Admin SDK

Google Apps Email Audit API

The Google Apps Email Audit API allows Google Apps administrators to audit a user's email, email drafts, and archived chats. In addition, a domain administrator can retrieve account login information and download a user's mailbox. This API can be used only for lawful purposes in accordance with your Customer Agreement. This API only applies to Google Apps for Business, Education, and ISPs accounts. It is not used with a Google Apps or Gmail account not hosted by the Google Apps products.

The Google Apps Email Audit API supports the Google Data API protocol. The Google Data API conforms to the Atom Publishing Protocol (AtomPub) publishing and editing model. The AtomPub HTTP requests use the Representational Set Transfer (RESTful) design approach to web services. For more information, see the Google Data APIs Overview.



Audience

This document is intended for programmers who want to write client applications that, for lawful auditing purposes, can audit a Google Apps user's mailbox.

This document assumes that you are a Google Apps domain administrator and that you understand the general ideas behind the Google Data API protocol, and that you are familiar with your Google Apps Admin console found at admin.google.com. For more information about the Admin console, see Use your Admin console.

Managing Email Monitors

Types of users in a monitored email scenario

A monitored email scenario includes three types of users:

  • Administrator — Any domain administrator can create, retrieve, update, and delete an email monitor using the Email Audit API's monitor resource. In addition, an administrator can use the API to retrieve user account information and download the mailbox. These operations can only be done within the domain over which the administrator exercises control.

  • Source user — The source user is the user who receives or sends messages that are being audited by the monitoring destination user. Any domain administrator or account user can be a source user. The source user must be in the same domain as the administrator and destination user.

  • Destination user — The destination user is the auditor who receives the audited email messages.

    • A destination user receives blind carbon copies (Bcc) of all incoming and outgoing email messages including inbound/outbound attachments, forwarded messages, and email messages sent from mobile devices.
    • As an option, a domain administrator can enable additional auditing features for the destination user. The optional features include the auditing of saved email drafts, the auditing of archived chats with other users who can be in or outside of the domain.
    • Even though the destination user receives a Bcc copy of the message, the Bcc association is not visible in the message headers accessible in the source user's account.
    • Each audited email message is sent to the destination user as an email attachment. And the domain administrator can configure these messages to be either the full email message or only the message headers.
    • This destination user must have an active email account in the monitored domain. This must be the same domain associated with the administrator and source user.
    • A destination user can be an administrator or a user within the domain. And, this destination user can switch roles to become a source user audited by another destination user who, in turn, receives copies of all audited email messages sent to the first destination user.
    • A domain administrator creates one audited email monitor for one unique 'destination user - source user' pair. In other words, the audit relationship is one destination user to one source user. Each audit is done using an API monitor resource. Using multiple API monitors, a destination user can audit many users in the domain. And, using multiple API monitors, many destination users can audit one source user.
    • If an additional API monitor is created or an existing API monitor is updated for a 'destination user - source user' pair, the monitor which was the last created supersedes any pre-existing monitors for this pair. Basically, this is how you update an API monitor. For more information about updating a monitor, see [Updating an email monitor][#uploading_the_public_key].

Creating a new email monitor

To begin an audit, use the API's email monitor resource. To create an email monitor, send the following POST request.

POST https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/{domain name}/{source user name}

The POST request contains the following Content-type header:

Content-type: application/atom+xml

The request parameters are:

destUserName
The destUserName is the destination user, the user name (not the full email address) who receives copies of the messages. This is the user auditing the messages. For example, in the example.com domain, to make namrata@example.com the destination user, use name='destUserName' value='namrata'. This is a required element. For more information about the destination user, see Types of users in an audited email scenario.
  • Only one API monitor exists for a unique 'destination user - source user' pair.
  • If more than one API monitor is created for the same 'destination user - source user' pair, the settings of the last monitor are retained. This is how you update the audited email configuration. For information about updating, see Updating an email monitor.
beginDate

The beginDate is the date when the audit starts. This is an optional element. If this element is an empty string, the email auditing begins immediately with the current date. And in this case, the endDate property's value must be greater than the current date.

  • The date format is yyyy-MM-dd HH:mm where the HH is the hour of the day using 0 - 23, and the mm is the minutes of the hour using 0 - 59.
  • The HH:mm time zone is in Coordinated Universal Time (UTC) format. Convert your time to UTC format before creating a new monitor.
  • This date must be the current date or a future date. Otherwise, an error is returned.
endDate

The endDate is the date when the audit stops. This is a required element.

  • Using the same syntax as the beginDate parameter, the endDate format is yyyy-MM-dd HH:mm where the HH is the hour of the day using 0 - 23, and the mm is the minutes of the hour using 0 - 59.
  • The HH:mm time zone is in Coordinated Universal Time (UTC) format. Convert your time to UTC format before creating a new monitor.
  • An endDate value must be greater than your beginDate property's value. If the beginDate is not specified, the current date becomes the beginDate property's value. In this case, the endDate must be greater than the current date.
incomingEmailMonitorLevel

The incomingEmailMonitorLevel is the amount of audited information captured for incoming emails. This is an optional element. If no value is entered, the default is FULL_MESSAGE.

  • FULL_MESSAGE — The full incoming email body is sent to the destination user.
  • HEADER_ONLY — Only the incoming email's header information is sent to the destination user.
outgoingEmailMonitorLevel

The outgoingEmailMonitorLevel is the amount of monitored information captured for outgoing emails. This is an optional element. If no value is entered, the default is FULL_MESSAGE.

