In dieser Anleitung erfahren Sie, wie Sie einen Kunden mithilfe der Reseller API bereitstellen.
Die ordnungsgemäße Bereitstellung eines Kunden umfasst mehrere sich gegenseitig voneinander abhängige Schritte, die sich über mehrere APIs auf der Google Workspace-Plattform erstrecken.
Das obige Diagramm zeigt, welche APIs in den einzelnen Schritten zum Bereitstellen eines Kunden verwendet werden:
- Verwenden Sie die Site Verification API, um das Domainbestätigungstoken zu platzieren.
- Verwenden Sie die Reseller API, um einen Kunden zu erstellen.
- Erstellen Sie mit der Directory API den ersten Nutzer und legen Sie ihn als Administrator fest.
- Verwenden Sie die Reseller API, um ein Abo zu erstellen.
- Verwenden Sie die Site Verification API, um die Domain zu bestätigen.
Voraussetzungen
- Eine Google Reseller-Domaininstanz.
- Eine vollständig ausgeführte Google Workspace-Partnervereinbarung.
- Ein Google-Konto.
- Akzeptieren Sie die Nutzungsbedingungen in der Partner Sales Console.
- Clientbibliotheken für verschiedene Sprachen herunterladen
Umgebung einrichten
Richten Sie Ihre Umgebung ein, um diese Anleitung abzuschließen.
API aktivieren
Bevor Sie Google APIs verwenden können, müssen Sie sie in einem Google Cloud-Projekt aktivieren. Sie können eine oder mehrere APIs in einem einzelnen Google Cloud-Projekt aktivieren.Aktivieren Sie in der Google Cloud Console die Reseller API, die Site Verification API und die Admin SDK API .
Dienstkonto erstellen
Ein Dienstkonto ist eine spezielle Art von Konto, das von einer Anwendung und nicht von einer Person verwendet wird. Sie können ein Dienstkonto verwenden, um auf Daten zuzugreifen oder Aktionen über das Robot-Konto auszuführen oder um im Namen von Google Workspace- oder Cloud Identity-Nutzern auf Daten zuzugreifen. Weitere Informationen finden Sie unter Details zu Dienstkonten.Google Cloud Console
- Öffnen Sie in der Google Cloud Console das Dreistrich-Menü > IAM und Verwaltung > Dienstkonten.
- Klicken Sie auf Dienstkonto erstellen.
- Geben Sie die Dienstkontodetails ein und klicken Sie dann auf Erstellen und fortfahren.
- Optional: Weisen Sie Ihrem Dienstkonto Rollen zu, um Zugriff auf die Ressourcen Ihres Google Cloud-Projekts zu gewähren. Weitere Informationen finden Sie unter Zugriff auf Ressourcen erteilen, ändern und entziehen.
- Klicken Sie auf Weiter.
- Optional: Geben Sie Nutzer oder Gruppen ein, die Aktionen mit diesem Dienstkonto verwalten und ausführen können. Weitere Informationen finden Sie unter Identitätswechsel für Dienstkonten verwalten.
- Klicken Sie auf Fertig. Notieren Sie sich die E-Mail-Adresse für das Dienstkonto.
gcloud-CLI
- Erstellen Sie das Dienstkonto:
gcloud iam service-accounts createSERVICE_ACCOUNT_NAME\ --display-name="SERVICE_ACCOUNT_NAME" - Optional: Weisen Sie Ihrem Dienstkonto Rollen zu, um Zugriff auf die Ressourcen Ihres Google Cloud-Projekts zu gewähren. Weitere Informationen finden Sie unter Zugriff auf Ressourcen erteilen, ändern und entziehen.
Anmeldedaten für ein Dienstkonto erstellen
Du musst Anmeldedaten in Form eines öffentlichen/privaten Schlüsselpaares anfordern. Diese Anmeldedaten werden von deinem Code verwendet, um Dienstkontoaktionen in deiner Anwendung zu autorisieren.- Öffnen Sie in der Google Cloud Console das Dreistrich-Menü > IAM und Verwaltung > Dienstkonten.
- Wählen Sie Ihr Dienstkonto aus.
- Klicken Sie auf Schlüssel > Schlüssel hinzufügen > Neuen Schlüssel erstellen.
- Wählen Sie JSON aus und klicken Sie dann auf Erstellen.
Ihr neues öffentliches/privates Schlüsselpaar wird generiert und als neue Datei auf Ihren Computer heruntergeladen. Speichern Sie die heruntergeladene JSON-Datei als
credentials.jsonin Ihrem Arbeitsverzeichnis. Diese Datei ist die einzige Kopie dieses Schlüssels. Informationen zum sicheren Speichern des Schlüssels finden Sie unter Dienstkontoschlüssel verwalten. - Klicken Sie auf Schließen.
Domainweite Delegierung für ein Dienstkonto einrichten
Wenn Sie APIs im Namen von Nutzern in einer Google Workspace-Organisation aufrufen möchten, muss Ihrem Dienstkonto in der Admin-Konsole von Google Workspace durch ein Super Admin-Konto eine domainweite Delegierung von Befugnissen gewährt werden. Weitere Informationen finden Sie unter Domainweite Befugnisse an ein Dienstkonto delegieren.- Öffnen Sie in der Google Cloud Console das Dreistrich-Menü > IAM und Verwaltung > Dienstkonten.
- Wählen Sie Ihr Dienstkonto aus.
- Klicken Sie auf Erweiterte Einstellungen anzeigen.
- Suchen Sie unter „Domainweite Delegierung“ nach der Client-ID Ihres Dienstkontos. Klicken Sie auf „Kopieren“ , um den Client-ID-Wert in die Zwischenablage zu kopieren.
Wenn Sie Super Admin-Zugriff auf das entsprechende Google Workspace-Konto haben, klicken Sie auf Google Workspace-Admin-Konsole aufrufen, melden Sie sich mit einem Super Admin-Nutzerkonto an und führen Sie die folgenden Schritte aus.
Wenn Sie keinen Super Admin-Zugriff auf das entsprechende Google Workspace-Konto haben, wenden Sie sich an einen Super Admin für dieses Konto und senden Sie ihm die Client-ID Ihres Dienstkontos und eine Liste der OAuth-Bereiche, damit er die folgenden Schritte in der Admin-Konsole ausführen kann.
- Gehen Sie in der Admin-Konsole zu „Menü“ > Sicherheit > Zugriffs- und Datenkontrolle > API-Steuerung.
- Klicken Sie auf Domainweite Delegierung verwalten.
- Klicken Sie auf Neu hinzufügen.
- Fügen Sie in das Feld „Client-ID“ die zuvor kopierte Client-ID ein.
- Geben Sie in das Feld „OAuth-Bereiche“ eine durch Kommas getrennte Liste der für Ihre Anwendung erforderlichen Bereiche ein. Dies sind dieselben Bereiche, die Sie beim Konfigurieren des OAuth-Zustimmungsbildschirms definiert haben.
- Klicken Sie auf Authorize (Autorisieren).
