במדריך הזה נסביר איך להקצות לקוח באמצעות Reseller API.
הקצאת משתמשים בצורה נכונה כוללת כמה שלבים שתלויים זה בזה, שמתבצעים באמצעות כמה ממשקי API בפלטפורמת Google Workspace.
בתרשים הקודם מוצגים ממשקי ה-API שבהם נעשה שימוש בכל שלב בהקצאת לקוח:
- משתמשים ב-Site Verification API כדי להציב את אסימון אימות הדומיין.
- משתמשים ב-Reseller API כדי ליצור לקוח.
- משתמשים ב-Directory API כדי ליצור את המשתמש הראשון ולהגדיר אותו כאדמין.
- משתמשים ב-Reseller API כדי ליצור מינוי.
- משתמשים ב-Site Verification API כדי לאמת את הדומיין.
דרישות מוקדמות
- מופע של דומיין של מפיץ Google.
- הסכם שותפים של Google Workspace שנחתם באופן מלא.
- חשבון Google.
- מאשרים את התנאים וההגבלות במסוף Partner Sales.
- הורדת ספריית לקוח לשפות שונות
הגדרת הסביבה
כדי להשלים את המדריך הזה, אתם צריכים להגדיר את הסביבה.
הפעלת ה-API
לפני שאתם משתמשים בממשקי Google API, אם צריכים להפעיל אותם בפרויקט ב-Google Cloud. בכל פרויקט אפשר להפעיל ממשק API אחד או יותר.במסוף Google Cloud, מפעילים את Reseller API, Site Verification API ו-Admin SDK API .
יצירה של חשבון שירות
חשבון שירות הוא סוג מיוחד של חשבון, שאפליקציה (ולא אדם) משתמשת בו. אפשר להשתמש בחשבון שירות כדי לגשת לנתונים או לבצע פעולות באמצעות חשבון הרובוט, או כדי לגשת לנתונים בשם משתמשי Google Workspace או Cloud Identity. מידע נוסף זמין במאמר עבודה עם חשבון שירות.מסוף Google Cloud
- במסוף Google Cloud, לוחצים על סמל התפריט > IAM & Admin > Service Accounts (חשבונות שירות).
- לוחצים על יצירת חשבון שירות.
- ממלאים את פרטי חשבון השירות ולוחצים על יצירה והמשך.
- אופציונלי: מקצים תפקידים לחשבון השירות כדי לתת גישה למשאבים בפרויקט Google Cloud. פרטים נוספים זמינים במאמר הענקה, שינוי וביטול גישה למשאבים.
- לוחצים על המשך.
- אופציונלי: מזינים משתמשים או קבוצות שיכולים לנהל את חשבון השירות הזה ולבצע בו פעולות. פרטים נוספים זמינים במאמר ניהול התחזות לחשבון שירות.
- לוחצים על סיום. רושמים את כתובת האימייל של חשבון השירות.
CLI של gcloud
- יוצרים את חשבון השירות:
gcloud iam service-accounts createSERVICE_ACCOUNT_NAME\ --display-name="SERVICE_ACCOUNT_NAME" - אופציונלי: מקצים תפקידים לחשבון השירות כדי לתת גישה למשאבים בפרויקט Google Cloud. פרטים נוספים זמינים במאמר הענקה, שינוי וביטול גישה למשאבים.
יצירת פרטי כניסה לחשבון שירות
צריך לקבל אישורים בצורה של זוג מפתחות ציבורי/פרטי. הקוד משתמש באמצעי האימות האלה כדי לאשר פעולות של חשבון שירות באפליקציה.- במסוף Google Cloud, לוחצים על סמל התפריט > IAM & Admin > Service Accounts (חשבונות שירות).
- בוחרים את חשבון השירות.
- לוחצים על מפתחות > הוספת מפתח > יצירת מפתח חדש.
- בוחרים באפשרות JSON ולוחצים על Create.