  • FULL_MESSAGE — The full outgoing email body is sent to the destination user.
  • HEADER_ONLY — Only the outgoing email's header information is sent to the destination user.
draftMonitorLevel

The draftMonitorLevel is the amount of audit information captured for draft emails. This is an optional element. If no value or the empty string is provided for this element, no email drafts are audited. NONE is the default.

  • FULL_MESSAGE — The full draft email body is sent to the destination user.
  • HEADER_ONLY — Only the draft email's header is sent to the destination user.
chatMonitorLevel

The chatMonitorLevel is the amount of audit information captured for archived chats. This is an optional element. If no value or the empty string is provided for this element, no email drafts are audited. This is the default.

  • FULL_MESSAGE — The full chat text is sent to the destination user.
  • HEADER_ONLY — Only the chat's header is sent to the destination user.

Example for creating a new monitor

In this example

  • The user to be audited is abhishek@example.com.
  • The destUserName is namrata.
  • The beginDate is June 15, 2009, 00:00 hours.
  • The endDate is June 30, 2009, 23:20 hours.
  • The incomingEmailMonitorLevel is FULL_MESSAGE.
  • The outgoingEmailMonitorLevel is HEADER_ONLY.
  • The draftMonitorLevel is FULL_MESSAGE.
  • The chatMonitorLevel is FULL_MESSAGE.

Protocol

POST https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek

<atom:entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'>
   <apps:property name='destUserName' value='namrata'/>
   <apps:property name='beginDate' value='2009-06-15 00:00'/>
   <apps:property name='endDate' value='2009-06-30 23:20'/>
   <apps:property name='incomingEmailMonitorLevel' value='FULL_MESSAGE'/>
   <apps:property name='outgoingEmailMonitorLevel' value='HEADER_ONLY'/>
   <apps:property name='draftMonitorLevel' value='FULL_MESSAGE'/>
   <apps:property name='chatMonitorLevel' value='FULL_MESSAGE'/>
</atom:entry>

If successful, the server returns a `201 CREATED` status code found in the Google Data API HTTP status codes documentation. Along with the status code, the response includes an AtomPub entry with the entry element showing new monitor settings.

<entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'>
    <id>https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/id</id>
    <updated>2009-04-17T15:02:45.646Z</updated/>
    <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/id'/>
    <link rel='edit' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/id'/>
    <apps:property name='destUserName' value='namrata'/>
    <apps:property name='beginDate' value='2009-06-15 00:00'/>
    <apps:property name='endDate' value='2009-06-30 23:20'/>
    <apps:property name='incomingEmailMonitorLevel' value='FULL_MESSAGE'/>
    <apps:property name='outgoingEmailMonitorLevel' value='HEADER_ONLY'/>
    <apps:property name='draftMonitorLevel' value='FULL_MESSAGE'/>
    <apps:property name='chatMonitorLevel' value='FULL_MESSAGE'/>
</entry>

Java

import java.util.Calendar;
import com.google.gdata.client.appsforyourdomain.audit.AuditService;
import com.google.gdata.data.appsforyourdomain.generic.GenericEntry;
import com.google.gdata.client.appsforyourdomain.audit.MailMonitor;
...

MailMonitor monitor = new MailMonitor();
Calendar beginDate = Calendar.getInstance();
beginDate.set(2009, Calendar.JUNE, 15, 0, 0)
monitor.setBeginDate(beginDate.getTime());
Calendar endDate = Calendar.getInstance();
endDate.set(2009, Calendar.JUNE, 30, 23, 20);
monitor.setEndDate(endDate.getTime());
monitor.setIncomingEmailMonitorLevel("FULL_MESSAGE");
monitor.setOutgoingEmailMonitorLevel("HEADER_ONLY");
monitor.setDraftMonitorLevel("FULL_MESSAGE");
monitor.setChatMonitorLevel("FULL_MESSAGE");
monitor.setDestUserName("namrata");

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
GenericEntry entry = service.createMailMonitor("abhishek", monitor);

.NET

using System;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

MailMonitor monitor = new MailMonitor();
monitor.BeginDate = new DateTime(2009, 6, 15);
monitor.EndDate = new DateTime(2009, 6, 30, 23, 20, 0);
monitor.IncomingEmailMonitorLevel = MonitorLevel.FULL_MESSAGE;
monitor.OutgoingEmailMonitorLevel = MonitorLevel.HEADER_ONLY;
monitor.DraftMonitorLevel = MonitorLevel.FULL_MESSAGE;
monitor.ChatMonitorLevel = MonitorLevel.FULL_MESSAGE;
monitor.DestinationUserName = "namrata";

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
MailMonitor monitorEntry = service.CreateMailMonitor("abhishek", monitor);

Updating an email monitor

When updating a monitor with the same source user and destination user, the old monitor's property settings are replaced by the new settings.

To update the audit configuration in an email monitor, send a POST request to the monitor feed's URI. Include the Authorization header as described in Authenticating requests:

POST https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/{domain name}/{source user name}

Example for updating an email monitor

This example updates the monitor created above by updating the required property endDate and the optional property chatMonitorLevel. We'll use the following settings:

  • The new endDate is August 30, 2009, 23:20 hours.
  • The chatMonitorLevel is now HEADER_ONLY.
  • The user to be audited remains abhishek@example.com.
  • The destUserName remains namrata.

Protocol

POST https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek

<atom:entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'>
    <apps:property name='destUserName' value='namrata'/>
    <apps:property name='endDate' value='2009-08-30 23:20'/>
    <apps:property name='chatMonitorLevel' value='HEADER_ONLY'/>
</atom:entry>

If successful, the server returns a `201 CREATED` status code found in the Google Data API HTTP status codes documentation. Along with the status code, the response includes an AtomPub entry with the updated entry elements. The properties that were not updated and shown in the response revert to their default values.