Dienstobjekte mit authentifizierten Anmeldedaten erstellen
Für den Einstieg in eine Google API müssen Sie zuerst die Authentifizierung und Anmeldedaten in Ihrer Anwendung einrichten. Die Google-Clientbibliotheken übernehmen dies in Ihrem Namen. Alle Bibliotheken verfügen über Muster zum Erstellen eines Objekts für Anmeldedaten, dem Sie Zugriff auf alle APIs gewähren und an jeden Dienst übergeben können. Eine Anwendung sollte in der Regel einen einzigen Satz von Anmeldedaten und nur ein Cloud-Projekt für alle Google API-Interaktionen haben.
Verwenden Sie die JSON-Schlüsseldatei, die Sie beim Erstellen des Dienstkontos generiert haben.
Python
import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials
############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
]
credentials = ServiceAccountCredentials.from_json_keyfile_name(
JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)
reseller_service = build(
serviceName='reseller', version='v1', credentials=credentials)
directory_service = build(
serviceName='admin', version='directory_v1', credentials=credentials)
verification_service = build(
serviceName='siteVerification', version='v1', credentials=credentials)
Java
// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
/**
* This is a basic example of provisioning a Google Workspace customer.
*/
public class CodelabExample {
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
private static final List<String> OAUTH2_SCOPES = Arrays.asList(
ResellerScopes.APPS_ORDER,
SiteVerificationScopes.SITEVERIFICATION,
DirectoryScopes.ADMIN_DIRECTORY_USER
);
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static final String CUSTOMER_DOMAIN = "example.com";
public static final String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
public static void main(String[] args)
throws IOException, GeneralSecurityException, FileNotFoundException {
// Instantiate services with authenticated credentials
GoogleCredential jsonCredentials = GoogleCredential
.fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setServiceAccountScopes(OAUTH2_SCOPES)
.setServiceAccountUser(RESELLER_ADMIN_USER)
.setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
.setServiceAccountId(jsonCredentials.getServiceAccountId())
.build();
Reseller resellerService = new Reseller.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
Directory directoryService = new Directory.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
SiteVerification verificationService = new SiteVerification.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
C#
// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;
class CodelabExample
{
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
static string[] OAUTH2_SCOPES = {
ResellerService.Scope.AppsOrder,
DirectoryService.Scope.AdminDirectoryUser,
SiteVerificationService.Scope.Siteverification
};
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static String CUSTOMER_DOMAIN = "example.com";
public static String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
static void Main(string[] args)
{
GoogleCredential credential;
using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential
.FromStream(stream)
.CreateScoped(OAUTH2_SCOPES)
.CreateWithUser(RESELLER_ADMIN_USER);
}
var resellerService = new ResellerService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var directoryService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
PHP
// https://developers.google.com/api-client-library/php/ require_once 'vendor/autoload.php'; // Full List of scopes: // https://developers.google.com/identity/protocols/googlescopes $OAUTH2_SCOPES = [ Google_Service_Reseller::APPS_ORDER, Google_Service_SiteVerification::SITEVERIFICATION, Google_Service_Directory::ADMIN_DIRECTORY_USER, ]; ######### REPLACE WITH YOUR OWN VALUES ############### $JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'; $RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'; $CUSTOMER_DOMAIN = 'example.com'; $CUSTOMER_SITE = 'https://www.example.com/'; ###################################################### $client = new Google_Client(); $client->setAuthConfig($JSON_PRIVATE_KEY_FILE); $client->setSubject($RESELLER_ADMIN_USER); $client->setScopes($OAUTH2_SCOPES); $resellerService = new Google_Service_Reseller($client); $directoryService = new Google_Service_Directory($client); $verificationService = new Google_Service_SiteVerification($client);
Ruby
require 'googleauth' require 'google/apis/reseller_v1' require 'google/apis/site_verification_v1' require 'google/apis/admin_directory_v1' # Full List of scopes: # https://developers.google.com/identity/protocols/googlescopes OAUTH2_SCOPES = [ 'https://reseller.googleapis.com/auth/apps.order', 'https://reseller.googleapis.com/auth/admin.directory.user', 'https://reseller.googleapis.com/auth/siteverification', ] ####### REPLACE WITH YOUR OWN VALUES ############### JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json' RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com' CUSTOMER_DOMAIN = 'example.com' CUSTOMER_SITE = 'https://www.example.com/' #################################################### credentials = Google::Auth::ServiceAccountCredentials.make_creds( json_key_io: File.open(JSON_PRIVATE_KEY_FILE), scope: OAUTH2_SCOPES) credentials.sub = RESELLER_ADMIN_USER Google::Apis::RequestOptions.default.authorization = credentials reseller_service = Google::Apis::ResellerV1::ResellerService.new directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');
// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################
// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
];
const authJWT = new google.auth.JWT({
keyFile: JSON_PRIVATE_KEY_FILE,
scopes: OAUTH2_SCOPES,
subject: RESELLER_ADMIN_USER,
});
const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
Domainbestätigung starten
Dieser Schritt ist optional, wird jedoch empfohlen, wenn Sie die Möglichkeit haben, die Domain des Kunden zu bestätigen. Dieser Schritt ist am Ende der Anleitung abgeschlossen, wenn Sie die Domain bestätigen.
Wenn du die Domain des Kunden nicht bestätigst, gelten die folgenden Einschränkungen:
- Sie haben nur Zugriff auf die Admin-Konsole, auf der sie durch die manuelle Domainbestätigung geführt werden.
- Sie können 21 Tage nach der Erstellung gesperrt werden.
