Directory API

`domains.list`

403:domainCannotUseApis

Cause
Customer has disabled reseller access to the Admin SDK as detailed in this support article.

Recommendation
Message customer to re-enable if access to the Admin SDK is critical for management of customer.

403:forbidden

Cause
Either Reseller does not own customer, or customer has disabled reseller access to their admin console as detailed in this support article.

Recommendation
Either call `customers.get` before making these calls to verify reseller ownership of customer, or message customer to re-enable reseller access to their Admin console if it is critical for management of customer.

`users.get`

400:badRequest

Cause
Incorrect parameter value was passed into method. Most common parameter at fault is `userKey`.

Recommendation
Verify that the value passed into the `userKey` parameter is either the user's primary email address, alias email address, or unique user ID.

403:forbidden

Cause
Either reseller does not own customer, or customer has disabled reseller access to their admin console as detailed in this support article.

Recommendation
Either call `customers.get` before making these calls to verify reseller ownership of customer, or message customer to re-enable reseller access to their Admin console if it is critical for management of customer.

403:usageLimits.accessNotConfigured

Cause
API is not enabled in the cloud project.

Recommendation
Go to cloud console and enable respective API in cloud project.

`users.insert`

403:forbidden

Cause
Either reseller does not own customer, or customer has disabled reseller access to their admin console as detailed in this support article.

Recommendation
Either call `customers.get` before making these calls to verify reseller ownership of customer, or message customer to re-enable reseller access to their Admin console if it is critical for management of customer.

403:usageLimits.accessNotConfigured

Cause
API is not enabled in the cloud project.

Recommendation
Go to cloud console and enable respective API in cloud project.

409:duplicate

Cause
Primary email (username@domain) already exists within: Current Google Workspace account being created/managed Another Google product (not Google Workspace)

Recommendation

Recommendation
Call `users.get` and if you get a successful 200 response then the user already exists in the customer's Google Workspace Account. If `users.get` returns 403 forbidden, then either: Primary email has been used previously for a different Google product and the customer domain must first be verified before this user can successfully be added. Domain in primary email parameter is not a resold customer of reseller If you have the ability to verify the customer domain: Create a temporary admin user (e.g. temp@domain.com) using `users.insert` and continue provisioning to final domain verification step When verifying domain, add the temporary user into the `owners[]` parameter of the request body for the `webResource.insert` call. Make this call until 200 response received. Once verified, rename temporary username to original desired name using either `users.patch` or `users.update` If you don't have the ability to verify the customer domain: Insert a temporary user (e.g. temp@domain.com) Have your customer sign in using the temporary user and verify their domain through the admin console Once domain is verified, customer may rename to original desired name OR you may rename on their behalf

Call users.get and if you get a successful 200 response then the user already exists in the customer's Google Workspace Account.

If users.get returns 403 forbidden, then either:

Primary email has been used previously for a different Google product and the customer domain must first be verified before this user can successfully be added.
Domain in primary email parameter is not a resold customer of reseller

If you have the ability to verify the customer domain:

Create a temporary admin user (e.g. temp@domain.com) using users.insert and continue provisioning to final domain verification step
When verifying domain, add the temporary user into the owners[] parameter of the request body for the webResource.insert call. Make this call until 200 response received.
Once verified, rename temporary username to original desired name using either users.patch or users.update

If you don't have the ability to verify the customer domain:

Insert a temporary user (e.g. temp@domain.com)
Have your customer sign in using the temporary user and verify their domain through the admin console
Once domain is verified, customer may rename to original desired name OR you may rename on their behalf

412:limitExceeded

Cause
The customer has reached their maximum seat limit.

Recommendation
Use `subscriptions.changeSeats` to increase customer seat limit: For FLEXIBLE, increase `maximumNumberOfSeats` For ANNUAL, increase `numberOfSeats`

`users.list`

400:badRequest

Cause
Incorrect parameter value was passed into method. Most common parameters at fault: `customer` `domain`

Recommendation

Recommendation
Verify the following parameters: `customer -` Only pass the `customerId` that was generated by Google into this parameter.. Do not pass the actual customer domain into this parameter. `domain -` Only pass the actual customer domain into this parameter. Do not pass the `customerId` that was generated by Google into this parameter. Resellers are encouraged to use the `customer` parameter when calling this method because if a customer has secondary domains, calling `users.list` with the `domain` parameter will only return users with email addresses on that particular `domain`.

Verify the following parameters:

customer - Only pass the customerId that was generated by Google into this parameter.. Do not pass the actual customer domain into this parameter.
domain - Only pass the actual customer domain into this parameter. Do not pass the customerId that was generated by Google into this parameter.

Resellers are encouraged to use the customer parameter when calling this method because if a customer has secondary domains, calling users.list with the domain parameter will only return users with email addresses on that particular domain.

403:domainCannotUseApis

Cause
Customer has disabled reseller access to the Admin SDK as detailed in this support article.

Recommendation
To get the count of current licensed users, instead of calling the `users.list` method, use the `licensedNumberOfSeats` field from the subscription resource, as the access to the Reseller API cannot be restricted by the customer. If it is critical to get more details on users, communicate with the customer so they re-enable the API access using the process described in this support article.

403:forbidden

Cause
Either reseller does not own customer, or customer has disabled reseller access to their admin console as detailed in this support article.

Recommendation
Either call `customers.get` before making these calls to verify reseller ownership of customer, or message customer to re-enable reseller access to their Admin console if it is critical for management of customer.

403:usageLimits.accessNotConfigured

Cause
API is not enabled in the cloud project.

Recommendation
Go to cloud console and enable Directory API in cloud project.