REST Resource: users

Resource: User

The Directory API allows you to create and manage your account's users, user aliases, and user Gmail chat profile photos. For more information about common tasks, see the User Accounts Developer's Guide and the User Aliases Developer's Guide.

JSON representation
{
  "id": string,
  "primaryEmail": string,
  "password": value,
  "hashFunction": string,
  "isAdmin": boolean,
  "isDelegatedAdmin": boolean,
  "agreedToTerms": boolean,
  "suspended": boolean,
  "changePasswordAtNextLogin": boolean,
  "ipWhitelisted": boolean,
  "name": {
    object (UserName)
  },
  "kind": string,
  "etag": string,
  "emails": value,
  "externalIds": value,
  "relations": value,
  "aliases": [
    string
  ],
  "isMailboxSetup": boolean,
  "customerId": string,
  "addresses": value,
  "organizations": value,
  "lastLoginTime": string,
  "phones": value,
  "suspensionReason": string,
  "thumbnailPhotoUrl": string,
  "languages": value,
  "posixAccounts": value,
  "creationTime": string,
  "nonEditableAliases": [
    string
  ],
  "sshPublicKeys": value,
  "notes": value,
  "websites": value,
  "locations": value,
  "includeInGlobalAddressList": boolean,
  "keywords": value,
  "deletionTime": string,
  "gender": value,
  "thumbnailPhotoEtag": string,
  "ims": value,
  "customSchemas": value,
  "isEnrolledIn2Sv": boolean,
  "isEnforcedIn2Sv": boolean,
  "archived": boolean,
  "orgUnitPath": string,
  "recoveryEmail": string,
  "recoveryPhone": string
}
Fields
id

string

The unique ID for the user. A user id can be used as a user request URI's userKey.

primaryEmail

string

The user's primary email address. This property is required in a request to create a user account. The primaryEmail must be unique and cannot be an alias of another user.

password

value (Value format)

Stores the password for the user account. The user's password value is required when creating a user account. It is optional when updating a user and should only be provided if the user is updating their account password.
A password can contain any combination of ASCII characters. A minimum of 8 characters is required. The maximum length is 100 characters.
We recommend sending the password property value as a hexadecimal-encoded hash value and setting hashFunction accordingly. If a hashFunction is specified, the password must be a valid hash key.
The password value is never returned in the API's response body.

hashFunction

string

Stores the hash format of the password property. We recommend sending the password property value as a base 16 bit hexadecimal-encoded hash value. Set the hashFunction values as either the SHA-1, MD5, or crypt hash format.

isAdmin

boolean

Output only. Indicates a user with super admininistrator privileges. The isAdmin property can only be edited in the Make a user an administrator operation ( makeAdmin method). If edited in the user insert or update methods, the edit is ignored by the API service.

isDelegatedAdmin

boolean

Output only. Indicates if the user is a delegated administrator.
Delegated administrators are supported by the API but cannot create or undelete users, or make users administrators. These requests are ignored by the API service.
Roles and privileges for administrators are assigned using the Admin console.

agreedToTerms

boolean

Output only. This property is true if the user has completed an initial login and accepted the Terms of Service agreement.

suspended

boolean

Indicates if user is suspended.

changePasswordAtNextLogin

boolean

Indicates if the user is forced to change their password at next login. This setting doesn't apply when the user signs in via a third-party identity provider.

ipWhitelisted

boolean

If true, the user's IP address is whitelisted.

name

object (UserName)

Holds the given and family names of the user, and the read-only fullName value. The maximum number of characters in the givenName and in the familyName values is 60. In addition, name values support unicode/UTF-8 characters, and can contain spaces, letters (a-z), numbers (0-9), dashes (-), forward slashes (/), and periods (.). For more information about character usage rules, see the administration help center. Maximum allowed data size for this field is 1Kb.

kind

string

Output only. The type of the API resource. For Users resources, the value is admin#directory#user.

etag

string

Output only. ETag of the resource.

emails

value (Value format)

A list of the user's email addresses. The maximum allowed data size is 10Kb.