So rufen Sie ein Bestätigungstoken für die Website ab:
Mit der Site Verification API können Sie ein Bestätigungstoken für Websites abrufen. Sie können zwar nicht bestätigen, ob eine Domain bereits validiert wurde, aber Sie können Websites ohne Probleme mehrmals validieren. Die
verificationMethod-Parameter variieren je nachdem, ob Sie einenINET_DOMAIN- oderSITE-Typ validieren. Wählen Sie eine der folgenden Optionen aus:Verwenden Sie für den Typ
INET_DOMAINeinen der folgendenverificationMethod-Parameter:DNS_TXTDNS_CNAME
Im folgenden Beispiel für den Tokenabruf wird der Typ
INET_DOMAINverwendet:Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'INET_DOMAIN', 'identifier': CUSTOMER_DOMAIN }, 'verificationMethod': 'DNS_TXT' }).execute() print(response)Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("INET_DOMAIN") .setIdentifier(CUSTOMER_DOMAIN); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("DNS_TXT") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "INET_DOMAIN", Identifier = CUSTOMER_DOMAIN }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "DNS_TXT", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'DNS_TXT', 'site' => [ 'type' => 'INET_DOMAIN', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r ($response);Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN }, verification_method: 'DNS_TXT' ) response = verification_service.get_web_resource_token(request) puts response.inspectNode.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'INET_DOMAIN', identifier: CUSTOMER_DOMAIN, }, verificationMethod: 'DNS_TXT', } }).then(({data}) => { console.log(data); return data; });Verwenden Sie für den Typ
SITEeinen der folgendenverificationMethod-Parameter:FILEMETA
Im folgenden Beispiel für den Tokenabruf wird der Typ
SITEmit der BestätigungsmethodeFILEverwendet. Wenn Sie den ÜberprüfungstypSITEverwenden, müssen Sie der Kennunghttp://oderhttps://voranstellen.Python
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens response = verification_service.webResource().getToken( body={ 'site': { 'type': 'SITE', 'identifier': CUSTOMER_SITE }, 'verificationMethod': 'FILE' }).execute() print(response)Java
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.Site getTokenSite = new SiteVerificationWebResourceGettokenRequest.Site() .setType("SITE") .setIdentifier(CUSTOMER_SITE); SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() .setVerificationMethod("FILE") .setSite(getTokenSite); SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.webResource().getToken(request).execute(); System.out.println("Site Verification Token: " + getTokenResponse.getToken());C#
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite = new SiteVerificationWebResourceGettokenRequest.SiteData() { Type = "SITE", Identifier = CUSTOMER_SITE }; SiteVerificationWebResourceGettokenRequest request = new SiteVerificationWebResourceGettokenRequest() { VerificationMethod = "FILE", Site = getTokenSite }; SiteVerificationWebResourceGettokenResponse getTokenResponse = verificationService.WebResource.GetToken(request).Execute(); Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);PHP
// Retrieve the site verification token and place it according to: // https://developers.google.com/site-verification/v1/getting_started#tokens $body = new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([ 'verificationMethod' => 'FILE', 'site' => [ 'type' => 'SITE', 'identifier' => $CUSTOMER_DOMAIN ] ]); $response = $verificationService->webResource->getToken($body); print_r($response);Ruby
# Retrieve the site verification token and place it according to: # https://developers.google.com/site-verification/v1/getting_started#tokens request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new( site: { type: 'SITE', identifier: CUSTOMER_SITE }, verification_method: 'FILE' ) response = verification_service.get_web_resource_token(request) puts response.inspectNode.js
/** * Retrieve the site verification token and place it according to: * https://developers.google.com/site-verification/v1/getting_started#tokens */ const getTokenPromise = verificationService.webResource.getToken({ requestBody: { site: { type: 'SITE', identifier: CUSTOMER_SITE, }, verificationMethod: 'FILE', } }).then(({data}) => { console.log(data); return data; });
Fügen Sie das Bestätigungstoken der Website in den DNS-Eintrag oder auf die Website ein.
Kunden mit der Reseller API erstellen
Ermitteln Sie mit der Methode Customers.Get, ob ein Kunde bereits in Google Workspace vorhanden ist:
Python
# Determine if customer domain already has Google Workspace try: response = reseller_service.customers().get( customerId=CUSTOMER_DOMAIN).execute() print('Customer already exists if call succeeds') sys.exit() except HttpError as error: if int(error.resp['status']) == 404: print('Domain available for Google Workspace creation') else: raiseJava
// Determine if customer domain already has Google Workspace try { resellerService.customers().get(CUSTOMER_DOMAIN).execute(); System.out.println("Customer already exists if call succeeds"); System.exit(0); } catch (HttpResponseException e) { if (e.getStatusCode() == 404) { System.out.println("Domain available for Google Workspace creation"); } else { throw e; } }C#
// Determine if customer domain already has Google Workspace try { resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Customer already exists if call succeeds"); Environment.Exit(0); } catch (Google.GoogleApiException e) { if (e.Error.Code == 404) { Console.WriteLine("Domain available for Google Workspace creation"); } else throw e; }PHP
// Determine if customer domain already has Google Workspace try { $response = $resellerService->customers->get($CUSTOMER_DOMAIN); exit('Customer already exists if call succeeds'); } catch(Google_Service_Exception $e) { if ($e->getErrors()[0]['reason'] == 'notFound'){ print ("Domain available for Google Workspace creation\n"); } else { throw $e; } }Ruby
# Determine if customer domain already has Google Workspace begin reseller_service.get_customer(CUSTOMER_DOMAIN) abort('Customer already exists if call succeeds') rescue Google::Apis::ClientError => ex if ex.status_code == 404 puts 'Domain available for Google Workspace creation' else raise ex end endNode.js
// Determine if customer domain already has Google Workspace const getCustomerPromise = resellerService.customers.get({ customerId: CUSTOMER_DOMAIN }).then(() => { throw new Error('Customer already exists'); }, resErr => { if (resErr.code === 404) { console.log('Domain available for Google Workspace creation'); } else { throw resErr; } });Gehen Sie je nach Antwort so vor:
Wenn der Kunde nicht vorhanden ist, gibt die Methode
customers.getden FehlercodeHTTP 404zurück. Fahren Sie mit dem nächsten Schritt fort, bei dem Sie einen Kundeneintrag in Google Workspace erstellen.Wenn die Methode
customers.getohne Fehler zurückgegeben wird, musst du im Antworttext für das AttributalternateEmailprüfen, ob der Kunde dir gehört. Wenn das AttributalternateEmailfehlt, musst du den Kunden und seine Abos übertragen.
Erstellen Sie einen Kundendatensatz in Google Workspace. Bevor Sie Abos für diesen Kunden erstellen können, müssen Sie einen Kundeneintrag erstellen. Beachten Sie dazu die folgenden Richtlinien:
alternateEmaildarf sich nicht in derselben Domain wiecustomerDomainbefinden.postalAddress.countryCodemuss ein zweistelliger ISO-Ländercode sein.
Das folgende Beispiel zeigt die Erstellung eines Kundendatensatzes:
Python
# Create customer resource response = reseller_service.customers().insert( body={ 'customerDomain': CUSTOMER_DOMAIN, 'alternateEmail': 'marty.mcfly@gmail.com', 'postalAddress': { 'contactName': 'Marty McFly', 'organizationName': 'Acme Corp', 'postalCode': '10009', 'countryCode': 'US', } }).execute() print(response)Java
// Create customer resource Address address = new Address() .setContactName("Marty McFly") .setOrganizationName("Acme Corp") .setCountryCode("US") .setPostalCode("10009"); Customer customer = new Customer() .setCustomerDomain(CUSTOMER_DOMAIN) .setAlternateEmail("marty.mcfly@gmail.com") .setPostalAddress(address); Customer customerResponse = resellerService.customers() .insert(customer).execute(); System.out.println("Created Customer:\n" + customerResponse);C#
// Create customer resource Address address = new Address() { ContactName = "Marty McFly", OrganizationName = "Acme Corp", CountryCode = "US", PostalCode = "10009" }; Customer customer = new Customer() { CustomerDomain = CUSTOMER_DOMAIN, AlternateEmail = "marty.mcfly@gmail.com", PostalAddress = address }; Customer customerResponse = resellerService.Customers.Insert(customer).Execute(); Console.WriteLine("Created Customer:\n{0}", customerResponse);PHP
// Create customer resource $customer = new Google_Service_Reseller_Customer([ 'customerDomain' => $CUSTOMER_DOMAIN, 'alternateEmail' => 'marty.mcfly@gmail.com', 'postalAddress' => [ 'contactName' => 'Marty McFly', 'organizationName' => 'Acme Corp', 'countryCode' => 'US', 'postalCode' => '10009' ] ]); $response = $resellerService->customers->insert($customer); print_r ($response);Ruby
# Create customer resource customer = Google::Apis::ResellerV1::Customer.new( customer_domain: CUSTOMER_DOMAIN, alternate_email: 'marty.mcfly@gmail.com', postal_address: { contact_name: 'Marty McFly', organization_name: 'Acme Corp', country_code: 'US', postal_code: '10009'}) response = reseller_service.insert_customer(customer) puts response.inspectNode.js
// Create customer resource const insertCustomerPromise = resellerService.customers.insert({ requestBody: { customerDomain: CUSTOMER_DOMAIN, alternateEmail: 'marty.mcfly@gmail.com', postalAddress: { contactName: 'Marty McFly', organizationName: 'Acme Corp', postalCode: '10009', countryCode: 'US', } } }).then(({data}) => { console.log(data); return data; });
Ersten Administrator mit der Admin SDK API erstellen
Nach der Bereitstellung eines Kunden müssen Sie den ersten Nutzer erstellen und den Nutzer sofort auf einen Domain-Super Admin upgraden, damit der Kunde auf seine neuen Dienste zugreifen und alle anwendbaren Nutzungsbedingungen akzeptieren kann.
