Reseller::APPS_ORDER,
  Google_Service_SiteVerification::SITEVERIFICATION,
  Google_Service_Directory::ADMIN_DIRECTORY_USER,
];

######### REPLACE WITH YOUR OWN VALUES ###############
$JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
$RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
$CUSTOMER_DOMAIN = 'example.com';
$CUSTOMER_SITE = 'https://www.example.com/';
######################################################

$client = new Google_Client();
$client->setAuthConfig($JSON_PRIVATE_KEY_FILE);
$client->setSubject($RESELLER_ADMIN_USER);
$client->setScopes($OAUTH2_SCOPES);

$resellerService = new Google_Service_Reseller($client);
$directoryService = new Google_Service_Directory($client);
$verificationService = new Google_Service_SiteVerification($client);

require 'googleauth'
require 'google/apis/reseller_v1'
require 'google/apis/site_verification_v1'
require 'google/apis/admin_directory_v1'

# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
  'https://reseller.googleapis.com/auth/apps.order',
  'https://reseller.googleapis.com/auth/admin.directory.user',
  'https://reseller.googleapis.com/auth/siteverification',
]

####### REPLACE WITH YOUR OWN VALUES ###############
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com/'
####################################################

credentials = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open(JSON_PRIVATE_KEY_FILE),
  scope: OAUTH2_SCOPES)
credentials.sub = RESELLER_ADMIN_USER

Google::Apis::RequestOptions.default.authorization = credentials

reseller_service = Google::Apis::ResellerV1::ResellerService.new
directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new
verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new

// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');

// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################

// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
  'https://reseller.googleapis.com/auth/apps.order',
  'https://reseller.googleapis.com/auth/siteverification',
  'https://reseller.googleapis.com/auth/admin.directory.user',
];

const authJWT = new google.auth.JWT({
  keyFile: JSON_PRIVATE_KEY_FILE,
  scopes: OAUTH2_SCOPES,
  subject: RESELLER_ADMIN_USER,
});

const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});

Начать процесс проверки домена

Этот шаг не является обязательным, но рекомендуется, если у вас есть возможность подтвердить домен клиента. Этот шаг завершается в конце руководства, когда вы подтвердите домен.

Если вы не подтвердите домен клиента, на него будут наложены следующие ограничения:

• У них есть доступ только к консоли администратора, где они проходят процедуру проверки домена вручную .
• Они могут быть приостановлены через 21 день после создания.

Чтобы получить токен проверки сайта, выполните следующие действия:

1. Чтобы получить токен проверки сайта, используйте API проверки сайта . Вы не можете проверить, был ли домен ранее проверен, но вы можете проверять сайты несколько раз без каких-либо проблем. В зависимости от того, проверяете ли вы тип INET_DOMAIN или SITE , параметры verificationMethod различаются. Выберите один из следующих вариантов:

   • Для типа INET_DOMAIN используйте один из следующих параметров verificationMethod :

     • DNS_TXT
     • DNS_CNAME

     В следующем примере получения токена используется тип INET_DOMAIN :

     Питон

     # Retrieve the site verification token and place it according to:
     # https://developers.google.com/site-verification/v1/getting_started#tokens
     response = verification_service.webResource().getToken(
         body={
             'site': {
                 'type': 'INET_DOMAIN',
                 'identifier': CUSTOMER_DOMAIN
             },
             'verificationMethod': 'DNS_TXT'
         }).execute()
     print(response)

     Джава

     // Retrieve the site verification token and place it according to:
     // https://developers.google.com/site-verification/v1/getting_started#tokens
     SiteVerificationWebResourceGettokenRequest.Site getTokenSite =
         new SiteVerificationWebResourceGettokenRequest.Site()
             .setType("INET_DOMAIN")
             .setIdentifier(CUSTOMER_DOMAIN);
     
     SiteVerificationWebResourceGettokenRequest request =
         new SiteVerificationWebResourceGettokenRequest()
             .setVerificationMethod("DNS_TXT")
             .setSite(getTokenSite);
     
     SiteVerificationWebResourceGettokenResponse getTokenResponse =
         verificationService.webResource().getToken(request).execute();
     System.out.println("Site Verification Token: " + getTokenResponse.getToken());

     С#

     // Retrieve the site verification token and place it according to:
     // https://developers.google.com/site-verification/v1/getting_started#tokens
     SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite =
         new SiteVerificationWebResourceGettokenRequest.SiteData()
         {
             Type = "INET_DOMAIN",
             Identifier = CUSTOMER_DOMAIN
         };
     
     SiteVerificationWebResourceGettokenRequest request =
         new SiteVerificationWebResourceGettokenRequest()
         {
             VerificationMethod = "DNS_TXT",
             Site = getTokenSite
         };
     
     SiteVerificationWebResourceGettokenResponse getTokenResponse =
         verificationService.WebResource.GetToken(request).Execute();
     Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);

     PHP

     // Retrieve the site verification token and place it according to:
     // https://developers.google.com/site-verification/v1/getting_started#tokens
     $body =
     new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([
       'verificationMethod' => 'DNS_TXT',
       'site' => [
         'type' => 'INET_DOMAIN',
         'identifier' => $CUSTOMER_DOMAIN
       ]
     ]);
     $response = $verificationService->webResource->getToken($body);
     print_r ($response);

     Рубин

     # Retrieve the site verification token and place it according to:
     # https://developers.google.com/site-verification/v1/getting_started#tokens
     request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new(
       site: {
         type: 'INET_DOMAIN',
         identifier: CUSTOMER_DOMAIN
       },
       verification_method: 'DNS_TXT'
     )
     
     response = verification_service.get_web_resource_token(request)
     puts response.inspect

     Node.js

     /**
      * Retrieve the site verification token and place it according to:
      * https://developers.google.com/site-verification/v1/getting_started#tokens
      */
     const getTokenPromise = verificationService.webResource.getToken({
       requestBody: {
         site: {
           type: 'INET_DOMAIN',
           identifier: CUSTOMER_DOMAIN,
         },
         verificationMethod: 'DNS_TXT',
       }
     }).then(({data}) => {
       console.log(data);
       return data;
     });

   • Для типа SITE используйте один из следующих параметров verificationMethod :

     • FILE
     • META

     В следующем примере получения токена используется тип SITE с методом проверки FILE . При использовании типа проверки SITE необходимо добавлять к идентификатору префикс http:// или https:// .