Fields

emails[].address

string

The user's email address. Also serves as the email ID. This value can be the user's primary email address or an alias.

emails[].customType

string

If the value of type is custom, this property contains the custom type string.

emails[].primary

boolean

Indicates if this is the user's primary email. Only one entry can be marked as primary.

emails[].type

string

The type of the email account.

Acceptable values: custom, home, other, work.

externalIds

value (Value format)

A list of external IDs for the user, such as an employee or network ID. The maximum allowed data size is 2Kb.

Fields

externalIds[].customType

string

If the external ID type is custom, this property holds the custom type.

externalIds[].type

string

The type of the ID.

Acceptable values: account, custom, customer, login_id, network, organization.

externalIds[].value

string

The value of the ID.

relations

value (Value format)

A list of the user's relationships to other users. The maximum allowed data size for this field is 2Kb.

Fields

relations[].customType

string

If the value of type is custom, this property contains the custom type.

relations[].type

string

The type of relation.

Acceptable values: admin_assistant, assistant, brother, child, custom, domestic_partner, dotted_line_manager, exec_assistant, father, friend, manager, mother, parent, partner, referred_by, relative, sister, spouse.

relations[].value

string

The name of the person the user is related to.

aliases[]

string

Output only. asps.list of the user's alias email addresses.

isMailboxSetup

boolean

Output only. Indicates if the user's Google mailbox is created. This property is only applicable if the user has been assigned a Gmail license.

customerId

string

Output only. The customer ID to retrieve all account users.
You can use the alias my_customer to represent your account's customerId.
As a reseller administrator, you can use the resold customer account's customerId. To get a customerId, use the account's primary domain in the domain parameter of a users.list request.

addresses

value (Value format)

A list of the user's addresses. The maximum allowed data size is 10Kb.

Fields

addresses[].country

string

Country.

addresses[].countryCode

string

The country code. Uses the ISO 3166-1 standard.

addresses[].customType

string

If the address type is custom, this property contains the custom value.

addresses[].extendedAddress

string

For extended addresses, such as an address that includes a sub-region.

addresses[].formatted

string

A full and unstructured postal address. This is not synced with the structured address fields.

addresses[].locality

string

The town or city of the address.

addresses[].poBox

string

The post office box, if present.

addresses[].postalCode

string

The ZIP or postal code, if applicable.

addresses[].primary

boolean

If this is the user's primary address. The addresses list may contain only one primary address.

addresses[].region

string

The abbreviated province or state.

addresses[].sourceIsStructured

boolean

Indicates if the user-supplied address was formatted. Formatted addresses are not currently supported.

addresses[].streetAddress

string

The street address, such as 1600 Amphitheatre Parkway. Whitespace within the string is ignored; however, newlines are significant.

addresses[].type

string

The address type.

Acceptable values: custom, home, other, work.

organizations

value (Value format)

A list of organizations the user belongs to. The maximum allowed data size is 10Kb.

Fields

organizations[].costCenter

string

The cost center of the user's organization.

organizations[].customType

string

If the value of type is custom, this property contains the custom type.

organizations[].department

string

Specifies the department within the organization, such as sales or engineering.

organizations[].description

string

The description of the organization.

organizations[].domain

string

The domain the organization belongs to.

organizations[].fullTimeEquivalent

integer

The full-time equivalent millipercent within the organization (100000 = 100%).

organizations[].location

string

The physical location of the organization. This does not need to be a fully qualified address.

organizations[].name

string

The name of the organization.

organizations[].primary

boolean

Indicates if this is the user's primary organization. A user may only have one primary organization.

organizations[].symbol

string

Text string symbol of the organization. For example, the text symbol for Google is GOOG.

organizations[].title

string

The user's title within the organization. For example, member or engineer.

organizations[].type

string

The type of organization.