Erstellen Sie den ersten Nutzer und legen Sie sein Passwort fest. Passwörter müssen ausreichend komplex sein und mindestens acht Zeichen umfassen. Weitere Informationen finden Sie in der Ressource
user.Python
# Create first admin user response = directory_service.users().insert( body={ 'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN, 'name': { 'givenName': 'Marty', 'familyName': 'McFly', }, 'password': 'Timecircuit88' }).execute() print(response)Java
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName(); name.setGivenName("Marty"); name.setFamilyName("McFly"); User user = new User(); user.setPrimaryEmail(userEmail); user.setPassword("TimeCircuit88"); user.setName(name); User userResponse = directoryService.users().insert(user).execute(); System.out.println("Created User:\n" + userResponse);C#
// Create first admin user String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN; UserName name = new UserName() { GivenName = "Marty", FamilyName = "McFly" }; User user = new User() { PrimaryEmail = userEmail, Password = "TimeCircuit88", Name = name }; User userResponse = directoryService.Users.Insert(user).Execute(); Console.WriteLine("Created User:\n{0}", userResponse);PHP
// Create first admin user $user = new Google_Service_Directory_User([ 'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN, 'password' => 'Timecircuit88', 'name' => [ 'givenName' => 'Marty', 'familyName' => 'McFly', 'fullName' => 'Marty McFly' ] ]); $response = $directoryService->users->insert($user); print_r ($response);Ruby
# Create first admin user user = Google::Apis::AdminDirectoryV1::User.new( name: { given_name: 'Marty', family_name: 'McFly', full_name: 'Marty McFly' }, password: 'Timecircuit88', primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN, ) response = directory_service.insert_user(user) puts response.inspectNode.js
// Create first admin user const insertUserPromise = directoryService.users.insert({ requestBody: { primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`, name: { givenName: 'Marty', familyName: 'McFly', }, password: 'Timecircuit88', } }).then(({data}) => { console.log(data); return data; });Wenn beim Erstellen des Nutzers ein
HTTP 409zurückgegeben wird, ist der Nutzername möglicherweise bereits als Privatnutzerkonto vorhanden.Führen Sie ein Upgrade des Nutzers auf die Rolle „Super Admin“ durch:
Python
# Promote user to admin status response = directory_service.users().makeAdmin( userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={ 'status': True }).execute()Java
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin(); admin.setStatus(true); directoryService.users().makeAdmin(userEmail, admin).execute(); System.out.println("User promoted to Admin");C#
// Promote user to admin status UserMakeAdmin admin = new UserMakeAdmin() { Status = true }; directoryService.Users.MakeAdmin(admin, userEmail).Execute(); Console.WriteLine("User promoted to Admin");PHP
// Promote user to admin status $makeAdmin = new Google_Service_Directory_UserMakeAdmin([ 'status' => true ]); $directoryService->users->makeAdmin( 'marty.mcfly@' . $CUSTOMER_DOMAIN, $makeAdmin );
Ruby
# Promote user to admin status admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new( status: true ) response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)Node.js
// Promote user to admin status const makeAdminPromise = directoryService.users.makeAdmin({ userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`, requestBody: { status: true } });
Google Workspace-Abo für einen Kunden erstellen
Wenn Sie ein Abo für einen Kunden erstellen, sollten Sie eine interne Transaktions-ID oder Kennung für diesen Kunden in das Feld purchaseOrderId eingeben.
Weitere Informationen zu bestimmten Argumenten und Werten finden Sie unter Abos verwalten.
Verwenden Sie den Aufruf Subscriptions.Insert, um ein Abo zu erstellen. Im folgenden Beispiel wird ein
ANNUAL_YEARLY_PAY-Abo verwendet:Python
# Create subscription resource response = reseller_service.subscriptions().insert( customerId=CUSTOMER_DOMAIN, body={ 'customerId': CUSTOMER_DOMAIN, 'skuId': '1010020027', 'plan': { 'planName': 'ANNUAL_MONTHLY_PAY', }, 'seats': { 'numberOfSeats': 5, }, 'renewalSettings': { # only relevant for annual plans 'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY' } }).execute() print(response)Java
// Create subscription resource Seats seats = new Seats() .setNumberOfSeats(5); Subscription.Plan plan = new Subscription.Plan() .setPlanName("ANNUAL_YEARLY_PAY"); RenewalSettings renewalSettings = new RenewalSettings() .setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY"); Subscription subscription = new Subscription() .setCustomerId(CUSTOMER_DOMAIN) .setSeats(seats) .setPlan(plan) .setSkuId("1010020027") .setRenewalSettings(renewalSettings); Subscription subscriptionResponse = resellerService.subscriptions() .insert(CUSTOMER_DOMAIN, subscription).execute(); System.out.println("Created Subscription:\n" + subscriptionResponse);C#
// Create subscription resource Seats seats = new Seats() { NumberOfSeats = 5 }; Subscription.PlanData plan = new Subscription.PlanData() { PlanName = "ANNUAL_YEARLY_PAY" }; RenewalSettings renewalSettings = new RenewalSettings() { RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY" }; Subscription subscription = new Subscription() { CustomerId = CUSTOMER_DOMAIN, Seats = seats, Plan = plan, SkuId = "1010020027", RenewalSettings = renewalSettings }; Subscription subscriptionResponse = resellerService.Subscriptions .Insert(subscription, CUSTOMER_DOMAIN).Execute(); Console.WriteLine("Created Subscription:\n" + subscriptionResponse);PHP
// Create subscription resource $subscription = new Google_Service_Reseller_Subscription([ 'customerId' => $CUSTOMER_DOMAIN, 'skuId' => '1010020027', 'plan' => [ 'planName' => 'ANNUAL_MONTHLY_PAY' ], 'seats' => [ 'numberOfSeats' => '5' ], 'renewalSettings' => [ 'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY' ] ]); $response = $resellerService->subscriptions->insert( $CUSTOMER_DOMAIN, $subscription ); print_r ($response);Ruby
# Create subscription resource subscription = Google::Apis::ResellerV1::Subscription.new( customer_id: CUSTOMER_DOMAIN, sku_id: '1010020027', plan: { plan_name: 'ANNUAL_MONTHLY_PAY' }, seats: { number_of_seats: 5, }, renewal_settings: { renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY' } ) response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription) puts response.inspectNode.js
// Create subscription resource const insertSubscriptionPromise = resellerService.subscriptions.insert({ customerId: CUSTOMER_DOMAIN, requestBody: { customerId: CUSTOMER_DOMAIN, skuId: '1010020027', plan: { planName: 'ANNUAL_MONTHLY_PAY', }, seats: { numberOfSeats: 5, }, renewalSettings: { // only relevant for annual plans renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY', } } }).then(({data}) => { console.log(data); return data; });Abos haben den Status
SUSPENDED, bis sich ein Kundenadministrator anmeldet und die Nutzungsbedingungen akzeptiert. Kundenadministratoren werden bei der ersten Anmeldung zu den Nutzungsbedingungen weitergeleitet, wenn sie auf ein Google-Produkt (z. B. Gmail oder Google Drive) zugreifen.