זוג המפתחות הציבורי/הפרטי החדש נוצר ומורד למחשב שלכם כקובץ חדש. שומרים את קובץ ה-JSON שהורדתם בשם
credentials.jsonבספריית העבודה. הקובץ הזה הוא העותק היחיד של המפתח. מידע על אחסון מאובטח של המפתח זמין במאמר ניהול מפתחות לחשבונות שירות. - לוחצים על סגירה.
הגדרה של הענקת גישה ברמת הדומיין לחשבון שירות
כדי לבצע קריאות ל-API בשם משתמשים בארגון Google Workspace, צריך להעניק לחשבון השירות הרשאת גישה ברמת הדומיין במסוף Google Admin באמצעות חשבון סופר-אדמין. מידע נוסף זמין במאמר הענקת הרשאה ברמת הדומיין לחשבון שירות.- במסוף Google Cloud, לוחצים על סמל התפריט > IAM & Admin > Service Accounts (חשבונות שירות).
- בוחרים את חשבון השירות.
- לוחצים על הצגת הגדרות מתקדמות.
- בקטע 'הענקת גישה ברמת הדומיין', מחפשים את 'מזהה הלקוח' של חשבון השירות. לוחצים על סמל ההעתקה כדי להעתיק את הערך של מזהה הלקוח ללוח.
אם יש לכם גישת סופר-אדמין לחשבון Google Workspace הרלוונטי, לוחצים על הצגת מסוף Google Admin, נכנסים באמצעות חשבון משתמש סופר-אדמין וממשיכים לפי השלבים האלה.
אם אין לכם גישת סופר-אדמין לחשבון Google Workspace הרלוונטי, פנו לסופר-אדמין בחשבון הזה ושלחו לו את מזהה הלקוח של חשבון השירות ואת רשימת היקפי ההרשאות של OAuth כדי שהוא יוכל לבצע את השלבים הבאים במסוף Admin.
- במסוף Google Admin, לוחצים על סמל התפריט > אבטחה > שליטה בגישה ובנתונים > אמצעי בקרה של API.
- לוחצים על ניהול של הענקת גישה ברמת הדומיין.
- לוחצים על הוספת חדש.
- בשדה Client ID (מזהה הלקוח), מדביקים את מזהה הלקוח שהעתקתם קודם.
- בשדה 'היקפי הרשאות של OAuth', מזינים רשימה של היקפי ההרשאות שנדרשים לאפליקציה, כשהם מופרדים בפסיקים. זהו אותו סט של היקפי הרשאות שהגדרתם כשקבעתם את מסך ההסכמה של OAuth.
- לוחצים על Authorize.
יצירת אובייקטים של שירות עם פרטי כניסה מאומתים
כדי להתחיל להשתמש ב-Google API, קודם צריך להגדיר אימות ואישורים מתוך האפליקציה. ספריות הלקוח של Google מטפלות בזה בשבילכם. לכל הספריות יש תבניות ליצירת אובייקט של פרטי כניסה, שאפשר לתת לו גישה לכל ממשקי ה-API ולהעביר אותו לכל שירות. בדרך כלל, לאפליקציה יש קבוצה אחת של פרטי כניסה, והיא משתמשת רק בפרויקט ענן אחד לכל האינטראקציות עם Google API.
משתמשים בקובץ המפתח בפורמט JSON שנוצר כשיוצרים חשבון שירות.