     Питон

     # Retrieve the site verification token and place it according to:
     # https://developers.google.com/site-verification/v1/getting_started#tokens
     response = verification_service.webResource().getToken(
         body={
             'site': {
                 'type': 'SITE',
                 'identifier': CUSTOMER_SITE
             },
             'verificationMethod': 'FILE'
         }).execute()
     print(response)

     Джава

     // Retrieve the site verification token and place it according to:
     // https://developers.google.com/site-verification/v1/getting_started#tokens
     SiteVerificationWebResourceGettokenRequest.Site getTokenSite =
         new SiteVerificationWebResourceGettokenRequest.Site()
             .setType("SITE")
             .setIdentifier(CUSTOMER_SITE);
     
     SiteVerificationWebResourceGettokenRequest request =
         new SiteVerificationWebResourceGettokenRequest()
             .setVerificationMethod("FILE")
             .setSite(getTokenSite);
     
     SiteVerificationWebResourceGettokenResponse getTokenResponse =
         verificationService.webResource().getToken(request).execute();
     System.out.println("Site Verification Token: " + getTokenResponse.getToken());

     С#

     // Retrieve the site verification token and place it according to:
     // https://developers.google.com/site-verification/v1/getting_started#tokens
     SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite =
         new SiteVerificationWebResourceGettokenRequest.SiteData()
         {
             Type = "SITE",
             Identifier = CUSTOMER_SITE
         };
     
     SiteVerificationWebResourceGettokenRequest request =
         new SiteVerificationWebResourceGettokenRequest()
         {
             VerificationMethod = "FILE",
             Site = getTokenSite
         };
     
     SiteVerificationWebResourceGettokenResponse getTokenResponse =
         verificationService.WebResource.GetToken(request).Execute();
     Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);

     PHP

     // Retrieve the site verification token and place it according to:
     // https://developers.google.com/site-verification/v1/getting_started#tokens
     $body =
     new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([
       'verificationMethod' => 'FILE',
       'site' => [
         'type' => 'SITE',
         'identifier' => $CUSTOMER_DOMAIN
       ]
     ]);
     $response = $verificationService->webResource->getToken($body);
     print_r($response);

     Рубин

     # Retrieve the site verification token and place it according to:
     # https://developers.google.com/site-verification/v1/getting_started#tokens
     request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new(
       site: {
         type: 'SITE',
         identifier: CUSTOMER_SITE
       },
       verification_method: 'FILE'
     )
     
     response = verification_service.get_web_resource_token(request)
     puts response.inspect

     Node.js

     /**
      * Retrieve the site verification token and place it according to:
      * https://developers.google.com/site-verification/v1/getting_started#tokens
      */
     const getTokenPromise = verificationService.webResource.getToken({
       requestBody: {
         site: {
           type: 'SITE',
           identifier: CUSTOMER_SITE,
         },
         verificationMethod: 'FILE',
       }
     }).then(({data}) => {
       console.log(data);
       return data;
     });

2. Поместите токен проверки сайта в запись DNS или на сайт .

Создайте клиента с помощью API реселлера

1. Используйте метод Customers.Get , чтобы определить, существует ли клиент уже в Google Workspace:

   Питон

   # Determine if customer domain already has Google Workspace
   try:
     response = reseller_service.customers().get(
         customerId=CUSTOMER_DOMAIN).execute()
     print('Customer already exists if call succeeds')
     sys.exit()
   except HttpError as error:
     if int(error.resp['status']) == 404:
       print('Domain available for Google Workspace creation')
     else:
       raise

   Джава

   // Determine if customer domain already has Google Workspace
   try {
     resellerService.customers().get(CUSTOMER_DOMAIN).execute();
     System.out.println("Customer already exists if call succeeds");
     System.exit(0);
   } catch (HttpResponseException e) {
       if (e.getStatusCode() == 404) {
         System.out.println("Domain available for Google Workspace creation");
       } else { 
         throw e; 
       }
   }

   С#

   // Determine if customer domain already has Google Workspace
   try
   {
       resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute();
       Console.WriteLine("Customer already exists if call succeeds");
       Environment.Exit(0);
   }
   catch (Google.GoogleApiException e) {
       if (e.Error.Code == 404)
       {
           Console.WriteLine("Domain available for Google Workspace creation");
       } else throw e;
   }

   PHP

   // Determine if customer domain already has Google Workspace
   try {
     $response = $resellerService->customers->get($CUSTOMER_DOMAIN);
     exit('Customer already exists if call succeeds');
   } catch(Google_Service_Exception $e) {
     if ($e->getErrors()[0]['reason'] == 'notFound'){
       print ("Domain available for Google Workspace creation\n");
     } else {
       throw $e;
     }
   }

   Рубин

   # Determine if customer domain already has Google Workspace
   begin
     reseller_service.get_customer(CUSTOMER_DOMAIN)
     abort('Customer already exists if call succeeds')
   rescue Google::Apis::ClientError => ex
     if ex.status_code == 404
       puts 'Domain available for Google Workspace creation'
     else
       raise ex
     end
   end

   Node.js

   // Determine if customer domain already has Google Workspace
   const getCustomerPromise = resellerService.customers.get({
     customerId: CUSTOMER_DOMAIN
   }).then(() => {
     throw new Error('Customer already exists');
   }, resErr => {
     if (resErr.code === 404) {
       console.log('Domain available for Google Workspace creation');
     } else {
       throw resErr;
     }
   });

2. В зависимости от ответа сделайте следующее:

   • Если клиент не существует, метод customers.get возвращает код ошибки HTTP 404 . Перейдите к следующему шагу: создайте запись о клиенте в Google Workspace.

   • Если метод customers.get возвращает ошибку, определите, является ли клиент вашим, проверив в тексте ответа свойство alternateEmail . Если свойство alternateEmail отсутствует, необходимо перенести клиента и его подписки .