Domain bestätigen und Domaininhaber festlegen
Dieser Schritt ist optional, wird jedoch empfohlen, wenn Sie die Möglichkeit haben, die Domain des Kunden zu bestätigen. Der webResource.insert()-Aufruf der Site Verification API überprüft eine Domain und weist ihr die Inhaber zu, die Sie im Parameter owners[] des Anfragetexts angeben.
Das folgende Beispiel zeigt, wie ein INET_DOMAIN bestätigt wird:
Python
# Verify domain and designate domain owners
response = verification_service.webResource().insert(
verificationMethod='DNS_TXT',
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
}).execute()
print(response)
Java
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.Site verifySite =
new SiteVerificationWebResourceResource.Site()
.setIdentifier(CUSTOMER_DOMAIN)
.setType("INET_DOMAIN");
List<String> owners = Arrays.asList(userEmail);
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
.setSite(verifySite)
.setOwners(owners);
SiteVerificationWebResourceResource verifyResponse =
verificationService.webResource().insert("DNS_TXT", resource).execute();
System.out.println("Site Verification Web Resource:\n" + verifyResponse);
C#
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.SiteData verifySite =
new SiteVerificationWebResourceResource.SiteData()
{
Identifier = CUSTOMER_DOMAIN,
Type = "INET_DOMAIN"
};
string[] owners = { userEmail };
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
{
Site = verifySite,
Owners = owners
};
SiteVerificationWebResourceResource verifyResponse =
verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
PHP
// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN,
],
'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);
$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);
Ruby
# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)
response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect
Node.js
// Verify domain and designate domain owners
const verifyDomainPromise = verificationService.webResource.insert({
verificationMethod: 'DNS_TXT',
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
}
}).then(({data}) => {
console.log(data);
return data;
});
Wenn der Vorgang erfolgreich ist, wird bei diesem Aufruf ein HTTP 200-Code zurückgegeben. Wenn webResource.insert() die Domain nicht bestätigen kann, wird ein Fehlercode auf HTTP 400-Ebene zurückgegeben. Wiederholen Sie den webResource.insert()-Aufruf mit einer Backoff-Verzögerung, bis die Domain erfolgreich bestätigt wurde.
Zusammenfassung
Das folgende Beispiel zeigt den vollständigen Code für die Bereitstellung eines Google Workspace-Kunden:
Python
"""This is a basic example of provisioning a Google Workspace customer.
"""
import sys
from apiclient.discovery import build
from apiclient.http import HttpError
from oauth2client.service_account import ServiceAccountCredentials
############## REPLACE WITH YOUR OWN VALUES ####################
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com'
################################################################
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
]
credentials = ServiceAccountCredentials.from_json_keyfile_name(
JSON_PRIVATE_KEY_FILE, OAUTH2_SCOPES).create_delegated(RESELLER_ADMIN_USER)
reseller_service = build(
serviceName='reseller', version='v1', credentials=credentials)
directory_service = build(
serviceName='admin', version='directory_v1', credentials=credentials)
verification_service = build(
serviceName='siteVerification', version='v1', credentials=credentials)
# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
response = verification_service.webResource().getToken(
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'verificationMethod': 'DNS_TXT'
}).execute()
print(response)
# Determine if customer domain already has Google Workspace
try:
response = reseller_service.customers().get(
customerId=CUSTOMER_DOMAIN).execute()
print('Customer already exists if call succeeds')
sys.exit()
except HttpError as error:
if int(error.resp['status']) == 404:
print('Domain available for Google Workspace creation')
else:
raise
# Create customer resource
response = reseller_service.customers().insert(
body={
'customerDomain': CUSTOMER_DOMAIN,
'alternateEmail': 'marty.mcfly@gmail.com',
'postalAddress': {
'contactName': 'Marty McFly',
'organizationName': 'Acme Corp',
'postalCode': '10009',
'countryCode': 'US',
}
}).execute()
print(response)
# Create first admin user
response = directory_service.users().insert(
body={
'primaryEmail': 'marty.mcfly@' + CUSTOMER_DOMAIN,
'name': {
'givenName': 'Marty',
'familyName': 'McFly',
},
'password': 'Timecircuit88'
}).execute()
print(response)
# Promote user to admin status
response = directory_service.users().makeAdmin(
userKey='marty.mcfly@' + CUSTOMER_DOMAIN, body={
'status': True
}).execute()
# Create subscription resource
response = reseller_service.subscriptions().insert(
customerId=CUSTOMER_DOMAIN,
body={
'customerId': CUSTOMER_DOMAIN,
'skuId': '1010020027',
'plan': {
'planName': 'ANNUAL_MONTHLY_PAY',
},
'seats': {
'numberOfSeats': 5,
},
'renewalSettings': { # only relevant for annual plans
'renewalType': 'RENEW_CURRENT_USERS_MONTHLY_PAY'
}
}).execute()
print(response)
# Verify domain and designate domain owners
response = verification_service.webResource().insert(
verificationMethod='DNS_TXT',
body={
'site': {
'type': 'INET_DOMAIN',
'identifier': CUSTOMER_DOMAIN
},
'owners': ['marty.mcfly@' + CUSTOMER_DOMAIN]
}).execute()
print(response)
Java
// OAuth2 and HTTP
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpResponseException;
import com.google.api.client.json.jackson2.JacksonFactory;
// Directory API
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;
import com.google.api.services.admin.directory.model.User;
import com.google.api.services.admin.directory.model.UserMakeAdmin;
import com.google.api.services.admin.directory.model.UserName;
// Reseller API
import com.google.api.services.reseller.Reseller;
import com.google.api.services.reseller.ResellerScopes;
import com.google.api.services.reseller.model.Address;
import com.google.api.services.reseller.model.Customer;
import com.google.api.services.reseller.model.RenewalSettings;
import com.google.api.services.reseller.model.Seats;
import com.google.api.services.reseller.model.Subscription;
// Site Verification API
import com.google.api.services.siteVerification.SiteVerification;
import com.google.api.services.siteVerification.SiteVerificationScopes;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenRequest;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceGettokenResponse;
import com.google.api.services.siteVerification.model.SiteVerificationWebResourceResource;
// Java library imports
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
/**
* This is a basic example of provisioning a Google Workspace customer.