Python
import sys from apiclient.discovery import build from apiclient.http import HttpError from oauth2client.service_account import ServiceAccountCredentials ############## REPLACE WITH YOUR OWN VALUES #################### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com' ################################################################ # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ] credentials = ServiceAccountCredentials.from_json_keyfile_name( JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER) reseller_service = build( serviceName='reseller', version='v1', credentials=credentials) directory_service = build( serviceName='admin', version='directory_v1', credentials=credentials) verification_service = build( serviceName='siteVerification', version='v1', credentials=credentials)
Java
// OAuth2 and HTTP import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; import com.google.api.client.http.HttpResponseException; import com.google.api.client.json.jackson2.JacksonFactory; // Directory API import com.google.api.services.admin.directory.Directory; import com.google.api.services.admin.directory.DirectoryScopes; import com.google.api.services.admin.directory.model.User; import com.google.api.services.admin.directory.model.UserMakeAdmin; import com.google.api.services.admin.directory.model.UserName; // Reseller API import com.google.api.services.reseller.Reseller; import com.google.api.services.reseller.ResellerScopes; import com.google.api.services.reseller.model.Address; import com.google.api.services.reseller.model.Customer; import com.google.api.services.reseller.model.RenewalSettings; import com.google.api.services.reseller.model.Seats; import com.google.api.services.reseller.model.Subscription; // Site Verification API import com.google.api.services.siteVerification.SiteVerification; import com.google.api.services.siteVerification.SiteVerificationScopes; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource; // Java library imports import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.List; /** * This is a basic example of provisioning a Google Workspace customer. */ public class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes private static final List<String> OAUTH2_SCOPES = Arrays.asList( ResellerScopes.APPS_ORDER, SiteVerificationScopes.SITEVERIFICATION, DirectoryScopes.ADMIN_DIRECTORY_USER ); /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static final String CUSTOMER_DOMAIN = "example.com"; public static final String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ public static void main(String[] args) throws IOException, GeneralSecurityException, FileNotFoundException { // Instantiate services with authenticated credentials GoogleCredential jsonCredentials = GoogleCredential .fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE)); GoogleCredential credentials = new GoogleCredential.Builder() .setTransport(GoogleNetHttpTransport.newTrustedTransport()) .setJsonFactory(JacksonFactory.getDefaultInstance()) .setServiceAccountScopes(OAUTH2_SCOPES) .setServiceAccountUser(RESELLER_ADMIN_USER) .setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey()) .setServiceAccountId(jsonCredentials.getServiceAccountId()) .build(); Reseller resellerService = new Reseller.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); Directory directoryService = new Directory.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); SiteVerification verificationService = new SiteVerification.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build();
C#
// OAuth2 and HTTP using Google.Apis.Auth.OAuth2; using Google.Apis.Services; // Reseller API using Google.Apis.Reseller.v1; using Google.Apis.Reseller.v1.Data; // Directory API using Google.Apis.Admin.Directory.directory_v1; using User = Google.Apis.Admin.Directory.directory_v1.Data.User; using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName; using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin; //Site Verification API using Google.Apis.SiteVerification.v1; using Google.Apis.SiteVerification.v1.Data; // System imports using System; using System.IO; class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes static string[] OAUTH2_SCOPES = { ResellerService.Scope.AppsOrder, DirectoryService.Scope.AdminDirectoryUser, SiteVerificationService.Scope.Siteverification }; /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static String CUSTOMER_DOMAIN = "example.com"; public static String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ static void Main(string[] args) { GoogleCredential credential; using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read)) { credential = GoogleCredential .FromStream(stream) .CreateScoped(OAUTH2_SCOPES) .CreateWithUser(RESELLER_ADMIN_USER); } var resellerService = new ResellerService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var directoryService = new DirectoryService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var verificationService = new SiteVerificationService(new BaseClientService.Initializer() { HttpClientInitializer = credential, });
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client);
Ruby
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises const {google} = require('googleapis'); // ############## REPLACE WITH YOUR OWN VALUES #################### const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; const CUSTOMER_DOMAIN = 'example.com'; const CUSTOMER_SITE = 'https://www.example.com/'; // ################################################################ // Full List of scopes: https://developers.google.com/identity/protocols/googlescopes const OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ]; const authJWT = new google.auth.JWT({ keyFile: JSON_PRIVATE_KEY_FILE, scopes: OAUTH2_SCOPES, subject: RESELLER_ADMIN_USER, }); const resellerService = google.reseller({version: 'v1', auth: authJWT}); const directoryService = google.admin({version: 'directory_v1', auth: authJWT}); const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
התחלת תהליך אימות הדומיין
השלב הזה הוא אופציונלי, אבל מומלץ אם יש לכם אפשרות לאמת את הדומיין של הלקוח. השלב הזה מסתיים בסוף המדריך, כשמאמתים את הדומיין.
אם לא תאמתו את הדומיין של הלקוח, יחולו עליו ההגבלות הבאות:
- יש להם גישה רק למסוף Admin, שבו הם מקבלים הנחיות לביצוע תהליך אימות הדומיין באופן ידני.