3. Создайте запись клиента в Google Workspace. Прежде чем создавать подписки для этого клиента, необходимо создать запись о клиенте, используя следующие рекомендации:

   • alternateEmail не может находиться в том же домене, что и customerDomain .
   • postalAddress.countryCode должен представлять собой двухзначный код страны в формате ISO.

   В следующем примере показано создание записи о клиенте:

   Питон

   # Create customer resource
   response = reseller_service.customers().insert(
       body={
           'customerDomain': CUSTOMER_DOMAIN,
           'alternateEmail': 'marty.mcfly@gmail.com',
           'postalAddress': {
               'contactName': 'Marty McFly',
               'organizationName': 'Acme Corp',
               'postalCode': '10009',
               'countryCode': 'US',
           }
       }).execute()
   print(response)

   Джава

   // Create customer resource
   Address address = new Address()
     .setContactName("Marty McFly")
     .setOrganizationName("Acme Corp")
     .setCountryCode("US")
     .setPostalCode("10009");
   
   Customer customer = new Customer()
     .setCustomerDomain(CUSTOMER_DOMAIN)
     .setAlternateEmail("marty.mcfly@gmail.com")
     .setPostalAddress(address);
   
   Customer customerResponse = resellerService.customers()
     .insert(customer).execute();
   System.out.println("Created Customer:\n" + customerResponse);

   С#

   // Create customer resource
   Address address = new Address()
   {
       ContactName = "Marty McFly",
       OrganizationName = "Acme Corp",
       CountryCode = "US",
       PostalCode = "10009"
   };
   
   Customer customer = new Customer()
   {
       CustomerDomain = CUSTOMER_DOMAIN,
       AlternateEmail = "marty.mcfly@gmail.com",
       PostalAddress = address
   };
   
   Customer customerResponse = resellerService.Customers.Insert(customer).Execute();
   Console.WriteLine("Created Customer:\n{0}", customerResponse);

   PHP

   // Create customer resource
   $customer = new Google_Service_Reseller_Customer([
     'customerDomain' => $CUSTOMER_DOMAIN,
     'alternateEmail' => 'marty.mcfly@gmail.com',
     'postalAddress' => [
       'contactName' => 'Marty McFly',
       'organizationName' => 'Acme Corp',
       'countryCode' => 'US',
       'postalCode' => '10009'
     ]
   ]);
   $response = $resellerService->customers->insert($customer);
   print_r ($response);

   Рубин

   # Create customer resource
   customer = Google::Apis::ResellerV1::Customer.new(
     customer_domain: CUSTOMER_DOMAIN,
     alternate_email: 'marty.mcfly@gmail.com',
     postal_address: {
       contact_name: 'Marty McFly',
       organization_name: 'Acme Corp',
       country_code: 'US',
       postal_code: '10009'})
   
   response = reseller_service.insert_customer(customer)
   puts response.inspect

   Node.js

   // Create customer resource
   const insertCustomerPromise = resellerService.customers.insert({
     requestBody: {
       customerDomain: CUSTOMER_DOMAIN,
       alternateEmail: 'marty.mcfly@gmail.com',
       postalAddress: {
         contactName: 'Marty McFly',
         organizationName: 'Acme Corp',
         postalCode: '10009',
         countryCode: 'US',
       }
     }
   }).then(({data}) => {
     console.log(data);
     return data;
   });

Создайте первого пользователя-администратора с помощью Admin SDK API.

После подготовки клиента вы должны создать первого пользователя и немедленно повысить его статус до суперадминистратора домена, чтобы клиент мог получить доступ к своим новым услугам и принять все применимые Условия обслуживания.

1. Создайте первого пользователя и установите его пароль. Пароли должны быть достаточной сложности и содержать не менее восьми символов. Дополнительную информацию см. в ресурсе user .

   Питон

   # Create first admin user
   response = directory_service.users().insert(
       body={
           'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN,
           'name': {
               'givenName': 'Marty',
               'familyName': 'McFly',
           },
           'password': 'Timecircuit88'
       }).execute()
   print(response)

   Джава

   // Create first admin user
   String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
   
   UserName name = new UserName();
   name.setGivenName("Marty");
   name.setFamilyName("McFly");
   
   User user = new User();
   user.setPrimaryEmail(userEmail);
   user.setPassword("TimeCircuit88");
   user.setName(name);
   
   User userResponse = directoryService.users().insert(user).execute();
   System.out.println("Created User:\n" + userResponse);

   С#

   // Create first admin user
   String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
   
   UserName name = new UserName()
   {
       GivenName = "Marty",
       FamilyName = "McFly"
   };
   
   User user = new User()
   {
       PrimaryEmail = userEmail,
       Password = "TimeCircuit88",
       Name = name
   };
   
   User userResponse = directoryService.Users.Insert(user).Execute();
   Console.WriteLine("Created User:\n{0}", userResponse);

   PHP

   // Create first admin user
   $user = new Google_Service_Directory_User([
     'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN,
     'password' => 'Timecircuit88',
     'name' => [
       'givenName' => 'Marty',
       'familyName' => 'McFly',
       'fullName' => 'Marty McFly'
     ]
   ]);
   $response = $directoryService->users->insert($user);
   print_r ($response);

   Рубин

   # Create first admin user
   user = Google::Apis::AdminDirectoryV1::User.new(
     name: {
       given_name: 'Marty',
       family_name: 'McFly',
       full_name: 'Marty McFly'
     },
     password: 'Timecircuit88',
     primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN,
   )
   
   response = directory_service.insert_user(user)
   puts response.inspect

   Node.js

   // Create first admin user
   const insertUserPromise = directoryService.users.insert({
     requestBody: {
       primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`,
       name: {
         givenName: 'Marty',
         familyName: 'McFly',
       },
       password: 'Timecircuit88',
     }
   }).then(({data}) => {
     console.log(data);
     return data;
   });

   Если вызов для создания пользователя возвращает HTTP 409 , возможно, имя пользователя уже существует в качестве потребительского аккаунта Google.