*/
public class CodelabExample {
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
private static final List<String> OAUTH2_SCOPES = Arrays.asList(
ResellerScopes.APPS_ORDER,
SiteVerificationScopes.SITEVERIFICATION,
DirectoryScopes.ADMIN_DIRECTORY_USER
);
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static final String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static final String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static final String CUSTOMER_DOMAIN = "example.com";
public static final String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
public static void main(String[] args)
throws IOException, GeneralSecurityException, FileNotFoundException {
// Instantiate services with authenticated credentials
GoogleCredential jsonCredentials = GoogleCredential
.fromStream(new FileInputStream(JSON_PRIVATE_KEY_FILE));
GoogleCredential credentials = new GoogleCredential.Builder()
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.setJsonFactory(JacksonFactory.getDefaultInstance())
.setServiceAccountScopes(OAUTH2_SCOPES)
.setServiceAccountUser(RESELLER_ADMIN_USER)
.setServiceAccountPrivateKey(jsonCredentials.getServiceAccountPrivateKey())
.setServiceAccountId(jsonCredentials.getServiceAccountId())
.build();
Reseller resellerService = new Reseller.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
Directory directoryService = new Directory.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
SiteVerification verificationService = new SiteVerification.Builder(
credentials.getTransport(),
credentials.getJsonFactory(),
credentials).setApplicationName("Google Workspace Creator").build();
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
SiteVerificationWebResourceGettokenRequest.Site getTokenSite =
new SiteVerificationWebResourceGettokenRequest.Site()
.setType("INET_DOMAIN")
.setIdentifier(CUSTOMER_DOMAIN);
SiteVerificationWebResourceGettokenRequest request =
new SiteVerificationWebResourceGettokenRequest()
.setVerificationMethod("DNS_TXT")
.setSite(getTokenSite);
SiteVerificationWebResourceGettokenResponse getTokenResponse =
verificationService.webResource().getToken(request).execute();
System.out.println("Site Verification Token: " + getTokenResponse.getToken());
// Determine if customer domain already has Google Workspace
try {
resellerService.customers().get(CUSTOMER_DOMAIN).execute();
System.out.println("Customer already exists if call succeeds");
System.exit(0);
} catch (HttpResponseException e) {
if (e.getStatusCode() == 404) {
System.out.println("Domain available for Google Workspace creation");
} else {
throw e;
}
}
// Create customer resource
Address address = new Address()
.setContactName("Marty McFly")
.setOrganizationName("Acme Corp")
.setCountryCode("US")
.setPostalCode("10009");
Customer customer = new Customer()
.setCustomerDomain(CUSTOMER_DOMAIN)
.setAlternateEmail("marty.mcfly@gmail.com")
.setPostalAddress(address);
Customer customerResponse = resellerService.customers()
.insert(customer).execute();
System.out.println("Created Customer:\n" + customerResponse);
// Create first admin user
String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
UserName name = new UserName();
name.setGivenName("Marty");
name.setFamilyName("McFly");
User user = new User();
user.setPrimaryEmail(userEmail);
user.setPassword("TimeCircuit88");
user.setName(name);
User userResponse = directoryService.users().insert(user).execute();
System.out.println("Created User:\n" + userResponse);
// Promote user to admin status
UserMakeAdmin admin = new UserMakeAdmin();
admin.setStatus(true);
directoryService.users().makeAdmin(userEmail, admin).execute();
System.out.println("User promoted to Admin");
// Create subscription resource
Seats seats = new Seats()
.setNumberOfSeats(5);
Subscription.Plan plan = new Subscription.Plan()
.setPlanName("ANNUAL_YEARLY_PAY");
RenewalSettings renewalSettings = new RenewalSettings()
.setRenewalType("RENEW_CURRENT_USERS_MONTHLY_PAY");
Subscription subscription = new Subscription()
.setCustomerId(CUSTOMER_DOMAIN)
.setSeats(seats)
.setPlan(plan)
.setSkuId("1010020027")
.setRenewalSettings(renewalSettings);
Subscription subscriptionResponse = resellerService.subscriptions()
.insert(CUSTOMER_DOMAIN, subscription).execute();
System.out.println("Created Subscription:\n" + subscriptionResponse);
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.Site verifySite =
new SiteVerificationWebResourceResource.Site()
.setIdentifier(CUSTOMER_DOMAIN)
.setType("INET_DOMAIN");
List<String> owners = Arrays.asList(userEmail);
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
.setSite(verifySite)
.setOwners(owners);
SiteVerificationWebResourceResource verifyResponse =
verificationService.webResource().insert("DNS_TXT", resource).execute();
System.out.println("Site Verification Web Resource:\n" + verifyResponse);
}
}
C#
// OAuth2 and HTTP
using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
// Reseller API
using Google.Apis.Reseller.v1;
using Google.Apis.Reseller.v1.Data;
// Directory API
using Google.Apis.Admin.Directory.directory_v1;
using User = Google.Apis.Admin.Directory.directory_v1.Data.User;
using UserName = Google.Apis.Admin.Directory.directory_v1.Data.UserName;
using UserMakeAdmin = Google.Apis.Admin.Directory.directory_v1.Data.UserMakeAdmin;
//Site Verification API
using Google.Apis.SiteVerification.v1;
using Google.Apis.SiteVerification.v1.Data;
// System imports
using System;
using System.IO;
class CodelabExample
{
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
static string[] OAUTH2_SCOPES = {
ResellerService.Scope.AppsOrder,
DirectoryService.Scope.AdminDirectoryUser,
SiteVerificationService.Scope.Siteverification
};
/***************** REPLACE WITH YOUR OWN VALUES ********************************/
public static String JSON_PRIVATE_KEY_FILE = "path/to/json_key_file.json";
public static String RESELLER_ADMIN_USER = "admin@yourresellerdomain.com";
public static String CUSTOMER_DOMAIN = "example.com";
public static String CUSTOMER_SITE = "https://www.example.com/";
/*******************************************************************************/
static void Main(string[] args)
{
GoogleCredential credential;
using (var stream = new FileStream(JSON_PRIVATE_KEY_FILE, FileMode.Open, FileAccess.Read))
{
credential = GoogleCredential
.FromStream(stream)
.CreateScoped(OAUTH2_SCOPES)
.CreateWithUser(RESELLER_ADMIN_USER);
}
var resellerService = new ResellerService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var directoryService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
var verificationService = new SiteVerificationService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
});
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
SiteVerificationWebResourceGettokenRequest.SiteData getTokenSite =
new SiteVerificationWebResourceGettokenRequest.SiteData()
{
Type = "INET_DOMAIN",