- יכול להיות שהם יושעו 21 ימים אחרי שהם נוצרו.
כדי לאחזר אסימון לאימות אתר:
כדי לאחזר אסימון לאימות אתר, משתמשים ב-Site Verification API. אי אפשר לבדוק אם דומיין כבר אומת בעבר, אבל אפשר לאמת אתרים כמה פעמים בלי בעיות. הפרמטרים של
verificationMethodמשתנים בהתאם לסוג האימות שאתם מבצעים:INET_DOMAINאוSITE. יש לבחור אחת מהאפשרויות הבאות:לסוג
INET_DOMAIN, משתמשים באחד מהפרמטרים הבאים שלverificationMethod:DNS_TXTDNS_CNAME
בדוגמה הבאה לאחזור טוקן נעשה שימוש בסוג
INET_DOMAIN:Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response)
Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());
C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response);
Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspect
Node.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; });
לסוג
SITE, משתמשים באחד מהפרמטרים הבאים שלverificationMethod:FILEMETA
בדוגמה הבאה לאחזור אסימון נעשה שימוש בסוג
SITEעם שיטת האימותFILE. כשמשתמשים בסוג האימותSITE, צריך להוסיף לפני המזהה את הקידומתhttp://אוhttps://.Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'SITE', 'identifier': CUSTOMER_SITE }, 'verificationMethod': 'FILE' }).execute() print(response)
Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("SITE") .setIdentifier(CUSTOMER_SITE); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("FILE") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());
C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "SITE", Identifier = CUSTOMER_SITE }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "FILE", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'FILE', 'site' => [ 'type' => 'SITE', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r($response);
Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'SITE', identifier: CUSTOMER_SITE }, verification_method: 'FILE' ) response = verification_service.get_web_resource_token(request) puts response.inspect
Node.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'SITE', identifier: CUSTOMER_SITE, }, verificationMethod: 'FILE', } }).then(({data}) => { console.log(data); return data; });
יצירת לקוח באמצעות Reseller API
כדי לבדוק אם לקוח כבר קיים ב-Google Workspace, אפשר להשתמש בשיטה Customers.Get:
Python
# Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raise
Java
// Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } }
C#
// Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; }
PHP
// Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } }
Ruby
# Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end end
Node.js
// Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } });
בהתאם לתשובה, מבצעים את הפעולות הבאות:
אם הלקוח לא קיים, השיטה
customers.getמחזירה את קוד השגיאהHTTP 404. ממשיכים לשלב הבא שבו יוצרים רשומת לקוחות ב-Google Workspace.אם השיטה
customers.getמחזירה ללא שגיאה, צריך לבדוק את גוף התשובה כדי לזהות אם הלקוח הוא שלכם באמצעות המאפייןalternateEmail. אם הנכסalternateEmailחסר, צריך להעביר את הלקוח ואת המינויים שלו.
יוצרים רשומת לקוח ב-Google Workspace. כדי ליצור מינויים ללקוח מסוים, צריך קודם ליצור רשומה של הלקוח הזה. לשם כך, פועלים לפי ההנחיות הבאות:
- הדומיין
alternateEmailלא יכול להיות אותו דומיין כמוcustomerDomain. - הערך של
postalAddress.countryCodeחייב להיות קוד מדינה בן שני תווים על פי תקן ISO.
בדוגמה הבאה מוצגת יצירה של רשומת לקוח:
Python
# Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response)
Java
// Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse);
C#
// Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse);
PHP
// Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response);
Ruby
# Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspect
Node.js
// Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; });
- הדומיין
יצירת משתמש האדמין הראשון באמצעות Admin SDK API
אחרי הקצאת שירותים ללקוח, צריך ליצור את המשתמש הראשון ולשדרג אותו מיד לסופר-אדמין בדומיין, כדי שהלקוח יוכל לגשת לשירותים החדשים שלו ולאשר את התנאים וההגבלות הרלוונטיים.