2. Повысьте пользователя до роли суперадминистратора:

   Питон

   # Promote user to admin status
   response = directory_service.users().makeAdmin(
       userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={
           'status': True
       }).execute()

   Джава

   // Promote user to admin status
   UserMakeAdmin admin = new UserMakeAdmin();
   admin.setStatus(true);
   
   directoryService.users().makeAdmin(userEmail, admin).execute();
   System.out.println("User promoted to Admin");

   С#

   // Promote user to admin status
   UserMakeAdmin admin = new UserMakeAdmin()
   {
       Status = true
   };
   directoryService.Users.MakeAdmin(admin, userEmail).Execute();
   Console.WriteLine("User promoted to Admin");

   PHP

   // Promote user to admin status
   $makeAdmin = new Google_Service_Directory_UserMakeAdmin([
     'status' => true
   ]);
   $directoryService->users->makeAdmin(
     'marty.mcfly@' . $CUSTOMER_DOMAIN,
     $makeAdmin
   );

   Рубин

   # Promote user to admin status
   admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new(
     status: true
   )
   
   response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)

   Node.js

   // Promote user to admin status
   const makeAdminPromise = directoryService.users.makeAdmin({
     userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`,
     requestBody: {
       status: true
     }
   });

Создайте подписку на Google Workspace для клиента

Когда вы создаете подписку для клиента, вам следует поместить внутренний идентификатор транзакции или идентификатор для этого клиента в поле purchaseOrderId . Дополнительные сведения о конкретных аргументах и ​​значениях см. в разделе Управление подписками .

1. Чтобы создать подписку, используйте вызов Subscriptions.Insert . В следующем примере используется подписка ANNUAL_YEARLY_PAY :

   Питон

   # Create subscription resource
   response = reseller_service.subscriptions().insert(
       customerId=CUSTOMER_DOMAIN,
       body={
           'customerId': CUSTOMER_DOMAIN,
           'skuId': '1010020027',
           'plan': {
               'planName': 'ANNUAL_MONTHLY_PAY',
           },
           'seats': {
               'numberOfSeats': 5,
           },
           'renewalSettings': {  # only relevant for annual plans
               'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY'
           }
       }).execute()
   print(response)

   Джава

   // Create subscription resource
   Seats seats = new Seats()
     .setNumberOfSeats(5);
   
   Subscription.Plan plan = new Subscription.Plan()
     .setPlanName("ANNUAL_YEARLY_PAY");
   
   RenewalSettings renewalSettings = new RenewalSettings()
     .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY");
   
   Subscription subscription = new Subscription()
     .setCustomerId(CUSTOMER_DOMAIN)
     .setSeats(seats)
     .setPlan(plan)
     .setSkuId("1010020027")
     .setRenewalSettings(renewalSettings);
   
   Subscription subscriptionResponse = resellerService.subscriptions()
     .insert(CUSTOMER_DOMAIN, subscription).execute();
   System.out.println("Created Subscription:\n" + subscriptionResponse);

   С#

   // Create subscription resource
   Seats seats = new Seats()
   {
       NumberOfSeats = 5
   };
   
   Subscription.PlanData plan = new Subscription.PlanData()
   {
       PlanName = "ANNUAL_YEARLY_PAY"
   };
   
   RenewalSettings renewalSettings = new RenewalSettings()
   {
       RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY"
   };
   
   Subscription subscription = new Subscription()
   {
       CustomerId = CUSTOMER_DOMAIN,
       Seats = seats,
       Plan = plan,
       SkuId = "1010020027",
       RenewalSettings = renewalSettings
   };
   
   Subscription subscriptionResponse = resellerService.Subscriptions
       .Insert(subscription, CUSTOMER_DOMAIN).Execute();
   Console.WriteLine("Created Subscription:\n" + subscriptionResponse);

   PHP

   // Create subscription resource
   $subscription = new Google_Service_Reseller_Subscription([
     'customerId' => $CUSTOMER_DOMAIN,
     'skuId' => '1010020027',
     'plan' => [
       'planName' => 'ANNUAL_MONTHLY_PAY'
     ],
     'seats' => [
       'numberOfSeats' => '5'
     ],
     'renewalSettings' => [
       'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY'
     ]
   ]);
   $response = $resellerService->subscriptions->insert(
     $CUSTOMER_DOMAIN,
     $subscription
   );
   print_r ($response);

   Рубин

   # Create subscription resource
   subscription = Google::Apis::ResellerV1::Subscription.new(
     customer_id: CUSTOMER_DOMAIN,
     sku_id: '1010020027',
     plan: {
       plan_name: 'ANNUAL_MONTHLY_PAY'
     },
     seats: {
       number_of_seats: 5,
     },
     renewal_settings: {
       renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY'
     }
   )
   
   response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription)
   puts response.inspect

   Node.js

   // Create subscription resource
   const insertSubscriptionPromise = resellerService.subscriptions.insert({
     customerId: CUSTOMER_DOMAIN,
     requestBody: {
       customerId: CUSTOMER_DOMAIN,
       skuId: '1010020027',
       plan: {
         planName: 'ANNUAL_MONTHLY_PAY',
       },
       seats: {
         numberOfSeats: 5,
       },
       renewalSettings: { // only relevant for annual plans
         renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY',
       }
     }
   }).then(({data}) => {
     console.log(data);
     return data;
   });

2. Подписки находятся в состоянии SUSPENDED пока администратор клиента не войдет в систему и не примет Условия обслуживания. Администраторы клиентов перенаправляются к Условиям обслуживания при первом входе в систему при доступе к любому ресурсу Google (например, Gmail или Google Drive).

Подтвердите домен и назначьте владельцев домена

Этот шаг не является обязательным, но рекомендуется, если у вас есть возможность подтвердить домен клиента. Вызов API проверки сайта webResource.insert() одновременно проверяет домен и назначает ему владельцев, которых вы указываете в параметре owners[] тела запроса.