<entry>
<entry xmlns='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'>
    <id>https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/namrata</id>
    <updated>2009-08-20T00:28:57.319Z</updated>
    <link rel='self' type='application/atom+xml' href="https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/namrata" />
    <link rel='edit' type='application/atom+xml' href="https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/namrata" />
    <apps:property name='chatMonitorLevel' value='HEADER_ONLY' />
    <apps:property name='destUserName' value='namrata' />
    <apps:property name='endDate' value='2009-08-30 23:20' />
</entry>

Java

import java.util.Calendar;
import com.google.gdata.client.appsforyourdomain.audit.AuditService;
import com.google.gdata.client.appsforyourdomain.audit.MailMonitor;
import com.google.gdata.data.appsforyourdomain.generic.GenericEntry;
...

MailMonitor monitor = new MailMonitor();
Calendar endDate = Calendar.getInstance();
endDate.set(2009, Calendar.AUGUST, 30, 23, 20);
monitor.setEndDate(endDate.getTime());
monitor.setChatMonitorLevel("HEADER_ONLY");
monitor.setDestUserName("namrata");

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
GenericEntry entry = service.createMailMonitor("abhishek", monitor);

.NET

using System;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

MailMonitor monitor = new MailMonitor();
monitor.EndDate = new DateTime(2009, 8, 30, 23, 20, 0);
monitor.ChatMonitorLevel = MonitorLevel.HEADER_ONLY;
monitor.DestinationUserName = "namrata";

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
MailMonitor monitorEntry = service.CreateMailMonitor("abhishek", monitor);

Retrieving all email monitors of a source user

To retrieve all monitors associated with a source user, make an HTTP GET request to the monitor feed URI, and using the UTC format for the date. Include the Authorization header as described in Authenticating requests:

GET https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/{domain name}/{source user name}

This operation has no parameters in the request body. The XML body is empty.

Example for retrieving all email monitors

This example retrieves all the monitors created for the user abhishek@example.com.

Protocol

GET https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek

If successful, the server returns a 201 CREATED status code found in the Google Data API HTTP status codes documentation. In this example, along with the status code, the response includes an AtomPub feed with the entry elements for 2 monitors showing the settings for 2 destination users (namrata@example.com, joe@example.com).

<feed xmlns:atom='http://www.w3.org/2005/Atom' xmlns:openSearch='http://a9.com/-/spec/opensearchrss/1.0/' xmlns:apps='http://schemas.google.com/apps/2006'>
    <id>https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek</id>
    <updated>2010-03-17T15:29:21.064Z</updated>
    <link rel='http://schemas.google.com/g/2005#feed' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek'/>
    <link rel='http://schemas.google.com/g/2005#post' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek'/>
    <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek'/>
    <openSearch:startIndex>1</openSearch:startIndex>
    <entry>
        <id>https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/namrata</id>
        <updated>2009-04-17T15:29:21.064Z</updated>
        <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/namrata&'/>
        <link rel='edit' type='application/atom+xml' href='https://apps-apis.google.com/feeds/compliance/audit/mail/monitor/example.com/abhishek/namrata&'/>
        <apps:property name='requestId' value='53156'/>
        <apps:property name='destUserName' value='namrata'/>
        <apps:property name='beginDate' value='2009-06-15 00:00'/>
        <apps:property name='endDate' value='2009-06-30 23:20'/>
        <apps:property name='incomingEmailMonitorLevel' value='FULL_MESSAGE'/>
        <apps:property name='outgoingEmailMonitorLevel' value='FULL_MESSAGE'/>
        <apps:property name='draftMonitorLevel' value='FULL_MESSAGE'/>
        <apps:property name='chatMonitorLevel' value='FULL_MESSAGE'/>
   </entry>
   <entry>
        <id>>https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/joe</id>
        <updated>2009-05-17T15:29:21.064Z</updated>
        <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/joe'/>
        <link rel='edit' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/joe'/>
        <apps:property name='requestId' value='22405'/>
        <apps:property name='destUserName' value='joe'/>
        <apps:property name='beginDate' value='2009-06-20 00:00'/>
        <apps:property name='endDate' value='2009-07-30 23:20'/>
        <apps:property name='incomingEmailMonitorLevel' value='FULL_MESSAGE'/>
        <apps:property name='outgoingEmailMonitorLevel' value='FULL_MESSAGE'/>
        <apps:property name='draftMonitorLevel' value='FULL_MESSAGE'/>
        <apps:property name='chatMonitorLevel' value='FULL_MESSAGE'/>
    </entry>
</feed>

Java

import com.google.gdata.client.appsforyourdomain.audit.AuditService;
import com.google.gdata.data.appsforyourdomain.generic.GenericFeed;
...

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
GenericFeed feed = service.retrieveMonitors("abhishek");

.NET

using System;
using System.Collections.Generic;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
GenericFeed<MailMonitor> monitors = service.RetrieveMailMonitors("abhishek");

Deleting an email monitor

To delete an email monitor, make an HTTP DELETE request to the monitor feed's delete URI. Include the Authorization header as described in Authenticating requests.

DELETE https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/{domain name}/{source user name}/{destination user name}

Example for deleting an email monitor

This example deletes the monitors created for the user abhishek@example.com with destinationUserName as namrata.