יוצרים את המשתמש הראשון ומגדירים את הסיסמה שלו. הסיסמאות צריכות להיות מורכבות מספיק ולכלול לפחות שמונה תווים. מידע נוסף זמין במאמר בנושא משאב
user.Python
# Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response)
Java
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse);
C#
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse);
PHP
// Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response);
Ruby
# Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspect
Node.js
// Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; });
אם הקריאה ליצירת המשתמש מחזירה
HTTP 409, יכול להיות ששם המשתמש כבר קיים כחשבון Google פרטי.משדרגים את המשתמש לתפקיד סופר-אדמין:
Python
# Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute()
Java
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin");
C#
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin");
PHP
// Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin );
Ruby
# Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)
Node.js
// Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } });
יצירת מינוי ל-Google Workspace עבור לקוח
כשיוצרים מינוי ללקוח, צריך להזין מזהה עסקה פנימי או מזהה של הלקוח בשדה purchaseOrderId.
מידע נוסף על ארגומנטים וערכים ספציפיים זמין במאמר בנושא ניהול מינויים.
כדי ליצור מינוי, משתמשים בקריאה Subscriptions.Insert. בדוגמה הבאה נעשה שימוש במינוי
ANNUAL_YEARLY_PAY:Python
# Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response)
Java
// Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse);
C#
// Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse);
PHP
// Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response);
Ruby
# Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspect
Node.js
// Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; });
המינויים נמצאים במצב
SUSPENDEDעד שמנהל מערכת של הלקוח מתחבר ומאשר את התנאים וההגבלות. אדמינים של לקוחות מועברים לתנאים ולהגבלות בכניסה הראשונה שלהם לכל נכס של Google (לדוגמה, Gmail או Google Drive).
אימות הדומיין והגדרת בעלי הדומיין
השלב הזה הוא אופציונלי, אבל מומלץ אם יש לכם אפשרות לאמת את הדומיין של הלקוח. הקריאה ל-Site Verification API webResource.insert() מאמתת דומיין ומקצה לו את הבעלים שציינתם בפרמטר owners[] של גוף הבקשה.
בדוגמה הבאה אפשר לראות איך מאמתים INET_DOMAIN:
Python
# Verify domain and designate domain owners response = verification_service.webResource().insert( verificationMethod='DNS_TXT', body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN] }).execute() print(response)
Java
// Verify domain and designate domain owners SiteVerificationWebResourceResource.Site verifySite = new SiteVerificationWebResourceResource.Site() .setIdentifier(CUSTOMER_DOMAIN) .setType("INET_DOMAIN"); List<String> owners = Arrays.asList(userEmail); SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() .setSite(verifySite) .setOwners(owners); SiteVerificationWebResourceResource verifyResponse = verificationService.webResource().insert("DNS_TXT", resource).execute(); System.out.println("Site Verification Web Resource:\n" + verifyResponse);
C#
// Verify domain and designate domain owners SiteVerificationWebResourceResource.SiteData verifySite = new SiteVerificationWebResourceResource.SiteData() { Identifier = CUSTOMER_DOMAIN, Type = "INET_DOMAIN" }; string[] owners = { userEmail }; SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() { Site = verifySite, Owners = owners }; SiteVerificationWebResourceResource verifyResponse = verificationService.WebResource.Insert(resource, "DNS_TXT").Execute(); Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
PHP
// Verify domain and designate domain owners $body = new Google_Service_SiteVerification_SiteVerificationWebResourceResource([ 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN, ], 'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN] ]); $response = $verificationService->webResource->insert('DNS_TXT', $body); print_r ($response);
Ruby
# Verify domain and designate domain owners webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, owners: ['marty.mcfly@' + CUSTOMER_DOMAIN] ) response = verification_service.insert_web_resource('DNS_TXT', webResource) puts response.inspect
Node.js
// Verify domain and designate domain owners const verifyDomainPromise = verificationService.webResource.insert({ verificationMethod: 'DNS_TXT', requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`], } }).then(({data}) => { console.log(data); return data; });
אם הפעולה מצליחה, הקריאה הזו מחזירה קוד HTTP 200. אם webResource.insert()
לא מצליח לאמת את הדומיין, הוא מחזיר קוד שגיאה ברמה HTTP 400. מנסים שוב להתקשר אל webResource.insert() עם השהיה של נסיגה אקספוננציאלית עד שהדומיין יאומת בהצלחה.