В следующем примере показано, как проверить INET_DOMAIN :

# Verify domain and designate domain owners
response = verification_service.webResource().insert(
    verificationMethod='DNS_TXT',
    body={
        'site': {
            'type': 'INET_DOMAIN',
            'identifier': CUSTOMER_DOMAIN
        },
        'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
    }).execute()
print(response)

// Verify domain and designate domain owners
SiteVerificationWebResourceResource.Site verifySite =
      new SiteVerificationWebResourceResource.Site()
            .setIdentifier(CUSTOMER_DOMAIN)
            .setType("INET_DOMAIN");

List<String> owners = Arrays.asList(userEmail);

SiteVerificationWebResourceResource resource =
  new SiteVerificationWebResourceResource()
        .setSite(verifySite)
        .setOwners(owners);

SiteVerificationWebResourceResource verifyResponse = 
  verificationService.webResource().insert("DNS_TXT", resource).execute();
System.out.println("Site Verification Web Resource:\n" + verifyResponse);

// Verify domain and designate domain owners
SiteVerificationWebResourceResource.SiteData verifySite =
      new SiteVerificationWebResourceResource.SiteData()
      {
          Identifier = CUSTOMER_DOMAIN,
          Type = "INET_DOMAIN"
      };

string[] owners = { userEmail };

SiteVerificationWebResourceResource resource =
  new SiteVerificationWebResourceResource()
  {
      Site = verifySite,
      Owners = owners
  };

SiteVerificationWebResourceResource verifyResponse =
    verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);

// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
  'site' => [
    'type' => 'INET_DOMAIN',
    'identifier' => $CUSTOMER_DOMAIN,
  ],
  'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);

$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);

# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
  site: {
    type: 'INET_DOMAIN',
    identifier: CUSTOMER_DOMAIN
  },
  owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)

response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect

// Verify domain and designate domain owners
const verifyDomainPromise = verificationService.webResource.insert({
  verificationMethod: 'DNS_TXT',
  requestBody: {
    site: {
      type: 'INET_DOMAIN',
      identifier: CUSTOMER_DOMAIN,
    },
    owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
  }
}).then(({data}) => {
  console.log(data);
  return data;
});

В случае успеха этот вызов возвращает код HTTP 200 . Если webResource.insert() не может проверить домен, он возвращает код ошибки уровня HTTP 400 . Повторите вызов webResource.insert() с задержкой до тех пор, пока домен не будет успешно проверен.

Положил все это вместе

В следующем примере показан полный код для подготовки клиента Google Workspace:

"""This is a basic example of provisioning a Google Workspace customer.
"""
import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials

############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################

# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
    'https://reseller.googleapis.com/auth/apps.order',
    'https://reseller.googleapis.com/auth/siteverification',
    'https://reseller.googleapis.com/auth/admin.directory.user',
]

credentials = ServiceAccountCredentials.from_json_keyfile_name(
    JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)

reseller_service = build(
    serviceName='reseller', version='v1', credentials=credentials)

directory_service = build(
    serviceName='admin', version='directory_v1', credentials=credentials)

verification_service = build(
    serviceName='siteVerification', version='v1', credentials=credentials)

# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
response = verification_service.webResource().getToken(
    body={
        'site': {
            'type': 'INET_DOMAIN',
            'identifier': CUSTOMER_DOMAIN
        },
        'verificationMethod': 'DNS_TXT'
    }).execute()
print(response)

# Determine if customer domain already has Google Workspace
try:
  response = reseller_service.customers().get(
      customerId=CUSTOMER_DOMAIN).execute()
  print('Customer already exists if call succeeds')
  sys.exit()
except HttpError as error:
  if int(error.resp['status']) == 404:
    print('Domain available for Google Workspace creation')
  else:
    raise

# Create customer resource
response = reseller_service.customers().insert(
    body={
        'customerDomain': CUSTOMER_DOMAIN,
        'alternateEmail': 'marty.mcfly@gmail.com',
        'postalAddress': {
            'contactName': 'Marty McFly',
            'organizationName': 'Acme Corp',
            'postalCode': '10009',
            'countryCode': 'US',
        }
    }).execute()
print(response)

# Create first admin user
response = directory_service.users().insert(
    body={
        'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN,
        'name': {
            'givenName': 'Marty',
            'familyName': 'McFly',
        },
        'password': 'Timecircuit88'
    }).execute()
print(response)

# Promote user to admin status
response = directory_service.users().makeAdmin(
    userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={
        'status': True
    }).execute()

# Create subscription resource
response = reseller_service.subscriptions().insert(
    customerId=CUSTOMER_DOMAIN,
    body={
        'customerId': CUSTOMER_DOMAIN,
        'skuId': '1010020027',
        'plan': {
            'planName': 'ANNUAL_MONTHLY_PAY',
        },
        'seats': {
            'numberOfSeats': 5,
        },
        'renewalSettings': {  # only relevant for annual plans
            'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY'
        }
    }).execute()
print(response)

# Verify domain and designate domain owners
response = verification_service.webResource().insert(
    verificationMethod='DNS_TXT',
    body={
        'site': {
            'type': 'INET_DOMAIN',
            'identifier': CUSTOMER_DOMAIN
        },
        'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
    }).execute()
print(response)

// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;

/**
 * This is a basic example of provisioning a Google Workspace customer.
 */
public class CodelabExample {
  // Full List of scopes:
  // https://developers.google.com/identity/protocols/googlescopes
  private static final List<String> OAUTH2_SCOPES = Arrays.asList(
    ResellerScopes.APPS_ORDER,
    SiteVerificationScopes.SITEVERIFICATION,
    DirectoryScopes.ADMIN_DIRECTORY_USER
  );

  /***************** REPLACE WITH YOUR OWN VALUES ********************************/
  public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
  public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
  public static final String CUSTOMER_DOMAIN = "example.com";
  public static final String CUSTOMER_SITE = "https://www.example.com/";
  /*******************************************************************************/

  public static void main(String[] args)
      throws IOException, GeneralSecurityException, FileNotFoundException {
    // Instantiate services with authenticated credentials
    GoogleCredential jsonCredentials = GoogleCredential
      .fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
    GoogleCredential credentials = new GoogleCredential.Builder()
      .setTransport(GoogleNetHttpTransport.newTrustedTransport())
      .setJsonFactory(JacksonFactory.getDefaultInstance())
      .setServiceAccountScopes(OAUTH2_SCOPES)
      .setServiceAccountUser(RESELLER_ADMIN_USER)
      .setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
      .setServiceAccountId(jsonCredentials.getServiceAccountId())
      .build();