Acceptable values: domain_only, school, unknown, work.

lastLoginTime

string

Output only. The last time the user logged into the user's account. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.

phones

value (Value format)

A list of the user's phone numbers. The maximum allowed data size is 1Kb.

Fields

phones[].customType

string

If the value of type is custom, this property contains the custom type.

phones[].primary

boolean

Indicates if this is the user's primary phone number. A user may only have one primary phone number.

phones[].type

string

The type of phone number.

Acceptable values: assistant, callback, car, company_main, custom, grand_central, home, home_fax, isdn, main, mobile, other, other_fax, pager, radio, telex, tty_tdd, work, work_fax, work_mobile, work_pager.

phones[].value

string

A human-readable phone number. It may be in any telephone number format.

suspensionReason

string

Output only. Has the reason a user account is suspended either by the administrator or by Google at the time of suspension. The property is returned only if the suspended property is true.

thumbnailPhotoUrl

string

Output only. Photo Url of the user (Read-only)

languages

value (Value format)

A list of the user's languages. The maximum allowed data size is 1Kb.

Fields

languages[].customLanguage

string

Other language. A user can provide their own language name if there is no corresponding Google III language code. If this is set, LanguageCode can't be set.

languages[].languageCode

string

Language Code. Should be used for storing Google III LanguageCode string representation for language. Illegal values cause SchemaException.

posixAccounts

value (Value format)

A list of POSIX account information for the user.

Fields

posixAccounts[].accountId

string

A POSIX account field identifier.

posixAccounts[].gecos

string

The GECOS (user information) for this account.

posixAccounts[].gid

unsigned long

The default group ID.

posixAccounts[].homeDirectory

string

The path to the home directory for this account.

posixAccounts[].operatingSystemType

string

The operating system type for this account.

Acceptable values: linux, unspecified, windows.

posixAccounts[].primary

boolean

If this is user's primary account within the SystemId.

posixAccounts[].shell

string

The path to the login shell for this account.

posixAccounts[].systemId

string

System identifier for which account Username or Uid apply to.

posixAccounts[].uid

unsigned long

The POSIX compliant user ID.

posixAccounts[].username

string

The username of the account.

creationTime

string

Output only. The time the user's account was created. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.

nonEditableAliases[]

string

Output only. asps.list of the user's non-editable alias email addresses. These are typically outside the account's primary domain or sub-domain.

sshPublicKeys

value (Value format)

A list of the user's addresses. The maximum allowed data size is 10Kb.

A list of SSH public keys.

Fields

sshPublicKeys[].expirationTimeUsec

long

An expiration time in microseconds since epoch.

sshPublicKeys[].fingerprint

string

A SHA-256 fingerprint of the SSH public key. (Read-only)

sshPublicKeys[].key

string

An SSH public key.

notes

value (Value format)

Notes for the user as a nested object.

Fields

notes.contentType

string

Content type of note, either plain text or HTML. Default is plain text.

Acceptable values: text_plain, text_html.

notes.value

string

Contents of notes.

websites

value (Value format)

A list of the user's websites. The maximum allowed data size is 2Kb.

Fields

websites[].customType

string

The custom type. Only used if the type is custom.

websites[].primary

boolean

If this is user's primary website or not.

websites[].type

string

The type or purpose of the website. For example, a website could be labeled as home or blog. Alternatively, an entry can have a custom type. Custom types must have a customType value.

Acceptable values: app_install_page, blog, custom, ftp, home, home_page, other, profile, reservations, resume, work.

websites[].value

string

The URL of the website.

locations

value (Value format)

A list of the user's locations. The maximum allowed data size is 10Kb.

