As a reseller, how do I create a new Google Apps user using the Admin SDK Directory API?

StackOverflow https://stackoverflow.com/questions/19432007

Question

As we transition from the deprecated Provisioning API over to the new Directory API, I see some gaping holes in the documentation in regards to how I as a reseller can manage my customers (Google Apps customers). Specifically, I'd like to know how I can use my Reseller OAUTH credentials to create a new user on behalf of one of my customers (as was possible in the Provisioning API) using the following endpoint:

https://developers.google.com/admin-sdk/directory/v1/reference/users/insert

In the above documentation, I don't see a reference to a customer's account. The only parameters that I believe may be useful are organizations and externalIds. There's little documentation as to what these do. I was thinking of testing the following scenarios:

            $params = array(
            'externalIds' => array(
                array(
                    'type'          => 'customer', // or 'account'?
                    'value'         => $data['domain']
                )
            ),
            'organizations'     => array(
                array(
                    'name'          => $data['domain'],
                    'domain'        => $data['domain'],
                    'type'          => 'domain_only',
                    'primary'       => true
                )
            )
            );

Likewise, when performing operations on an existing user such as retrieval of a customer, I don't see where I can specify which Google Apps account the specific user is tied to:

https://developers.google.com/admin-sdk/directory/v1/reference/users/get

In this case, there's not even parameters for organization or externalIds, so I have no idea how retrieval could be specific to a particular customer under my reseller account.

I need to be able to perform these actions as I was able to in the old Provisioning API on behalf of my customers using only my Reseller account OAUTH credentials.

Any help would be appreciated.

Was it helpful?

Solution

Let's say my reseller account is reseller.com, and my resold domain is resold.com. In order to create a user on behalf of my resold domain, here is the call that I will make using my own reseller credential.

(https://developers.google.com/admin-sdk/directory/v1/guides/manage-users?hl=ja#create_user)

POST /admin/directory/v1/users HTTP/1.1
{
 "name": {
  "familyName": "Lam",
  "givenName": "Emily"
 },
 "password": "anythingyouwant",
 "primaryEmail": "emily@resold.com"
}

What you input in the primaryEmail field is where the user will be created. If you take a look at your resold domain admin console now, you will see that a user is now created.

Now again for retrieval, it is the same deal. 

GET /admin/directory/v1/users/emily@resold.com

You will create these users and retrieve these users using your reseller credential as if you are the super admin of their domains. Here is the catch....

If the "Enable API access" is not manually checked in your resold domain Admin console (by default, this is now automatically checked for all newly resold domains at the moment), you can't make calls on behalf of the resold domains.

The button is in Admin Console -> Security -> API reference -> Enable API access

enter image description here

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top