    Reseller resellerService = new Reseller.Builder(
        credentials.getTransport(),
        credentials.getJsonFactory(),
        credentials).setApplicationName("Google Workspace Creator").build();

    Directory directoryService = new Directory.Builder(
        credentials.getTransport(),
        credentials.getJsonFactory(),
        credentials).setApplicationName("Google Workspace Creator").build();

    SiteVerification verificationService = new SiteVerification.Builder(
        credentials.getTransport(),
        credentials.getJsonFactory(),
        credentials).setApplicationName("Google Workspace Creator").build();

    // Retrieve the site verification token and place it according to:
    // https://developers.google.com/site-verification/v1/getting_started#tokens
    SiteVerificationWebResourceGettokenRequest.Site getTokenSite =
        new SiteVerificationWebResourceGettokenRequest.Site()
            .setType("INET_DOMAIN")
            .setIdentifier(CUSTOMER_DOMAIN);

    SiteVerificationWebResourceGettokenRequest request =
        new SiteVerificationWebResourceGettokenRequest()
            .setVerificationMethod("DNS_TXT")
            .setSite(getTokenSite);

    SiteVerificationWebResourceGettokenResponse getTokenResponse =
        verificationService.webResource().getToken(request).execute();
    System.out.println("Site Verification Token: " + getTokenResponse.getToken());

    // Determine if customer domain already has Google Workspace
    try {
      resellerService.customers().get(CUSTOMER_DOMAIN).execute();
      System.out.println("Customer already exists if call succeeds");
      System.exit(0);
    } catch (HttpResponseException e) {
        if (e.getStatusCode() == 404) {
          System.out.println("Domain available for Google Workspace creation");
        } else { 
          throw e; 
        }
    }

    // Create customer resource
    Address address = new Address()
      .setContactName("Marty McFly")
      .setOrganizationName("Acme Corp")
      .setCountryCode("US")
      .setPostalCode("10009");

    Customer customer = new Customer()
      .setCustomerDomain(CUSTOMER_DOMAIN)
      .setAlternateEmail("marty.mcfly@gmail.com")
      .setPostalAddress(address);

    Customer customerResponse = resellerService.customers()
      .insert(customer).execute();
    System.out.println("Created Customer:\n" + customerResponse);

    // Create first admin user
    String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;

    UserName name = new UserName();
    name.setGivenName("Marty");
    name.setFamilyName("McFly");

    User user = new User();
    user.setPrimaryEmail(userEmail);
    user.setPassword("TimeCircuit88");
    user.setName(name);

    User userResponse = directoryService.users().insert(user).execute();
    System.out.println("Created User:\n" + userResponse);

    // Promote user to admin status
    UserMakeAdmin admin = new UserMakeAdmin();
    admin.setStatus(true);

    directoryService.users().makeAdmin(userEmail, admin).execute();
    System.out.println("User promoted to Admin");

    // Create subscription resource
    Seats seats = new Seats()
      .setNumberOfSeats(5);

    Subscription.Plan plan = new Subscription.Plan()
      .setPlanName("ANNUAL_YEARLY_PAY");

    RenewalSettings renewalSettings = new RenewalSettings()
      .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY");

    Subscription subscription = new Subscription()
      .setCustomerId(CUSTOMER_DOMAIN)
      .setSeats(seats)
      .setPlan(plan)
      .setSkuId("1010020027")
      .setRenewalSettings(renewalSettings);

    Subscription subscriptionResponse = resellerService.subscriptions()
      .insert(CUSTOMER_DOMAIN, subscription).execute();
    System.out.println("Created Subscription:\n" + subscriptionResponse);

    // Verify domain and designate domain owners
    SiteVerificationWebResourceResource.Site verifySite =
          new SiteVerificationWebResourceResource.Site()
                .setIdentifier(CUSTOMER_DOMAIN)
                .setType("INET_DOMAIN");

    List<String> owners = Arrays.asList(userEmail);

    SiteVerificationWebResourceResource resource =
      new SiteVerificationWebResourceResource()
            .setSite(verifySite)
            .setOwners(owners);

    SiteVerificationWebResourceResource verifyResponse = 
      verificationService.webResource().insert("DNS_TXT", resource).execute();
    System.out.println("Site Verification Web Resource:\n" + verifyResponse);
  }
}

// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;

class CodelabExample
{
    // Full List of scopes:
    // https://developers.google.com/identity/protocols/googlescopes
    static string[] OAUTH2_SCOPES = {
        ResellerService.Scope.AppsOrder,
        DirectoryService.Scope.AdminDirectoryUser,
        SiteVerificationService.Scope.Siteverification
    };

    /***************** REPLACE WITH YOUR OWN VALUES ********************************/
    public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
    public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
    public static String CUSTOMER_DOMAIN = "example.com";
    public static String CUSTOMER_SITE = "https://www.example.com/";
    /*******************************************************************************/

    static void Main(string[] args)
    {
        GoogleCredential credential;

        using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
        {
            credential = GoogleCredential
                .FromStream(stream)
                .CreateScoped(OAUTH2_SCOPES)
                .CreateWithUser(RESELLER_ADMIN_USER);
        }

        var resellerService = new ResellerService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
        });

        var directoryService = new DirectoryService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
        });

        var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
        });

        // Retrieve the site verification token and place it according to:
        // https://developers.google.com/site-verification/v1/getting_started#tokens
        SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite =
            new SiteVerificationWebResourceGettokenRequest.SiteData()
            {
                Type = "INET_DOMAIN",
                Identifier = CUSTOMER_DOMAIN
            };

        SiteVerificationWebResourceGettokenRequest request =
            new SiteVerificationWebResourceGettokenRequest()
            {
                VerificationMethod = "DNS_TXT",
                Site = getTokenSite
            };

        SiteVerificationWebResourceGettokenResponse getTokenResponse =
            verificationService.WebResource.GetToken(request).Execute();
        Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);

        // Determine if customer domain already has Google Workspace
        try
        {
            resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute();
            Console.WriteLine("Customer already exists if call succeeds");
            Environment.Exit(0);
        }
        catch (Google.GoogleApiException e) {
            if (e.Error.Code == 404)
            {
                Console.WriteLine("Domain available for Google Workspace creation");
            } else throw e;
        }