Protocol

DELETE https://apps-apis.google.com/a/feeds/compliance/audit/mail/monitor/example.com/abhishek/namrata

Java

import com.google.gdata.client.appsforyourdomain.audit.AuditService;
...

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
service.deleteMonitor("abhishek", "namrata");

.NET

using System;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
service.DeleteMailMonitor("abhishek", "namrata");

Accessing Account Information

Downloading account information files

Administrators can download an encrypted file of a domain's account and login information for audit purposes. For downloading a user's contact information, see the Google Contacts Data API.

The account information download steps are:

  • Upload a public key — The administrator provides a public encryption key for accessing an account's information. The creation of this public key is only done once. If you have already created a public key for downloading mailboxes, you do not need to complete this step. This public encryption key is in Pretty Good Privacy (PGP) format using the ASCII-encoded RSA key encryption. One way this key can be generated is to use GNU Privacy Guard (GPG) from www.gnupg.org. If using GPG, specify the --expert flag in order to generate an RSA encryption key. Export the public part of the GPG key using gpg --armor --export. This key is used to encrypt the account information export files available through HTTP URLs.

  • Create a request for a user's account information — Create an encrypted export file of a user's account information.

  • Retrieve the current status of this request — The creation of account information is asynchronous and it may take up to several days to prepare. Using the requestId, retrieve the request's status. Once the status is COMPLETED, the response has the URL for the encrypted account information files.
  • Obtain the downloaded account information files — After downloading the encrypted files, the administrator decrypts the files using the domain's private key.
This is an example of a decrypted account information file for namrata@example.com:
SubscriberInfo
Email namrata@example.com
Status Enabled
Services Hosted Apps Accounts, Google Sites, Docs, Gmail, Calendar, Spreadsheets
Name the user's first and last name
Secondary email
Other usernames
Created on 2009-04-27 09:49:14Z
Lang en
IP the IP address
Logs
All times are displayed in UTC/GMT.
namrata@example.com
Date/Time Event IP
2010-02-10 Login Success the IP address
2010-03-02 Login Failure the IP address
2010-03-04 Logout the IP address

Creating a request for a user's account information

To create a request for a user's account information, use the following HTTP POST request. Include the Authorization header as described in Authenticating requests. This information includes all services used by the user, and logs for logging in and logging out. This information usually spans a 30 day period:

POST https://apps-apis.google.com/a/feeds/compliance/audit/account/{domain name}/{source user name}

Example for requesting a user's account information

This example creates an account summary for the source user abhishek@example.com.

Protocol

POST https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/abhishek

This operation has no parameters in the request body. The XML body is empty.

If successful, the server returns a `201 CREATED` status code found in the Google Data API HTTP status codes documentation. Along with the status code, the response includes an AtomPub entry with the entry elements:

<entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006>
    <id>https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/abhishek/52416</id>
    <updated>2010-03-17T15:02:45.646Z</updated>
    <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/abhishek/52416'/>
    <link rel='edit' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/abhishek/52416'/>
    <apps:property name='userEmailAddress' value='abhishek@example.com'/>
    <apps:property name='requestId' value='52416'/>
    <apps:property name='adminEmailAddress' value='admin@example.com'/>
    <apps:property name='requestDate' value='2010-02-05 03:30'/>
    <apps:property name='status' value='COMPLETED'/>
</entry>

Java

import com.google.gdata.client.appsforyourdomain.audit.AccountInfo;
import com.google.gdata.client.appsforyourdomain.audit.AuditService;
import com.google.gdata.data.appsforyourdomain.generic.GenericEntry;
...

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
GenericEntry accountInfoEntry = service.createAccountInfoRequest("abhishek");
AccountInfo info = new AccountInfo(accountInfoEntry);
String requestId = info.getRequestId();

.NET

using System;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
AccountInfo accountInfoRequest = service.CreateAccountInfoRequest("abhishek");
string requestId = accountInfoRequest.RequestId;

Retrieving status of a request for a user account's information

To retrieve the request status for user account's information, make an HTTP GET request to the account feed URI using the requestId which was returned when the account information summary was created. Include the Authorization header as described in Authenticating requests.

GET https://apps-apis.google.com/a/feeds/compliance/audit/account/{domain name}/{source user name}/{requestId}

The values for the current status are:

PENDING
The request is being processed.
ERROR
The request failed due to some error.
COMPLETED
The request has been processed completely and the encrypted account information files are ready for download.
MARKED_DELETE
The request is marked for deletion next time the Google cleanup job runs. See Deleting the requested summary of a user account's information.
DELETED
The account summary information files were successfully deleted by the admin using Deleting the requested summary of a user account's information operation.
EXPIRED
The account information files were deleted by Google after the 3 week retention limit.

Example for retrieving account information status

This example retrieves account information with requestId 52416 for the user abhishek@example.com.

Protocol

GET https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/abhishek/52416

If successful, the server returns a `201 CREATED` status code found in the Google Data API HTTP status codes documentation. Along with the status code, the response includes an AtomPub entry with the entry elements:

<entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006>
    <id>https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/abhishek/52416</id>
    <updated>2010-03-17T15:02:45.646Z</updated>
    <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/abhishek/52416'/>
    <link rel='edit' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/abhishek/52416'/>
    <apps:property name='userEmailAddress' value='abhishek@example.com'/>
    <apps:property name='requestId' value='52416'/>
    <apps:property name='adminEmailAddress' value='admin@example.com'/>
    <apps:property name='requestDate' value='2010-02-05 03:30'/>
    <apps:property name='status' value='COMPLETED'/>
    <apps:property name='numberOfFiles' value='1'/>
    <apps:property name='completedDate' value='2010-02-05 03:39'/>
    <apps:property name='fileUrl0' value='https://apps-apis.google.com/a/data/compliance/audit/PaAAA8dCPvE0FXMmins0O97Ansd44ddzNHBfvdvKBEMAmLymR'/>
</entry>

Java

import com.google.gdata.client.appsforyourdomain.audit.AuditService;
import com.google.gdata.data.appsforyourdomain.generic.GenericEntry;
...

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
GenericEntry infoRequestEntry = service.retrieveAccountInfoRequest("abhishek", "52416");

.NET

using System;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
AccountInfo accountInfo = service.RetrieveAccountInfoRequest("abhishek", "52416");

Retrieving all requests for account information

To retrieve a summary of all account information requests for a domain starting from a particular date, make an HTTP GET request to the account feed's URI. Include the Authorization header as described in Authenticating requests.

GET https://apps-apis.google.com/a/feeds/compliance/audit/account/{domain name}?fromDate={fromDate}

The fromDate (in UTC and URL-encoded — look for example below) is the date from which the requests are retrieved. If no fromDate is specified, all requests in the past 3 weeks are retrieved.

Example for retrieving all account requests

This example retrieves the account information for all requests for the domain example.com on or after 9 PM, August 30th, 2009.

Protocol

GET https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com?fromDate=2009-08-30%2021:00

If successful, the server returns a `201 CREATED` status code found in the Google Data API HTTP status codes documentation. Along with the status code, the response includes an AtomPub entry with the entry elements:

<feed xmlns:atom='http://www.w3.org/2005/Atom' xmlns:openSearch='http://a9.com/-/spec/opensearchrss/1.0/' xmlns:apps='http://schemas.google.com/apps/2006'>
    <id>https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com</id>
    <updated>2010-03-17T15:29:21.064Z</updated>
    <link rel='next' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com'/>
    <link rel='http://schemas.google.com/g/2005#feed' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com'/>
    <link rel='http://schemas.google.com/g/2005#post' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com'/>
    <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com?fromDate=2009-08-30%2021:00'/>
    <openSearch:startIndex>1</openSearch:startIndex>
    <entry>
        <id>https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/53156</id>
        <updated>2010-03-17T15:29:21.064Z</updated>
        <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/53156'/>
        <link rel='edit' type='application/atom+xml' href='https://apps-apis.google.com/feeds/compliance/audit/account/example.com/53156'/>
        <apps:property name='numberOfFiles' value='1'/>
        <apps:property name='packageContent' value='FULL_MESSAGE'/>
        <apps:property name='completedDate' value='2010-02-06 03:28'/>
        <apps:property name='adminEmailAddress' value='admin@example.com'/>
        <apps:property name='status' value='COMPLETED'/>
        <apps:property name='requestId' value='53156'/>
        <apps:property name='fileUrl0' value='https://apps-apis.google.com/a/data/compliance/audit/OpCKXdru3FwK6thWAqc64Jcy3X8QdoRcaCM9nXjkbeRgLjrYZ0_XjJ'/>
        <apps:property name='userEmailAddress' value='abhishek@example.com'/>
        <apps:property name='requestDate' value='2010-02-06 02:40'/>
   </entry>
<entry>...
</entry>
</feed>

Java

import Java.util.List;
import java.util.Calendar;
import com.google.gdata.client.appsforyourdomain.audit.AuditService;
import com.google.gdata.data.appsforyourdomain.generic.GenericEntry;
...

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
Calendar fromDate = Calendar.getInstance();
fromDate.set(2009, Calendar.AUGUST, 30, 21, 0)
List<GenericEntry> infoRequestEntries = service.retrieveAllAccountInfoRequests(fromDate.getTime());

.NET

using System;
using System.Collections.Generic;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
GenericFeed<AccountInfo> accountInfoRequests = service.RetrieveAllAccountInfoRequests(new DateTime(2009, 8, 30, 21, 0, 0));

Deleting the requested summary of a user account's information

To delete a summary for which account information files have already been prepared i.e for the COMPLETED summaries and for requests with status as MARKED_DELETE, make an HTTP DELETE request to the account feed's URI including the mailbox's requestId. Include the Authorization header as described in Authenticating requests.

DELETE https://apps-apis.google.com/a/feeds/compliance/audit/account/{domain name}/{source user name}/{requestId}

Example for deleting the request summary

This example deletes the account summary for the user abhishek@example.com corresponding to the requestId 52416.

Protocol

DELETE https://apps-apis.google.com/a/feeds/compliance/audit/account/example.com/abhishek/52416

Java

import com.google.gdata.client.appsforyourdomain.audit.AuditService;
...

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
service.deleteAccountInfoRequest("abhishek", "52416");

.NET

using System;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
service.DeleteAccountInfoRequest("abhishek", "52416");

Managing a Mailbox Download

Downloading a mailbox

Administrators can download mailbox accounts within their domain for audit purposes. To prepare a mailbox for export, the Email Audit service creates an encrypted copy of a user's mailbox. When the export preparation is completed, the system returns the URLs to the encrypted mailbox files which, when downloaded and decrypted, are available in mbox format. The downloading steps are:

  • Upload a public key — The administrator provides a public encryption key for downloading mailboxes. The creation of this public key is only done once. If you have already created a public key for accessing account information, you do not need to complete this step. This public encryption key is in Pretty Good Privacy (PGP) format using the ASCII-encoded RSA key encryption. One way this key can be generated is to use GNU Privacy Guard (GPG) from www.gnupg.org. If using GPG, specify the --expert flag in order to generate an RSA encryption key. Export the public part of the GPG key using gpg --armor --export. This key is used to encrypt the mailbox export files available through HTTP URLs.
  • Create an export version of a user's mailbox — The mailbox export process starts when an administrator requests the creation of a copy of a user's mailbox. The Email Audit API's operation authenticates and authorizes the administrator's credentials and returns a unique request id. The mailbox creation process can be time consuming and may take several days depending upon the mailbox size.
  • Retrieve the mailbox download status or retrieve all mailbox status using a date — Use the mailbox export request ID to get the status of the pending request. Once the mailbox is copied and prepared for export, the response returns a status of COMPLETED along with the list of encrypted mailbox files as HTTP URLs. Use this set of URLs to download the mailbox files.
  • Obtain the downloaded mailbox files — After downloading the encrypted files, the administrator decrypts the mailbox files using the domain's private key. Once decrypted, the files are viewed in mbox format.

Creating a mailbox for export

To prepare a copy of a user's mailbox for export and downloading, use the Email Audit API's export feed. Before using this operation, confirm you have successfully uploaded a public encryption key for your domain.

Send a POST request to the export feed's URI. Include the Authorization header as described in Authenticating requests:

POST https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/{domain name}/{source user name}

The request contains the following Content-type header:

Content-type: application/atom+xml

The request accepts the following properties as input:

beginDate
The beginDate is the date for the first email included in the exported mailbox. This is an optional element. If you want all emails starting from when the account was created, do not enter a value for this field.
  • The date format is yyyy-MM-dd HH:mm where the HH is the hour of the day using 0 - 23, and the mm is the minutes of the hour using 0 - 59.
  • The HH:mm time zone is in Coordinated Universal Time (UTC) format. Convert your time to UTC format before creating a new monitor.
endDate

The endDate is the date for the last email included in the exported mailbox. This is an optional element. If the endDate is not specified or an empty string, the exported emails go up to the current date.

  • Using the same syntax as the beginDate parameter, the endDate format is yyyy-MM-dd HH:mm where the HH is the hour of the day using 0 - 23, and the mm is the minutes of the hour using 0 - 59.
  • The HH:mm time zone is in Coordinated Universal Time (UTC) format. Convert your time to UTC format before creating a new monitor.
  • Remember, an endDate value must be greater than your beginDate property's value.
searchQuery

The mailbox is filtered using this searchQuery value and only the filtered search results will be available for download. This is an optional element. These queries follow the same search rules as a Gmail's advanced search.

includeDeleted

The includeDeleted parameter determines whether or not deleted messages are included in the mailbox export file. This is an optional element and, by default, the value is 'false', deleted messages are not included.

packageContent

The packageContent determines whether the full email or the email's header are used in the mailbox export file.

  • FULL_MESSAGE — The full email text, including attachments, is copied to the export file. This is the default setting for the packageContent element.
  • HEADER_ONLY — Only the email's header is copied to the export file. Note: The maximum mailbox export creation requests per day is a total of 100 requests from all domain administrators. The mailbox creation process can be time consuming and may take several days depending upon the mailbox size. To see the status of the mailbox creation process, use the Retrieving the export status of a mailbox operation including the requestId value.

Example for creating a mailbox for export

We'll use the following settings in this example:

  • The user to export the mailbox for is liz@example.com.
  • The beginDate is July 1, 2009, 04:30 hours.
  • The endDate is August 30, 2009, 20:00 hours.
  • includeDeleted is false.
  • searchQuery is in:chat.
  • The packageContent is FULL_MESSAGE.

Protocol

POST https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz

<atom:entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'>
   <apps:property name='beginDate' value='2009-07-01 04:30'/>
   <apps:property name='endDate' value='2009-08-30 20:00'/>
   <apps:property name='includeDeleted' value='false'/>
   <apps:property name='searchQuery' value='in:chat'/>
   <apps:property name='packageContent' value='FULL_MESSAGE'/>
</atom:entry>

If successful, the server returns a `201 CREATED` status code found in the Google Data API HTTP status codes documentation. Along with the status code, the response includes an AtomPub entry.

<entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'>
    <id>https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz/53156>/id>
    <updated>2009-10-17T15:02:45.646Z</updated>
    <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz/53156'/>
    <link rel='edit' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz/53156'/>
    <apps:property name='status' value='PENDING'/>
    <apps:property name='packageContent' value='FULL_MESSAGE'/>
    <apps:property name='includeDeleted' value='false'/>
    <apps:property name='searchQuery' value='in:chat'/>
    <apps:property name='completedDate' value='2009-09-18 10:13'/>
    <apps:property name='adminEmailAddress' value='admin1@example.com'/>
    <apps:property name='requestId' value='53156'/>
    <apps:property name='userEmailAddress' value='liz@example.com'/>
    <apps:property name='endDate' value='2009-08-30 20:00'/>
    <apps:property name='requestDate' value='2009-09-17 12:51'/>
    <apps:property name='beginDate' value='2009-07-01 04:30'/>
</entry>

In this example, the processing of this mailbox has completed. The status property is COMPLETED and the numberOfFiles returned for export is 2.

Java

import java.util.Calendar;
import com.google.gdata.client.appsforyourdomain.audit.AuditService;
import com.google.gdata.client.appsforyourdomain.audit.MailBoxDumpRequest;
import com.google.gdata.data.appsforyourdomain.generic.GenericEntry;
...