סיכום של כל המידע
בדוגמה הבאה מוצג הקוד המלא להקצאת לקוח Google Workspace:
Python
"""This is a basic example of provisioning a Google Workspace customer. """ import sys from apiclient.discovery import build from apiclient.http import HttpError from oauth2client.service_account import ServiceAccountCredentials ############## REPLACE WITH YOUR OWN VALUES #################### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com' ################################################################ # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ] credentials = ServiceAccountCredentials.from_json_keyfile_name( JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER) reseller_service = build( serviceName='reseller', version='v1', credentials=credentials) directory_service = build( serviceName='admin', version='directory_v1', credentials=credentials) verification_service = build( serviceName='siteVerification', version='v1', credentials=credentials) # Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response) # Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raise # Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response) # Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response) # Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute() # Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response) # Verify domain and designate domain owners response = verification_service.webResource().insert( verificationMethod='DNS_TXT', body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN] }).execute() print(response)
Java
// OAuth2 and HTTP import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; import com.google.api.client.http.HttpResponseException; import com.google.api.client.json.jackson2.JacksonFactory; // Directory API import com.google.api.services.admin.directory.Directory; import com.google.api.services.admin.directory.DirectoryScopes; import com.google.api.services.admin.directory.model.User; import com.google.api.services.admin.directory.model.UserMakeAdmin; import com.google.api.services.admin.directory.model.UserName; // Reseller API import com.google.api.services.reseller.Reseller; import com.google.api.services.reseller.ResellerScopes; import com.google.api.services.reseller.model.Address; import com.google.api.services.reseller.model.Customer; import com.google.api.services.reseller.model.RenewalSettings; import com.google.api.services.reseller.model.Seats; import com.google.api.services.reseller.model.Subscription; // Site Verification API import com.google.api.services.siteVerification.SiteVerification; import com.google.api.services.siteVerification.SiteVerificationScopes; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse; import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource; // Java library imports import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.List; /** * This is a basic example of provisioning a Google Workspace customer. */ public class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes private static final List<String> OAUTH2_SCOPES = Arrays.asList( ResellerScopes.APPS_ORDER, SiteVerificationScopes.SITEVERIFICATION, DirectoryScopes.ADMIN_DIRECTORY_USER ); /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static final String CUSTOMER_DOMAIN = "example.com"; public static final String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ public static void main(String[] args) throws IOException, GeneralSecurityException, FileNotFoundException { // Instantiate services with authenticated credentials GoogleCredential jsonCredentials = GoogleCredential .fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE)); GoogleCredential credentials = new GoogleCredential.Builder() .setTransport(GoogleNetHttpTransport.newTrustedTransport()) .setJsonFactory(JacksonFactory.getDefaultInstance()) .setServiceAccountScopes(OAUTH2_SCOPES) .setServiceAccountUser(RESELLER_ADMIN_USER) .setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey()) .setServiceAccountId(jsonCredentials.getServiceAccountId()) .build(); Reseller resellerService = new Reseller.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); Directory directoryService = new Directory.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); SiteVerification verificationService = new SiteVerification.Builder( credentials.getTransport(), credentials.getJsonFactory(), credentials).setApplicationName("Google Workspace Creator").build(); // Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken()); // Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } } // Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse); // Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse); // Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin"); // Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse); // Verify domain and designate domain owners SiteVerificationWebResourceResource.Site verifySite = new SiteVerificationWebResourceResource.Site() .setIdentifier(CUSTOMER_DOMAIN) .setType("INET_DOMAIN"); List<String> owners = Arrays.asList(userEmail); SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() .setSite(verifySite) .setOwners(owners); SiteVerificationWebResourceResource verifyResponse = verificationService.webResource().insert("DNS_TXT", resource).execute(); System.out.println("Site Verification Web Resource:\n" + verifyResponse); } }
C#