        // Create customer resource
        Address address = new Address()
        {
            ContactName = "Marty McFly",
            OrganizationName = "Acme Corp",
            CountryCode = "US",
            PostalCode = "10009"
        };

        Customer customer = new Customer()
        {
            CustomerDomain = CUSTOMER_DOMAIN,
            AlternateEmail = "marty.mcfly@gmail.com",
            PostalAddress = address
        };

        Customer customerResponse = resellerService.Customers.Insert(customer).Execute();
        Console.WriteLine("Created Customer:\n{0}", customerResponse);

        // Create first admin user
        String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;

        UserName name = new UserName()
        {
            GivenName = "Marty",
            FamilyName = "McFly"
        };

        User user = new User()
        {
            PrimaryEmail = userEmail,
            Password = "TimeCircuit88",
            Name = name
        };

        User userResponse = directoryService.Users.Insert(user).Execute();
        Console.WriteLine("Created User:\n{0}", userResponse);

        // Promote user to admin status
        UserMakeAdmin admin = new UserMakeAdmin()
        {
            Status = true
        };
        directoryService.Users.MakeAdmin(admin, userEmail).Execute();
        Console.WriteLine("User promoted to Admin");

        // Create subscription resource
        Seats seats = new Seats()
        {
            NumberOfSeats = 5
        };

        Subscription.PlanData plan = new Subscription.PlanData()
        {
            PlanName = "ANNUAL_YEARLY_PAY"
        };

        RenewalSettings renewalSettings = new RenewalSettings()
        {
            RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY"
        };

        Subscription subscription = new Subscription()
        {
            CustomerId = CUSTOMER_DOMAIN,
            Seats = seats,
            Plan = plan,
            SkuId = "1010020027",
            RenewalSettings = renewalSettings
        };

        Subscription subscriptionResponse = resellerService.Subscriptions
            .Insert(subscription, CUSTOMER_DOMAIN).Execute();
        Console.WriteLine("Created Subscription:\n" + subscriptionResponse);

        // Verify domain and designate domain owners
        SiteVerificationWebResourceResource.SiteData verifySite =
              new SiteVerificationWebResourceResource.SiteData()
              {
                  Identifier = CUSTOMER_DOMAIN,
                  Type = "INET_DOMAIN"
              };

        string[] owners = { userEmail };

        SiteVerificationWebResourceResource resource =
          new SiteVerificationWebResourceResource()
          {
              Site = verifySite,
              Owners = owners
          };

        SiteVerificationWebResourceResource verifyResponse =
            verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
        Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
    }
}

// https://developers.google.com/api-client-library/php/
require_once 'vendor/autoload.php';

// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
$OAUTH2_SCOPES = [
  Google_Service_Reseller::APPS_ORDER,
  Google_Service_SiteVerification::SITEVERIFICATION,
  Google_Service_Directory::ADMIN_DIRECTORY_USER,
];

######### REPLACE WITH YOUR OWN VALUES ###############
$JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
$RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
$CUSTOMER_DOMAIN = 'example.com';
$CUSTOMER_SITE = 'https://www.example.com/';
######################################################

$client = new Google_Client();
$client->setAuthConfig($JSON_PRIVATE_KEY_FILE);
$client->setSubject($RESELLER_ADMIN_USER);
$client->setScopes($OAUTH2_SCOPES);

$resellerService = new Google_Service_Reseller($client);
$directoryService = new Google_Service_Directory($client);
$verificationService = new Google_Service_SiteVerification($client);

// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([
  'verificationMethod' => 'DNS_TXT',
  'site' => [
    'type' => 'INET_DOMAIN',
    'identifier' => $CUSTOMER_DOMAIN
  ]
]);
$response = $verificationService->webResource->getToken($body);
print_r ($response);

// Determine if customer domain already has Google Workspace
try {
  $response = $resellerService->customers->get($CUSTOMER_DOMAIN);
  exit('Customer already exists if call succeeds');
} catch(Google_Service_Exception $e) {
  if ($e->getErrors()[0]['reason'] == 'notFound'){
    print ("Domain available for Google Workspace creation\n");
  } else {
    throw $e;
  }
}

// Create customer resource
$customer = new Google_Service_Reseller_Customer([
  'customerDomain' => $CUSTOMER_DOMAIN,
  'alternateEmail' => 'marty.mcfly@gmail.com',
  'postalAddress' => [
    'contactName' => 'Marty McFly',
    'organizationName' => 'Acme Corp',
    'countryCode' => 'US',
    'postalCode' => '10009'
  ]
]);
$response = $resellerService->customers->insert($customer);
print_r ($response);

// Create first admin user
$user = new Google_Service_Directory_User([
  'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN,
  'password' => 'Timecircuit88',
  'name' => [
    'givenName' => 'Marty',
    'familyName' => 'McFly',
    'fullName' => 'Marty McFly'
  ]
]);
$response = $directoryService->users->insert($user);
print_r ($response);

// Promote user to admin status
$makeAdmin = new Google_Service_Directory_UserMakeAdmin([
  'status' => true
]);
$directoryService->users->makeAdmin(
  'marty.mcfly@' . $CUSTOMER_DOMAIN,
  $makeAdmin
);

// Create subscription resource
$subscription = new Google_Service_Reseller_Subscription([
  'customerId' => $CUSTOMER_DOMAIN,
  'skuId' => '1010020027',
  'plan' => [
    'planName' => 'ANNUAL_MONTHLY_PAY'
  ],
  'seats' => [
    'numberOfSeats' => '5'
  ],
  'renewalSettings' => [
    'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY'
  ]
]);
$response = $resellerService->subscriptions->insert(
  $CUSTOMER_DOMAIN,
  $subscription
);
print_r ($response);

// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
  'site' => [
    'type' => 'INET_DOMAIN',
    'identifier' => $CUSTOMER_DOMAIN,
  ],
  'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);

$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);

require 'googleauth'
require 'google/apis/reseller_v1'
require 'google/apis/site_verification_v1'
require 'google/apis/admin_directory_v1'

# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
  'https://reseller.googleapis.com/auth/apps.order',
  'https://reseller.googleapis.com/auth/admin.directory.user',
  'https://reseller.googleapis.com/auth/siteverification',
]

####### REPLACE WITH YOUR OWN VALUES ###############
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com/'
####################################################

credentials = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open(JSON_PRIVATE_KEY_FILE),
  scope: OAUTH2_SCOPES)
credentials.sub = RESELLER_ADMIN_USER

Google::Apis::RequestOptions.default.authorization = credentials

reseller_service = Google::Apis::ResellerV1::ResellerService.new
directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new
verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new

# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new(
  site: {
    type: 'INET_DOMAIN',
    identifier: CUSTOMER_DOMAIN
  },
  verification_method: 'DNS_TXT'
)

response = verification_service.get_web_resource_token(request)
puts response.inspect

# Determine if customer domain already has Google Workspace
begin
  reseller_service.get_customer(CUSTOMER_DOMAIN)
  abort('Customer already exists if call succeeds')
rescue Google::Apis::ClientError => ex
  if ex.status_code == 404
    puts 'Domain available for Google Workspace creation'
  else
    raise ex
  end
end

# Create customer resource
customer = Google::Apis::ResellerV1::Customer.new(
  customer_domain: CUSTOMER_DOMAIN,
  alternate_email: 'marty.mcfly@gmail.com',
  postal_address: {
    contact_name: 'Marty McFly',
    organization_name: 'Acme Corp',
    country_code: 'US',
    postal_code: '10009'})

response = reseller_service.insert_customer(customer)
puts response.inspect

# Create first admin user
user = Google::Apis::AdminDirectoryV1::User.new(
  name: {
    given_name: 'Marty',
    family_name: 'McFly',
    full_name: 'Marty McFly'
  },
  password: 'Timecircuit88',
  primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN,
)

response = directory_service.insert_user(user)
puts response.inspect

# Promote user to admin status
admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new(
  status: true
)

response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)

# Create subscription resource
subscription = Google::Apis::ResellerV1::Subscription.new(
  customer_id: CUSTOMER_DOMAIN,
  sku_id: '1010020027',
  plan: {
    plan_name: 'ANNUAL_MONTHLY_PAY'
  },
  seats: {
    number_of_seats: 5,
  },
  renewal_settings: {
    renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY'
  }
)

response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription)
puts response.inspect

# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
  site: {
    type: 'INET_DOMAIN',
    identifier: CUSTOMER_DOMAIN
  },
  owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)

response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect

// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');

// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################

// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
  'https://reseller.googleapis.com/auth/apps.order',
  'https://reseller.googleapis.com/auth/siteverification',
  'https://reseller.googleapis.com/auth/admin.directory.user',
];

const authJWT = new google.auth.JWT({
  keyFile: JSON_PRIVATE_KEY_FILE,
  scopes: OAUTH2_SCOPES,
  subject: RESELLER_ADMIN_USER,
});

const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});

// Run all the steps one after each other, and exit as soon as one of them fail
Promise.resolve()
  .then(() => {
    /**
     * Retrieve the site verification token and place it according to:
     * https://developers.google.com/site-verification/v1/getting_started#tokens
     */
    const getTokenPromise = verificationService.webResource.getToken({
      requestBody: {
        site: {
          type: 'INET_DOMAIN',
          identifier: CUSTOMER_DOMAIN,
        },
        verificationMethod: 'DNS_TXT',
      }
    }).then(({data}) => {
      console.log(data);
      return data;
    });


    return getTokenPromise;
  })
  .then(() => {
    // Determine if customer domain already has Google Workspace
    const getCustomerPromise = resellerService.customers.get({
      customerId: CUSTOMER_DOMAIN
    }).then(() => {
      throw new Error('Customer already exists');
    }, resErr => {
      if (resErr.code === 404) {
        console.log('Domain available for Google Workspace creation');
      } else {
        throw resErr;
      }
    });

    return getCustomerPromise;
  })
  .then(() => {
    // Create customer resource
    const insertCustomerPromise = resellerService.customers.insert({
      requestBody: {
        customerDomain: CUSTOMER_DOMAIN,
        alternateEmail: 'marty.mcfly@gmail.com',
        postalAddress: {
          contactName: 'Marty McFly',
          organizationName: 'Acme Corp',
          postalCode: '10009',
          countryCode: 'US',
        }
      }
    }).then(({data}) => {
      console.log(data);
      return data;
    });

    return insertCustomerPromise;
  })
  .then(() => {
    // Create first admin user
    const insertUserPromise = directoryService.users.insert({
      requestBody: {
        primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`,
        name: {
          givenName: 'Marty',
          familyName: 'McFly',
        },
        password: 'Timecircuit88',
      }
    }).then(({data}) => {
      console.log(data);
      return data;
    });

    return insertUserPromise;
  }).then(() => {
    // Promote user to admin status
    const makeAdminPromise = directoryService.users.makeAdmin({
      userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`,
      requestBody: {
        status: true
      }
    });

    return makeAdminPromise;
  })
  .then(() => {
    // Create subscription resource
    const insertSubscriptionPromise = resellerService.subscriptions.insert({
      customerId: CUSTOMER_DOMAIN,
      requestBody: {
        customerId: CUSTOMER_DOMAIN,
        skuId: '1010020027',
        plan: {
          planName: 'ANNUAL_MONTHLY_PAY',
        },
        seats: {
          numberOfSeats: 5,
        },
        renewalSettings: { // only relevant for annual plans
          renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY',
        }
      }
    }).then(({data}) => {
      console.log(data);
      return data;
    });

    return insertSubscriptionPromise;
  })
  .then(() => {
    // Verify domain and designate domain owners
    const verifyDomainPromise = verificationService.webResource.insert({
      verificationMethod: 'DNS_TXT',
      requestBody: {
        site: {
          type: 'INET_DOMAIN',
          identifier: CUSTOMER_DOMAIN,
        },
        owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
      }
    }).then(({data}) => {
      console.log(data);
      return data;
    });

    return verifyDomainPromise;
  })
  .catch(err => {
    console.error('Error:', err.message);
    if (err.code) {
      console.log('Error code:', err.code);
    }
    if (err.errors) {
      console.log('Details:', err.errors);
    }
  });