MailBoxDumpRequest request = new MailBoxDumpRequest();
request.setAdminEmailAddress("admin@example.com");
request.setUserEmailAddress("liz@example.com");

Calendar beginDate = Calendar.getInstance();
beginDate.set(2009, Calendar.JULY, 1, 4, 30);
request.setBeginDate(beginDate.getTime());

Calendar endDate = Calendar.getInstance();
endDate.set(2009, Calendar.AUGUST, 30, 20, 0);
request.setEndDate(endDate.getTime());

request.setIncludeDeleted(false);
request.setSearchQuery("in:chat");
request.setPackageContent("FULL_MESSAGE");

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
GenericEntry mailboxDumpEntry = service.createMailboxDumpRequest(request);

String requestId = mailboxDumpEntry.getRequestId();
String status = mailboxDumpEntry.getStatus();
String numberOfFiles = mailboxDumpEntry.getNumberOfFiles();

.NET

using System;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

MailboxDumpRequest mailboxDumpRequest = new MailboxDumpRequest();
mailboxDumpRequest.BeginDate = new DateTime(2009, 7, 1, 4, 30, 0);
mailboxDumpRequest.EndDate = new DateTime(2009, 8, 30, 20, 0, 0);
mailboxDumpRequest.IncludeDeleted = false;
mailboxDumpRequest.SearchQuery = "in:chat";
mailboxDumpRequest.PackageContent = MonitorLevel.FULL_MESSAGE;

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
MailboxDumpRequest dumpRequest = service.CreateMailboxDumpRequest("liz", mailboxDumpRequest);

Retrieving the export status of a mailbox

To retrieve status details for a mailbox prepared for export, send an HTTP GET request with the mailbox's requestId to the export feed's URI. Include the Authorization header as described in Authenticating requests:

GET https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/{domain name}/{source user name}/{mailbox requestId}

This request returns an AtomPub entry including the current status of the mailbox. The possible values for the current status are:

PENDING
The request is being processed.
ERROR
The request failed due to some error. An example of a possible error is that a wrong PGP public key was uploaded for the domain.
COMPLETED
The request has been processed completely and the encrypted mailbox files are ready for download.
MARKED_DELETE
The request is marked for deletion next time the Google cleanup job runs. See Deleting an encrypted mailbox.
DELETED
The mailbox files were successfully deleted by the admin using Deleting an encrypted mailbox operation.
EXPIRED
The mailbox files were deleted by Google after the 3 week retention limit.

Example for retrieving the export status of a mailbox

This example retrieves the mailbox status corresponding to the requestIds 53156 and 34201 for the user liz@example.com.

Protocol

GET https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz/53156

<entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'> <id>https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz/53156</id> <updated>2009-10-17T15:02:45.646Z</updated> <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz/53156'/> <link rel='edit' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz/53156'/> <apps:property name='status' value='ERROR'/> <apps:property name='packageContent' value='FULL_MESSAGE'/> <apps:property name='includeDeleted' value='false'/> <apps:property name='searchQuery' value='in:chat'/> <apps:property name='completedDate' value='2009-09-18 10:13'/> <apps:property name='adminEmailAddress' value='admin1@example.com'/> <apps:property name='numberOfFiles' value='0'/> <apps:property name='requestId' value='53156'/> <apps:property name='userEmailAddress' value='liz@example.com'/> <apps:property name='endDate' value='2009-08-30 20:00'/> <apps:property name='requestDate' value='2009-09-17 12:51'/> <apps:property name='beginDate' value='2009-07-01 04:30'/> </entry>


If successful, the server returns a 201 CREATED status code found in the Google Data API HTTP status codes documentation.

As you can see from the response of the example above, the status is an ERROR and, therefore, the encrypted mailbox files were never created.

We'll try again for the requestId 34201:

GET https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz/34201

<entry>... ... <apps:property name='status' value='COMPLETED'/> <apps:property name='packageContent' value='FULL_MESSAGE'/> <apps:property name='completedDate' value='2009-09-18 10:13'/> <apps:property name='adminEmailAddress' value='admin2@example.com'/> <apps:property name='numberOfFiles' value='2'/> <apps:property name='requestId' value='34201'/> <apps:property name='userEmailAddress' value='namrata@example.com'/> <apps:property name='requestDate' value='2009-09-17 12:51'/> <apps:property name='fileUrl0' value='https://apps-apis.google.com/a/data/compliance/audit/OQAAABW3Z2OlwkDFR0H5n_6lnYAzv-pWlkAlbTyAzvJEV0MC4c7lBDW' /> <apps:property name='fileUrl1' value='https://apps-apis.google.com/a/data/compliance/audit/OQAAABW3Z2OlwkD55nLv-pWlkAlbTyAzvJEVPnVYW45C4cC34gtyVCC' /> </entry>


This second example was successful with a COMPLETED status. It returns 2 mailbox file URLs containing the encrypted mailbox files The encrypted mailbox files which can be downloaded using the URLs in the fileUrl elements.

Java

import com.google.gdata.client.appsforyourdomain.audit.AuditService;
import com.google.gdata.data.appsforyourdomain.generic.GenericEntry;
...

