Go quickstart

Create a Go command-line application that makes requests to the Admin SDK API.

Quickstarts explain how to set up and run an app that calls a Google Workspace API. This quickstart uses a simplified authentication approach that is appropriate for a testing environment. For a production environment, we recommend learning about authentication and authorization before choosing the access credentials that are appropriate for your app.

This quickstart uses Google Workspace's recommended API client libraries to handle some details of the authentication and authorization flow.

Objectives

• Set up your environment.
• Set up the sample.
• Run the sample.

Prerequisites

• Latest version of Go.
• Latest version of Git.
• A Google Cloud project.

• A Google Workspace domain with API access enabled.
• A Google Account in that domain with administrator privileges.

Set up your environment

To complete this quickstart, set up your environment.

Enable the API

Before using Google APIs, you need to turn them on in a Google Cloud project. You can turn on one or more APIs in a single Google Cloud project.

• In the Google Cloud console, enable the Admin SDK API.

  Enable the API

Configure the OAuth consent screen

If you're using a new Google Cloud project to complete this quickstart, configure the OAuth consent screen. If you've already completed this step for your Cloud project, skip to the next section.

1. In the Google Cloud console, go to Menu menu > Google Auth platform > Branding.

   Go to Branding

2. If you have already configured the Google Auth platform, you can configure the following OAuth Consent Screen settings in Branding, Audience, and Data Access. If you see a message that says Google Auth platform not configured yet, click Get Started:
1. Under App Information, in App name, enter a name for the app.
2. In User support email, choose a support email address where users can contact you if they have questions about their consent.
3. Click Next.
4. Under Audience, select Internal.
5. Click Next.
6. Under Contact Information, enter an Email address where you can be notified about any changes to your project.
7. Click Next.
8. Under Finish, review the Google API Services User Data Policy and if you agree, select I agree to the Google API Services: User Data Policy.
9. Click Continue.
10. Click Create.
3. For now, you can skip adding scopes. In the future, when you create an app for use outside of your Google Workspace organization, you must change the User type to External. Then add the authorization scopes that your app requires. To learn more, see the full Configure OAuth consent guide.

Authorize credentials for a desktop application

To authenticate end users and access user data in your app, you need to create one or more OAuth 2.0 Client IDs. A client ID is used to identify a single app to Google's OAuth servers. If your app runs on multiple platforms, you must create a separate client ID for each platform.

1. In the Google Cloud console, go to Menu menu > Google Auth platform > Clients.

   Go to Clients

2. Click Create Client.
3. Click Application type > Desktop app.
4. In the Name field, type a name for the credential. This name is only shown in the Google Cloud console.
5. Click Create.

   The newly created credential appears under "OAuth 2.0 Client IDs."

6. Save the downloaded JSON file as credentials.json, and move the file to your working directory.

Prepare the workspace

1. Create a working directory:

   mkdir quickstart
   

2. Change to the working directory:

   cd quickstart
   

3. Initialize the new module:

   go mod init quickstart
   

4. Get the Admin SDK API Go client library and OAuth2.0 package:

   go get google.golang.org/api/admin/reports/v1
   go get golang.org/x/oauth2/google
   

Set up the sample

1. In your working directory, create a file named quickstart.go.

2. In the file, paste the following code:

   admin_sdk/reports/quickstart.go

   View on GitHub
   package main
   
   import (
   	"context"
   	"encoding/json"
   	"fmt"
   	"log"
   	"net/http"
   	"os"
   	"time"
   
   	"golang.org/x/oauth2"
   	"golang.org/x/oauth2/google"
   	admin "google.golang.org/api/admin/reports/v1"
   	"google.golang.org/api/option"
   )
   
   // Retrieve a token, saves the token, then returns the generated client.
   func getClient(config *oauth2.Config) *http.Client {
   	// The file token.json stores the user's access and refresh tokens, and is
   	// created automatically when the authorization flow completes for the first
   	// time.
   	tokFile := "token.json"
   	tok, err := tokenFromFile(tokFile)
   	if err != nil {
   		tok = getTokenFromWeb(config)
   		saveToken(tokFile, tok)
   	}
   	return config.Client(context.Background(), tok)
   }
   
   // Request a token from the web, then returns the retrieved token.
   func getTokenFromWeb(config *oauth2.Config) *oauth2.Token {
   	authURL := config.AuthCodeURL("state-token", oauth2.AccessTypeOffline)
   	fmt.Printf("Go to the following link in your browser then type the "+
   		"authorization code: \n%v\n", authURL)
   
   	var authCode string
   	if _, err := fmt.Scan(&authCode); err != nil {
   		log.Fatalf("Unable to read authorization code: %v", err)
   	}
   
   	tok, err := config.Exchange(context.TODO(), authCode)
   	if err != nil {
   		log.Fatalf("Unable to retrieve token from web: %v", err)
   	}
   	return tok
   }
   
   // Retrieves a token from a local file.
   func tokenFromFile(file string) (*oauth2.Token, error) {
   	f, err := os.Open(file)
   	if err != nil {
   		return nil, err
   	}
   	defer f.Close()
   	tok := &oauth2.Token{}
   	err = json.NewDecoder(f).Decode(tok)
   	return tok, err
   }
   
   // Saves a token to a file path.
   func saveToken(path string, token *oauth2.Token) {
   	fmt.Printf("Saving credential file to: %s\n", path)
   	f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
   	if err != nil {
   		log.Fatalf("Unable to cache oauth token: %v", err)
   	}
   	defer f.Close()
   	json.NewEncoder(f).Encode(token)
   }
   
   func main() {
   	ctx := context.Background()
   	b, err := os.ReadFile("credentials.json")
   	if err != nil {
   		log.Fatalf("Unable to read client secret file: %v", err)
   	}
   
   	// If modifying these scopes, delete your previously saved token.json.
   	config, err := google.ConfigFromJSON(b, admin.AdminReportsAuditReadonlyScope)
   	if err != nil {
   		log.Fatalf("Unable to parse client secret file to config: %v", err)
   	}
   	client := getClient(config)
   
   	srv, err := admin.NewService(ctx, option.WithHTTPClient(client))
   	if err != nil {
   		log.Fatalf("Unable to retrieve reports Client %v", err)
   	}
   
   	r, err := srv.Activities.List("all", "login").MaxResults(10).Do()
   	if err != nil {
   		log.Fatalf("Unable to retrieve logins to domain. %v", err)
   	}
   
   	if len(r.Items) == 0 {
   		fmt.Println("No logins found.")
   	} else {
   		fmt.Println("Logins:")
   		for _, a := range r.Items {
   			t, err := time.Parse(time.RFC3339Nano, a.Id.Time)
   			if err != nil {
   				fmt.Println("Unable to parse login time.")
   				// Set time to zero.
   				t = time.Time{}
   			}
   			fmt.Printf("%s: %s %s\n", t.Format(time.RFC822), a.Actor.Email,
   				a.Events[0].Name)
   		}
   	}
   }

Run the sample

1. In your working directory, build and run the sample:

   go run quickstart.go
   

2. The first time you run the sample, it prompts you to authorize access:
   1. If you're not already signed in to your Google Account, sign in when prompted. If you're signed in to multiple accounts, select one account to use for authorization.
   2. Click Accept.

   Your Go application runs and calls the Admin SDK API.

   Authorization information is stored in the file system, so the next time you run the sample code, you aren't prompted for authorization.

Next steps

• Troubleshoot authentication and authorization issues
• Admin SDK Reports API reference documentation
• google-api-go-client section of GitHub