// OAuth2 and HTTP using Google.Apis.Auth.OAuth2; using Google.Apis.Services; // Reseller API using Google.Apis.Reseller.v1; using Google.Apis.Reseller.v1.Data; // Directory API using Google.Apis.Admin.Directory.directory_v1; using User = Google.Apis.Admin.Directory.directory_v1.Data.User; using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName; using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin; //Site Verification API using Google.Apis.SiteVerification.v1; using Google.Apis.SiteVerification.v1.Data; // System imports using System; using System.IO; class CodelabExample { // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes static string[] OAUTH2_SCOPES = { ResellerService.Scope.AppsOrder, DirectoryService.Scope.AdminDirectoryUser, SiteVerificationService.Scope.Siteverification }; /***************** REPLACE WITH YOUR OWN VALUES ********************************/ public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json"; public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com"; public static String CUSTOMER_DOMAIN = "example.com"; public static String CUSTOMER_SITE = "https://www.example.com/"; /*******************************************************************************/ static void Main(string[] args) { GoogleCredential credential; using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read)) { credential = GoogleCredential .FromStream(stream) .CreateScoped(OAUTH2_SCOPES) .CreateWithUser(RESELLER_ADMIN_USER); } var resellerService = new ResellerService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var directoryService = new DirectoryService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); var verificationService = new SiteVerificationService(new BaseClientService.Initializer() { HttpClientInitializer = credential, }); // Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token); // Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; } // Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse); // Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse); // Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin"); // Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse); // Verify domain and designate domain owners SiteVerificationWebResourceResource.SiteData verifySite = new SiteVerificationWebResourceResource.SiteData() { Identifier = CUSTOMER_DOMAIN, Type = "INET_DOMAIN" }; string[] owners = { userEmail }; SiteVerificationWebResourceResource resource = new SiteVerificationWebResourceResource() { Site = verifySite, Owners = owners }; SiteVerificationWebResourceResource verifyResponse = verificationService.WebResource.Insert(resource, "DNS_TXT").Execute(); Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse); } }
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client); // Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response); // Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } } // Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response); // Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response); // Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin ); // Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response); // Verify domain and designate domain owners $body = new Google_Service_SiteVerification_SiteVerificationWebResourceResource([ 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN, ], 'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN] ]); $response = $verificationService->webResource->insert('DNS_TXT', $body); print_r ($response);
Ruby
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new # Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspect # Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end end # Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspect # Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspect # Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status) # Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspect # Verify domain and designate domain owners webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, owners: ['marty.mcfly@' + CUSTOMER_DOMAIN] ) response = verification_service.insert_web_resource('DNS_TXT', webResource) puts response.inspect
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises const {google} = require('googleapis'); // ############## REPLACE WITH YOUR OWN VALUES #################### const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; const CUSTOMER_DOMAIN = 'example.com'; const CUSTOMER_SITE = 'https://www.example.com/'; // ################################################################ // Full List of scopes: https://developers.google.com/identity/protocols/googlescopes const OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/siteverification', 'https://reseller.googleapis.com/auth/admin.directory.user', ]; const authJWT = new google.auth.JWT({ keyFile: JSON_PRIVATE_KEY_FILE, scopes: OAUTH2_SCOPES, subject: RESELLER_ADMIN_USER, }); const resellerService = google.reseller({version: 'v1', auth: authJWT}); const directoryService = google.admin({version: 'directory_v1', auth: authJWT}); const verificationService = google.siteVerification({version: 'v1', auth: authJWT}); // Run all the steps one after each other, and exit as soon as one of them fail Promise.resolve() .then(() => { /** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; }); return getTokenPromise; }) .then(() => { // Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } }); return getCustomerPromise; }) .then(() => { // Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; }); return insertCustomerPromise; }) .then(() => { // Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; }); return insertUserPromise; }).then(() => { // Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } }); return makeAdminPromise; }) .then(() => { // Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; }); return insertSubscriptionPromise; }) .then(() => { // Verify domain and designate domain owners const verifyDomainPromise = verificationService.webResource.insert({ verificationMethod: 'DNS_TXT', requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`], } }).then(({data}) => { console.log(data); return data; }); return verifyDomainPromise; }) .catch(err => { console.error('Error:', err.message); if (err.code) { console.log('Error code:', err.code); } if (err.errors) { console.log('Details:', err.errors); } });