Identifier = CUSTOMER_DOMAIN
};
SiteVerificationWebResourceGettokenRequest request =
new SiteVerificationWebResourceGettokenRequest()
{
VerificationMethod = "DNS_TXT",
Site = getTokenSite
};
SiteVerificationWebResourceGettokenResponse getTokenResponse =
verificationService.WebResource.GetToken(request).Execute();
Console.WriteLine("Site Verification Token: {0}", getTokenResponse.Token);
// Determine if customer domain already has Google Workspace
try
{
resellerService.Customers.Get(CUSTOMER_DOMAIN).Execute();
Console.WriteLine("Customer already exists if call succeeds");
Environment.Exit(0);
}
catch (Google.GoogleApiException e) {
if (e.Error.Code == 404)
{
Console.WriteLine("Domain available for Google Workspace creation");
} else throw e;
}
// Create customer resource
Address address = new Address()
{
ContactName = "Marty McFly",
OrganizationName = "Acme Corp",
CountryCode = "US",
PostalCode = "10009"
};
Customer customer = new Customer()
{
CustomerDomain = CUSTOMER_DOMAIN,
AlternateEmail = "marty.mcfly@gmail.com",
PostalAddress = address
};
Customer customerResponse = resellerService.Customers.Insert(customer).Execute();
Console.WriteLine("Created Customer:\n{0}", customerResponse);
// Create first admin user
String userEmail = "marty.mcfly@" + CUSTOMER_DOMAIN;
UserName name = new UserName()
{
GivenName = "Marty",
FamilyName = "McFly"
};
User user = new User()
{
PrimaryEmail = userEmail,
Password = "TimeCircuit88",
Name = name
};
User userResponse = directoryService.Users.Insert(user).Execute();
Console.WriteLine("Created User:\n{0}", userResponse);
// Promote user to admin status
UserMakeAdmin admin = new UserMakeAdmin()
{
Status = true
};
directoryService.Users.MakeAdmin(admin, userEmail).Execute();
Console.WriteLine("User promoted to Admin");
// Create subscription resource
Seats seats = new Seats()
{
NumberOfSeats = 5
};
Subscription.PlanData plan = new Subscription.PlanData()
{
PlanName = "ANNUAL_YEARLY_PAY"
};
RenewalSettings renewalSettings = new RenewalSettings()
{
RenewalType = "RENEW_CURRENT_USERS_MONTHLY_PAY"
};
Subscription subscription = new Subscription()
{
CustomerId = CUSTOMER_DOMAIN,
Seats = seats,
Plan = plan,
SkuId = "1010020027",
RenewalSettings = renewalSettings
};
Subscription subscriptionResponse = resellerService.Subscriptions
.Insert(subscription, CUSTOMER_DOMAIN).Execute();
Console.WriteLine("Created Subscription:\n" + subscriptionResponse);
// Verify domain and designate domain owners
SiteVerificationWebResourceResource.SiteData verifySite =
new SiteVerificationWebResourceResource.SiteData()
{
Identifier = CUSTOMER_DOMAIN,
Type = "INET_DOMAIN"
};
string[] owners = { userEmail };
SiteVerificationWebResourceResource resource =
new SiteVerificationWebResourceResource()
{
Site = verifySite,
Owners = owners
};
SiteVerificationWebResourceResource verifyResponse =
verificationService.WebResource.Insert(resource, "DNS_TXT").Execute();
Console.WriteLine("Site Verification Web Resource:\n" + verifyResponse);
}
}
PHP
// https://developers.google.com/api-client-library/php/
require_once 'vendor/autoload.php';
// Full List of scopes:
// https://developers.google.com/identity/protocols/googlescopes
$OAUTH2_SCOPES = [
Google_Service_Reseller::APPS_ORDER,
Google_Service_SiteVerification::SITEVERIFICATION,
Google_Service_Directory::ADMIN_DIRECTORY_USER,
];
######### REPLACE WITH YOUR OWN VALUES ###############
$JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
$RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
$CUSTOMER_DOMAIN = 'example.com';
$CUSTOMER_SITE = 'https://www.example.com/';
######################################################
$client = new Google_Client();
$client->setAuthConfig($JSON_PRIVATE_KEY_FILE);
$client->setSubject($RESELLER_ADMIN_USER);
$client->setScopes($OAUTH2_SCOPES);
$resellerService = new Google_Service_Reseller($client);
$directoryService = new Google_Service_Directory($client);
$verificationService = new Google_Service_SiteVerification($client);
// Retrieve the site verification token and place it according to:
// https://developers.google.com/site-verification/v1/getting_started#tokens
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceGettokenRequest([
'verificationMethod' => 'DNS_TXT',
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN
]
]);
$response = $verificationService->webResource->getToken($body);
print_r ($response);
// Determine if customer domain already has Google Workspace
try {
$response = $resellerService->customers->get($CUSTOMER_DOMAIN);
exit('Customer already exists if call succeeds');
} catch(Google_Service_Exception $e) {
if ($e->getErrors()[0]['reason'] == 'notFound'){
print ("Domain available for Google Workspace creation\n");
} else {
throw $e;
}
}
// Create customer resource
$customer = new Google_Service_Reseller_Customer([
'customerDomain' => $CUSTOMER_DOMAIN,
'alternateEmail' => 'marty.mcfly@gmail.com',
'postalAddress' => [
'contactName' => 'Marty McFly',
'organizationName' => 'Acme Corp',
'countryCode' => 'US',
'postalCode' => '10009'
]
]);
$response = $resellerService->customers->insert($customer);
print_r ($response);
// Create first admin user
$user = new Google_Service_Directory_User([
'primaryEmail' => 'marty.mcfly@' . $CUSTOMER_DOMAIN,
'password' => 'Timecircuit88',
'name' => [
'givenName' => 'Marty',
'familyName' => 'McFly',
'fullName' => 'Marty McFly'
]
]);
$response = $directoryService->users->insert($user);
print_r ($response);
// Promote user to admin status
$makeAdmin = new Google_Service_Directory_UserMakeAdmin([
'status' => true
]);
$directoryService->users->makeAdmin(
'marty.mcfly@' . $CUSTOMER_DOMAIN,
$makeAdmin
);
// Create subscription resource
$subscription = new Google_Service_Reseller_Subscription([
'customerId' => $CUSTOMER_DOMAIN,
'skuId' => '1010020027',
'plan' => [
'planName' => 'ANNUAL_MONTHLY_PAY'
],
'seats' => [
'numberOfSeats' => '5'
],
'renewalSettings' => [
'renewalType' => 'RENEW_CURRENT_USERS_MONTHLY_PAY'
]
]);
$response = $resellerService->subscriptions->insert(
$CUSTOMER_DOMAIN,
$subscription
);
print_r ($response);
// Verify domain and designate domain owners
$body =
new Google_Service_SiteVerification_SiteVerificationWebResourceResource([
'site' => [
'type' => 'INET_DOMAIN',
'identifier' => $CUSTOMER_DOMAIN,
],
'owners' => ['marty.mcfly@' . $CUSTOMER_DOMAIN]
]);
$response = $verificationService->webResource->insert('DNS_TXT', $body);
print_r ($response);
Ruby
require 'googleauth'
require 'google/apis/reseller_v1'
require 'google/apis/site_verification_v1'
require 'google/apis/admin_directory_v1'
# Full List of scopes:
# https://developers.google.com/identity/protocols/googlescopes
OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/admin.directory.user',
'https://reseller.googleapis.com/auth/siteverification',
]
####### REPLACE WITH YOUR OWN VALUES ###############
JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json'
RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com'
CUSTOMER_DOMAIN = 'example.com'
CUSTOMER_SITE = 'https://www.example.com/'
####################################################
credentials = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open(JSON_PRIVATE_KEY_FILE),
scope: OAUTH2_SCOPES)
credentials.sub = RESELLER_ADMIN_USER
Google::Apis::RequestOptions.default.authorization = credentials
reseller_service = Google::Apis::ResellerV1::ResellerService.new
directory_service = Google::Apis::AdminDirectoryV1::DirectoryService.new
verification_service = Google::Apis::SiteVerificationV1::SiteVerificationService.new
# Retrieve the site verification token and place it according to:
# https://developers.google.com/site-verification/v1/getting_started#tokens
request = Google::Apis::SiteVerificationV1::GetWebResourceTokenRequest.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
verification_method: 'DNS_TXT'
)
response = verification_service.get_web_resource_token(request)
puts response.inspect
# Determine if customer domain already has Google Workspace
begin
reseller_service.get_customer(CUSTOMER_DOMAIN)
abort('Customer already exists if call succeeds')
rescue Google::Apis::ClientError => ex
if ex.status_code == 404
puts 'Domain available for Google Workspace creation'
else
raise ex
end
end
# Create customer resource
customer = Google::Apis::ResellerV1::Customer.new(
customer_domain: CUSTOMER_DOMAIN,
alternate_email: 'marty.mcfly@gmail.com',
postal_address: {
contact_name: 'Marty McFly',
organization_name: 'Acme Corp',
country_code: 'US',
postal_code: '10009'})
response = reseller_service.insert_customer(customer)
puts response.inspect
# Create first admin user
user = Google::Apis::AdminDirectoryV1::User.new(
name: {
given_name: 'Marty',
family_name: 'McFly',
full_name: 'Marty McFly'
},
password: 'Timecircuit88',
primary_email: 'marty.mcfly@' + CUSTOMER_DOMAIN,
)
response = directory_service.insert_user(user)
puts response.inspect
# Promote user to admin status
admin_status = Google::Apis::AdminDirectoryV1::UserMakeAdmin.new(
status: true
)
response = directory_service.make_user_admin('marty.mcfly@' + CUSTOMER_DOMAIN, admin_status)
# Create subscription resource
subscription = Google::Apis::ResellerV1::Subscription.new(
customer_id: CUSTOMER_DOMAIN,
sku_id: '1010020027',
plan: {
plan_name: 'ANNUAL_MONTHLY_PAY'
},
seats: {
number_of_seats: 5,
},
renewal_settings: {
renewal_type: 'RENEW_CURRENT_USERS_MONTHLY_PAY'
}
)
response = reseller_service.insert_subscription(CUSTOMER_DOMAIN, subscription)
puts response.inspect
# Verify domain and designate domain owners
webResource = Google::Apis::SiteVerificationV1::SiteVerificationWebResourceResource.new(
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN
},
owners: ['marty.mcfly@' + CUSTOMER_DOMAIN]
)
response = verification_service.insert_web_resource('DNS_TXT', webResource)
puts response.inspect
Node.js
// NOTE: This script needs googleapis 28.0.0 or later as it uses promises
const {google} = require('googleapis');
// ############## REPLACE WITH YOUR OWN VALUES ####################
const JSON_PRIVATE_KEY_FILE = 'path/to/json_key_file.json';
const RESELLER_ADMIN_USER = 'admin@yourresellerdomain.com';
const CUSTOMER_DOMAIN = 'example.com';
const CUSTOMER_SITE = 'https://www.example.com/';
// ################################################################
// Full List of scopes: https://developers.google.com/identity/protocols/googlescopes
const OAUTH2_SCOPES = [
'https://reseller.googleapis.com/auth/apps.order',
'https://reseller.googleapis.com/auth/siteverification',
'https://reseller.googleapis.com/auth/admin.directory.user',
];
const authJWT = new google.auth.JWT({
keyFile: JSON_PRIVATE_KEY_FILE,
scopes: OAUTH2_SCOPES,
subject: RESELLER_ADMIN_USER,
});
const resellerService = google.reseller({version: 'v1', auth: authJWT});
const directoryService = google.admin({version: 'directory_v1', auth: authJWT});
const verificationService = google.siteVerification({version: 'v1', auth: authJWT});
// Run all the steps one after each other, and exit as soon as one of them fail
Promise.resolve()
.then(() => {
/**
* Retrieve the site verification token and place it according to:
* https://developers.google.com/site-verification/v1/getting_started#tokens
*/
const getTokenPromise = verificationService.webResource.getToken({
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
verificationMethod: 'DNS_TXT',
}
}).then(({data}) => {
console.log(data);
return data;
});
return getTokenPromise;
})
.then(() => {
// Determine if customer domain already has Google Workspace
const getCustomerPromise = resellerService.customers.get({
customerId: CUSTOMER_DOMAIN
}).then(() => {
throw new Error('Customer already exists');
}, resErr => {
if (resErr.code === 404) {
console.log('Domain available for Google Workspace creation');
} else {
throw resErr;
}
});
return getCustomerPromise;
})
.then(() => {
// Create customer resource
const insertCustomerPromise = resellerService.customers.insert({
requestBody: {
customerDomain: CUSTOMER_DOMAIN,
alternateEmail: 'marty.mcfly@gmail.com',
postalAddress: {
contactName: 'Marty McFly',
organizationName: 'Acme Corp',
postalCode: '10009',
countryCode: 'US',
}
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertCustomerPromise;
})
.then(() => {
// Create first admin user
const insertUserPromise = directoryService.users.insert({
requestBody: {
primaryEmail: `marty.mcfly@${CUSTOMER_DOMAIN}`,
name: {
givenName: 'Marty',
familyName: 'McFly',
},
password: 'Timecircuit88',
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertUserPromise;
}).then(() => {
// Promote user to admin status
const makeAdminPromise = directoryService.users.makeAdmin({
userKey: `marty.mcfly@${CUSTOMER_DOMAIN}`,
requestBody: {
status: true
}
});
return makeAdminPromise;
})
.then(() => {
// Create subscription resource
const insertSubscriptionPromise = resellerService.subscriptions.insert({
customerId: CUSTOMER_DOMAIN,
requestBody: {
customerId: CUSTOMER_DOMAIN,
skuId: '1010020027',
plan: {
planName: 'ANNUAL_MONTHLY_PAY',
},
seats: {
numberOfSeats: 5,
},
renewalSettings: { // only relevant for annual plans
renewalType: 'RENEW_CURRENT_USERS_MONTHLY_PAY',
}
}
}).then(({data}) => {
console.log(data);
return data;
});
return insertSubscriptionPromise;
})
.then(() => {
// Verify domain and designate domain owners
const verifyDomainPromise = verificationService.webResource.insert({
verificationMethod: 'DNS_TXT',
requestBody: {
site: {
type: 'INET_DOMAIN',
identifier: CUSTOMER_DOMAIN,
},
owners: [`marty.mcfly@${CUSTOMER_DOMAIN}`],
}
}).then(({data}) => {
console.log(data);
return data;
});
return verifyDomainPromise;
})
.catch(err => {
console.error('Error:', err.message);
if (err.code) {
console.log('Error code:', err.code);
}
if (err.errors) {
console.log('Details:', err.errors);
}
});