The Directory API is a RESTful API that can be used to programmatically create and manage admin-controlled resources owned by a Google Workspace account. Some use cases include:
- Creating and managing users and adding administrators.
- Creating and managing groups and group memberships.
- Monitoring devices connected to your domain and taking action on lost devices.
- Managing your org chart and organization structures.
- Auditing applications your users have granted access to and revoking unauthorized apps.
Following is a list of common terms used in the Directory API:
- The entity that owns the Google Workspace account, represented by the Customer resource.
- If applicable, the DNS domain associated with a Google Workspace account, represented by the Domain resource. Not all accounts have an associated domain.
- Organizational unit (OU)
- A sub-unit of a Google Workspace account's organizational tree, used to group and sort users for the purpose of applying policies and granting authorizations. An OU is represented by the OrgUnit resource.
- The ability of a user to perform an action on a Google Workspace resource. Applies primarily to admins. A privilege is represented by the Privilege resource.
- A defined collection of privileges that can be assigned to a user or set of users, represented by the Role resource.
- Role assignment
- A record indicating which user is granted what roles, and over what scope. A role assignment is represented by the RoleAssignment resource.
- A JSON object that defines custom user attributes for your organization, represented by the Schema resource.
- An individual end user account with access to Google Workspace apps and resources, represented by the User resource.
To get started with Directory API: