Customer has disabled reseller access to the Admin SDK as detailed in
this support article.
Recommendation
Message customer to re-enable if access to the Admin SDK is critical for management of customer.
403:forbidden
Cause
Either Reseller does not own customer, or customer has disabled reseller access
to their admin console as detailed in this support
article.
Recommendation
Either call customers.get
before making these calls to verify reseller ownership of customer, or message
customer to re-enable reseller access to their Admin console if it is critical
for management of customer.
users.get
400:badRequest
Cause
Incorrect parameter value was passed into method. Most common parameter at fault is userKey.
Recommendation
Verify that the value passed into the userKey parameter
is either the user's primary email address, alias email address, or unique user ID.
403:forbidden
Cause
Either reseller does not own customer, or customer has disabled reseller access
to their admin console as detailed in this support
article.
Recommendation
Either call customers.get
before making these calls to verify reseller ownership of customer, or message
customer to re-enable reseller access to their Admin console if it is critical
for management of customer.
403:usageLimits.accessNotConfigured
Cause
API is not enabled in the cloud project.
Recommendation
Go to cloud console and enable respective API in cloud project.
users.insert
403:forbidden
Cause
Either reseller does not own customer, or customer has disabled reseller access
to their admin console as detailed in this support
article.
Recommendation
Either call customers.get
before making these calls to verify reseller ownership of customer, or message
customer to re-enable reseller access to their Admin console if it is critical
for management of customer.
403:usageLimits.accessNotConfigured
Cause
API is not enabled in the cloud project.
Recommendation
Go to cloud console and enable respective API in cloud project.
Current Google Workspace account being created/managed
Another Google product (not Google Workspace)
Recommendation
Call users.get and if you get a successful 200 response then the user already exists in the customer's Google Workspace Account.
If users.get returns 403 forbidden, then either:
Primary email has been used previously for a different Google product and the customer domain must first be verified before this user can successfully be added.
Domain in primary email parameter is not a resold customer of reseller
If you have the ability to verify the customer domain:
Create a temporary admin user (e.g. temp@domain.com) using users.insert and continue provisioning to final domain verification step
When verifying domain, add the temporary user into the owners[] parameter of the request body for the webResource.insert call. Make this call until 200 response received.
Once verified, rename temporary username to original desired name using either users.patch or users.update
If you don't have the ability to verify the customer domain:
Insert a temporary user (e.g. temp@domain.com)
Have your customer sign in using the temporary user and verify their domain through the admin console
Once domain is verified, customer may rename to original desired name OR you may rename on their behalf
412:limitExceeded
Cause
The customer has reached their maximum seat limit.
Incorrect parameter value was passed into method. Most common parameters at fault:
customer
domain
Recommendation
Verify the following parameters:
customer - Only pass the customerId that was generated by Google into this parameter.. Do not pass the actual customer domain into this parameter.
domain - Only pass the actual customer domain into this parameter. Do not pass the customerId that was generated by Google into this parameter.
Resellers are encouraged to use the customer parameter when calling this method because if a customer has secondary domains, calling users.list with the domain parameter will only return users with email addresses on that particular domain.
403:domainCannotUseApis
Cause
Customer has disabled reseller access to the Admin SDK as detailed in
this support article.
Recommendation
To get the count of current licensed users, instead of calling the
users.list method, use the
licensedNumberOfSeats
field from the subscription resource, as the access to the Reseller API
cannot be restricted by the customer.
If it is critical to get more details on users, communicate with the customer
so they re-enable the API access using the process described in
this support article.
403:forbidden
Cause
Either reseller does not own customer, or customer has disabled reseller access
to their admin console as detailed in this support
article.
Recommendation
Either call customers.get
before making these calls to verify reseller ownership of customer, or message
customer to re-enable reseller access to their Admin console if it is critical
for management of customer.
403:usageLimits.accessNotConfigured
Cause
API is not enabled in the cloud project.
Recommendation
Go to cloud console and enable Directory API in cloud project.