Fields

locations[].area

string

Textual location. This is most useful for display purposes to concisely describe the location. For example, Mountain View, CA or Near Seattle.

locations[].buildingId

string

Building identifier.

locations[].customType

string

If the location type is custom, this property contains the custom value.

locations[].deskCode

string

Most specific textual code of individual desk location.

locations[].floorName

string

Floor name/number.

locations[].floorSection

string

Floor section. More specific location within the floor. For example, if a floor is divided into sections A, B, and C, this field would identify one of those values.

locations[].type

string

The location type.

Acceptable values: custom, default, desk.

includeInGlobalAddressList

boolean

Indicates if the user's profile is visible in the Google Workspace global address list when the contact sharing feature is enabled for the domain. For more information about excluding user profiles, see the administration help center.

keywords

value (Value format)

A list of the user's keywords. The maximum allowed data size is 1Kb.

Fields

keywords[].customType

string

Custom Type.

keywords[].type

string

Each entry can have a type which indicates standard type of that entry.

For example, keyword could be of type occupation or outlook. In addition to the standard type, an entry can have a custom type and can give it any name. Such types should have the CUSTOM value as type and also have a customType value.

Acceptable values: custom, mission, occupation, outlook.

keywords[].value

string

Keyword.

deletionTime

string

Output only. The time the user's account was deleted. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example 2010-04-05T17:30:04+01:00.

gender

value (Value format)

The user's gender. The maximum allowed data size for this field is 1Kb.

thumbnailPhotoEtag

string

Output only. ETag of the user's photo (Read-only)

ims

value (Value format)

The user's Instant Messenger (IM) accounts. A user account can have multiple ims properties. But, only one of these ims properties can be the primary IM contact. The maximum allowed data size is 2Kb.

Fields

ims[].customProtocol

string

If the protocol value is custom_protocol, this property holds the custom protocol's string.

ims[].customType

string

If the IM type is custom, this property holds the custom type string.

ims[].im

string

The user's IM network ID.

ims[].primary

boolean

If this is the user's primary IM. Only one entry in the IM list can have a value of true.

ims[].protocol

string

An IM protocol identifies the IM network. The value can be a custom network or the standard network.

Acceptable values:
  • aim: AOL Instant Messenger protocol
  • custom_protocol: A custom IM network protocol
  • gtalk: Google Talk protocol
  • icq: ICQ protocol
  • jabber: Jabber protocol
  • msn: MSN Messenger protocol
  • net_meeting: Net Meeting protocol
  • qq: QQ protocol
  • skype: Skype protocol
  • yahoo: Yahoo Messenger protocol

ims[].type

string

Acceptable values: custom, home, other, work.

customSchemas

value (Value format)

Custom fields of the user.

  • customSchemas.(key) is a nested object.
  • customSchemas.(key).(key) can be any value.
isEnrolledIn2Sv

boolean

Output only. Is enrolled in 2-step verification (Read-only)

isEnforcedIn2Sv

boolean

Output only. Is 2-step verification enforced (Read-only)

archived

boolean

Indicates if user is archived.

orgUnitPath

string

The full path of the parent organization associated with the user. If the parent organization is the top-level, it is represented as a forward slash (/).

recoveryEmail

string

Recovery email of the user.

recoveryPhone

string

Recovery phone of the user. The phone number must be in the E.164 format, starting with the plus sign (+). Example: +16506661212.

UserName

JSON representation
{
  "fullName": string,
  "familyName": string,
  "givenName": string
}
Fields
fullName

string

The user's full name formed by concatenating the first and last name values.

familyName

string

The user's last name. Required when creating a user account.

givenName

string

The user's first name. Required when creating a user account.

Methods

delete

Deletes a user.

get

Retrieves a user.

insert

Creates a user.

list

Retrieves a paginated list of either deleted users or all users in a domain.

makeAdmin

Makes a user a super administrator.

patch

Updates a user using patch semantics.

signOut

Sign a user out of all web and device sessions and reset their sign-in cookies.

undelete

Undeletes a deleted user.

update

Updates a user.

watch

Watch for changes in users list