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1"); GenericEntry mailboxDumpEntry1 = service.retrieveMailboxDumpRequest("liz", "53156"); String status = mailboxDumpEntry1.getProperty("status"); // Status is "ERROR" if the mailbox for this request isn't created

GenericEntry mailboxDumpEntry2 = service.retrieveMailboxDumpRequest("liz", "34201"); String status = mailboxDumpEntry2.getProperty("status");

.NET

using System;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

AuditService service = new AuditService("example.com", "example.com-auditapp-v1"); service.setUserCredentials("admin@example.com", "p@55w0rd"); MailboxDumpRequest mailboxDumpEntry1 = service.RetrieveMailboxDumpRequest("liz", "53156"); RequestStatus status1 = mailboxDumpEntry1.Status; // Status is "ERROR" if the mailbox for this request isn't created

MailboxDumpRequest mailboxDumpEntry2 = service.RetrieveMailboxDumpRequest("liz", "34201"); RequestStatus status2 = mailboxDumpEntry2.Status;

Retrieving all mailbox status requests

To retrieve all mailbox requests for a domain starting on a particular date which is in UTC format, make an HTTP GET request to the export feed URI. Include the Authorization header as described in Authenticating requests:

GET https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/{domain name}?fromDate={fromDate}

Example for retrieving all mailbox status requests

In this example, we will retrieve all mailbox status requests for the domain example.com made on or after 9 PM, August 30, 2009.

Protocol

<feed xmlns:atom='http://www.w3.org/2005/Atom'
xmlns:openSearch='http://a9.com/-/spec/opensearchrss/1.0/'
xmlns:apps='http://schemas.google.com/apps/2006'>
    <id>https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/domain</id>
    <updated>2010-03-17T15:29:21.064Z</updated>
    <link rel='next' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/tapoloka.com?fromDate=2009-08-30%2021:00'/>
    <link rel='http://schemas.google.com/g/2005#feed' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/tapoloka.com'/>
    <link rel='http://schemas.google.com/g/2005#post' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/tapoloka.com'/>
    <link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/tapoloka.com?fromDate=2009-08-30%2021:00'/>
    <openSearch:startIndex>1</openSearch:startIndex>
    <entry>
        <atom:id>https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/domain/request ID</atom:id>
        <atom:updated>2009-04-17T15:29:21.064Z</atom:updated>
        <atom:link rel='self' type='application/atom+xml' href='https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/domain/request ID'/>
        <atom:link rel='edit' type='application/atom+xml' href='https://apps-apis.google.com/feeds/compliance/audit/mail/export/domain/request ID'/>
        <apps:property name='status' value='ERROR'/>
        <apps:property name='packageContent' value='FULL_MESSAGE'/>
        <apps:property name='includeDeleted' value='false'/>
        <apps:property name='searchQuery' value='in:chat'/>
        <apps:property name='completedDate' value='2009-09-18 10:13'/>
        <apps:property name='adminEmailAddress' value='admin1@example.com'/>
        <apps:property name='numberOfFiles' value='0'/>
        <apps:property name='requestId' value='the mailbox ID for this request'/>
   </entry>
   <entry>
        <id>>https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/domain/second request ID</id>
        ...
        <apps:property name='status' value='COMPLETED'/>
        <apps:property name='packageContent' value='FULL_MESSAGE'/>
        <apps:property name='includeDeleted' value='false'/>
        <apps:property name='completedDate' value='2009-09-18 10:13'/>
        <apps:property name='adminEmailAddress' value='admin1@example.com'/>
        <apps:property name='numberOfFiles' value='0'/>
        <apps:property name='requestId' value='the mailbox ID for this request'/>
        <apps:property name='userEmailAddress' value='liz@example.com'/>
        <apps:property name='endDate' value='2009-08-30 20:00'/>
        <apps:property name='requestDate' value='2009-09-17 12:51'/>
        <apps:property name='beginDate' value='2009-07-01 04:30'/>
   </entry>
</feed>

Java

import java.util.Calendar;
import java.util.List;
import com.google.gdata.client.appsforyourdomain.audit.AuditService;
import com.google.gdata.client.appsforyourdomain.audit.MailBoxDumpRequest;
import com.google.gdata.data.appsforyourdomain.generic.GenericEntry;
...

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
Calendar fromDate = Calendar.getInstance();
fromDate.set(2009, Calendar.AUGUST, 30, 21, 0);
List<GenericEntry> mailboxDumpRequestEntries = service.retrieveAllMailboxDumpRequests(fromDate.getTime());
for (GenericEntry entry : mailboxDumpRequestEntries) {
  MailBoxDumpRequest request = new MailBoxDumpRequest(entry);
  String status = request.getStatus();
}

.NET

using System;
using System.Collections.Generic;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
GenericFeed<MailboxDumpRequest> dumpRequests = service.RetrieveAllMailboxDumpRequests(new DateTime(2009, 8, 30, 21, 0, 0);

Deleting an encrypted mailbox

To delete the encrypted mailbox files, make an HTTP DELETE request to the export feed's URI including the requestId of the mailbox. Also, include the Authorization header as described in Authenticating requests.

DELETE https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/{domain name}/{source user name}/{mailbox requestId}

Example for deleting an encrypted mailbox

In this example, we will delete the mailbox for the user liz@example.com corresponding to the requestId 34201.

Protocol

DELETE https://apps-apis.google.com/a/feeds/compliance/audit/mail/export/example.com/liz/34201

Java

import com.google.gdata.client.appsforyourdomain.audit.AuditService;
...

AuditService service = new AuditService("admin@example.com", "p@55w0rd", "example.com", "example.com-auditapp-v1");
service.deleteMailboxDumpRequest("liz", "34201");

.Net

using System;
using Google.GData.Apps;
using Google.GData.Extensions.Apps;
...

AuditService service = new AuditService("example.com", "example.com-auditapp-v1");
service.setUserCredentials("admin@example.com", "p@55w0rd");
service.DeleteMailboxDumpRequest("liz", "34201");

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.